CVE-2021-31802

Beschreibung:
NETGEAR R7000 1.0.11.116 devices have a heap-based Buffer Overflow that is exploitable from the local network without authentication. The vulnerability exists within the handling of an HTTP request. An attacker can leverage this to execute code as root. The problem is that a user-provided length value is trusted during a backup.cgi file upload. The attacker must add a n before the Content-Length header.

CWE: CWE-787

CVSS-Bewertung
CVSS 2: HIGH – 8.3 (Version: 2.0)
CVSS 3: HIGH – 8.8 (Version: 3.1)

Links:

NVD – CVE-2021-31802
CVE – CVE-2021-31802

Link (max. 20) Quelle Tags
https://ssd-disclosure.com/ssd-advisory-netgear-nighthawk-r7000-httpd-preauth-rce/ MISC Exploit Third Party Advisory
https://www.netgear.com/about/security/ MISC Vendor Advisory Patch Third Party Advisory Vendor Advisory
https://snyk.io/vuln/SNYK-JS-POSTCSS-1255640 MISC Exploit Patch Third Party Advisory
GLSA-202104-08 GENTOO Third Party Advisory
FEDORA-2021-c3754414e7 FEDORA
FEDORA-2021-ff893e12c5 FEDORA

Quelle: NVD – CVE-2021-31802
Datum Veröffentlichung: 2021-04-26T13:15Z, Datum letzte Änderung: 2021-05-06T20:38Z