CVE-2021-34865

Name of the Vulnerable Software and Affected Versions: NETGEAR Multiple Routers (affected versions not specified)

Description: This issue allows network-adjacent attackers to bypass authentication on affected installations of multiple NETGEAR routers. No authentication is required to exploit this issue. The flaw exists within the mini httpd service, which listens on TCP port 80 by default. The issue results from incorrect string matching logic when accessing protected pages. An attacker can leverage this issue to escalate privileges and execute arbitrary code in the context of root.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this issue.