CVE-2021-27257

Name of the Vulnerable Software and Affected Versions: NETGEAR R7800 firmware version 1.0.2.76

Description: This issue allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations. Authentication is not required to exploit this issue. The specific flaw exists within the downloading of files via FTP, resulting from the lack of proper validation of the certificate presented by the server. An attacker can leverage this in conjunction with other issues to execute arbitrary code in the context of root.

Recommendations: For NETGEAR R7800 firmware version 1.0.2.76, consider disabling FTP file downloads until a patch is available to prevent exploitation. Restrict access to the FTP service to minimize the risk of arbitrary code execution. At the moment, there is no information about a newer version that contains a fix for this issue.