430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Netgear fixes code execution flaw in many SOHO devices

Netgear addressed a code execution vulnerability, tracked as CVE-2021-34991, in its small office/home office (SOHO) devices. Netgear addressed a pre-authentication buffer overflow issue in its small office/home office (SOHO) devices that can be exploited by an attacker on the local area network (LAN) to execute code remotely with root privileges. The flaw, tracked as CVE-2021-34991 […]

Netgear Nighthawk R6700v3

Netgear addressed a code execution vulnerability, tracked as CVE-2021-34991, in its small office/home office (SOHO) devices.

Netgear addressed a pre-authentication buffer overflow issue in its small office/home office (SOHO) devices that can be exploited by an attacker on the local area network (LAN) to execute code remotely with root privileges.

The flaw, tracked as CVE-2021-34991 (CVSS score of 8.8), resides in the device’s Universal Plug-and-Play (UPnP) upnpd daemon functions related to the handling of “unauthenticated HTTP SUBSCRIBE and UNSUBSCRIBE requests from clients that wish to receive updates whenever the network’s UPnP configuration changes.”

The vulnerability was discovered by GRIMM researchers who also created a PoC exploit to compromise fully patched Netgear devices in the default configuration.

“This stack overflow is a traditional stack overflow that is not protected by any modern vulnerability mitigations.” reads the post published by GRIMM. “However, exploitation of this stack overflow is complicated by a few factors:

  1. Prior to overflowing the stack, the buffer with the user’s input is converted to lowercase. As a result, the exploit cannot use any gadgets which contain bytes with capital letters (ASCII 0x41-0x5A).
  2. The copy which overflows the stack is a string copy. As such, it will stop copying characters if it encounters a NULL character. Thus, the exploit cannot include gadgets with NULL bytes.

While the first limitation can be easily avoided by carefully choosing gadgets, the second limitation is much more difficult to bypass.”

Below is the list of impacted Netgear SOHO devices that includes routers, modems, and WiFi range extenders:

Vulnerable Devices
AC1450 – 1.0.0.36D6220 – 1.0.0.72D6300 – 1.0.0.102
D6400 – 1.0.0.104D7000v2 – 1.0.0.66D8500 – 1.0.3.60
DC112A – 1.0.0.56DGN2200v4 – 1.0.0.116DGN2200M – 1.0.0.35
DGND3700v1 – 1.0.0.17EX3700 – 1.0.0.88EX3800 – 1.0.0.88
EX3920 – 1.0.0.88EX6000 – 1.0.0.44EX6100 – 1.0.2.28
EX6120 – 1.0.0.54EX6130 – 1.0.0.40EX6150 – 1.0.0.46
EX6920 – 1.0.0.54EX7000 – 1.0.1.94MVBR1210C – 1.2.0.35BM
R4500 – 1.0.0.4R6200 – 1.0.1.58R6200v2 – 1.0.3.12
R6250 – 1.0.4.48R6300 – 1.0.2.80R6300v2 – 1.0.4.52
R6400 – 1.0.1.72R6400v2 – 1.0.4.106R6700 – 1.0.2.16
R6700v3 – 1.0.4.118R6900 – 1.0.2.16R6900P – 1.3.2.134
R7000 – 1.0.11.123R7000P – 1.3.2.134R7300DST – 1.0.0.74
R7850 – 1.0.5.68R7900 – 1.0.4.38R8000 – 1.0.4.68
R8300 – 1.0.2.144R8500 – 1.0.2.136RS400 – 1.5.0.68
WGR614v9 – 1.2.32WGT624v4 – 2.0.13WNDR3300v1 – 1.0.45
WNDR3300v2 – 1.0.0.26WNDR3400v1 – 1.0.0.52WNDR3400v2 – 1.0.0.54
WNDR3400v3 – 1.0.1.38WNDR3700v3 – 1.0.0.42WNDR4000 – 1.0.2.10
WNDR4500 – 1.0.1.46WNDR4500v2 – 1.0.0.72WNR834Bv2 – 2.1.13
WNR1000v3 – 1.0.2.78WNR2000v2 – 1.2.0.12WNR3500 – 1.0.36NA
WNR3500v2 – 1.2.2.28NAWNR3500L – 1.2.2.48NAWNR3500Lv2 – 1.2.0.66
XR300 – 1.0.3.56

Netgear released security patches that fix the vulnerability in multiple devices and announced that it is testing additional firmware fixes.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Netgear)

[adrotate banner=”5″]

[adrotate banner=”13″]