CVE-2021-34982

Name of the Vulnerable Software and Affected Versions NETGEAR R6400 versions R6400 through R6400v2 NETGEAR R6700 versions R6700v3 NETGEAR R6900P NETGEAR R7000 versions R7000 through R7000P NETGEAR R7850 NETGEAR R7900P NETGEAR R7960P NETGEAR R8000 versions R8000 through R8000P NETGEAR RAX15 NETGEAR RAX20 NETGEAR RAX200 NETGEAR RAX35 version RAX35v2 NETGEAR RAX38 version RAX38v2 NETGEAR RAX40 version RAX40v2 NETGEAR RAX42 NETGEAR RAX43 NETGEAR RAX45 NETGEAR RAX48 NETGEAR RAX50 versions RAX50 through RAX50S NETGEAR RAX75 NETGEAR RAX80 NETGEAR RAXE450 NETGEAR RAXE500 NETGEAR RS400 NETGEAR WNDR3400 version WNDR3400v3 NETGEAR WNR3500L version WNR3500Lv2 NETGEAR D6220 NETGEAR D6400 NETGEAR EX6120 NETGEAR EX6130 NETGEAR EX7500

Description The issue is related to a stack-based buffer overflow in the httpd service of the affected NETGEAR routers and wireless repeaters. This occurs due to the lack of validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can exploit this to execute arbitrary code in the context of root without requiring authentication. The httpd service listens on TCP port 80 by default.

Recommendations For NETGEAR R6400 versions R6400 through R6400v2, update the firmware to a version that fixes the httpd stack-based buffer overflow vulnerability. For NETGEAR R6700 versions R6700v3, update the firmware to a version that fixes the httpd stack-based buffer overflow vulnerability. For NETGEAR R6900P, update the firmware to a version that fixes the httpd stack-based buffer overflow vulnerability. For NETGEAR R7000 versions R7000 through R7000P, update the firmware to a version that fixes the httpd stack-based buffer overflow vulnerability. For NETGEAR R7850, update the firmware to a version that fixes the httpd stack-based buffer overflow vulnerability. For NETGEAR R7900P, update the firmware to a version that fixes the httpd stack-based buffer overflow vulnerability. For NETGEAR R7960P, update the firmware to a version that fixes the httpd stack-based buffer overflow vulnerability. For NETGEAR R8000 versions R8000 through R8000P, update the firmware to a version that fixes the httpd stack-based buffer overflow vulnerability. For NETGEAR RAX15, update the firmware to a version that fixes the httpd stack-based buffer overflow vulnerability. For NETGEAR RAX20, update the firmware to a version that fixes the httpd stack-based buffer overflow vulnerability. For NETGEAR RAX200, update the firmware to a version that fixes the httpd stack-based buffer overflow vulnerability. For NETGEAR RAX35 version RAX35v2, update the firmware to a version that fixes the httpd stack-based buffer overflow vulnerability. For NETGEAR RAX38 version RAX38v2, update the firmware to a version that fixes the httpd stack-based buffer overflow vulnerability. For NETGEAR RAX40 version RAX40v2, update the firmware to a version that fixes the httpd stack-based buffer overflow vulnerability. For NETGEAR RAX42, update the firmware to a version that fixes the httpd stack-based buffer overflow vulnerability. For NETGEAR RAX43, update the firmware to a version that fixes the httpd stack-based buffer overflow vulnerability. For NETGEAR RAX45, update the firmware to a version that fixes the httpd stack-based buffer overflow vulnerability. For NETGEAR RAX48, update the firmware to a version that fixes the httpd stack-based buffer overflow vulnerability. For NETGEAR RAX50 versions RAX50 through RAX50S, update the firmware to a version that fixes the httpd stack-based buffer overflow vulnerability. For NETGEAR RAX75, update the firmware to a version that fixes the httpd stack-based buffer overflow vulnerability. For NETGEAR RAX80, update the firmware to a version that fixes the httpd stack-based buffer overflow vulnerability. For NETGEAR RAXE450, update the firmware to a version that fixes the httpd stack-based buffer overflow vulnerability. For NETGEAR RAXE500, update the firmware to a version that fixes the httpd stack-based buffer overflow vulnerability. For NETGEAR RS400, update the firmware to a version that fixes the httpd stack-based buffer overflow vulnerability. For NETGEAR WNDR3400 version WNDR3400v3, update the firmware to a version that fixes the httpd stack-based buffer overflow vulnerability. For NETGEAR WNR3500L version WNR3500Lv2, update the firmware to a version that fixes the httpd stack-based buffer overflow vulnerability. For NETGEAR D6220, update the firmware to a version that fixes the httpd stack-based buffer overflow vulnerability. For NETGEAR D6400, update the firmware to a version that fixes the httpd stack-based buffer overflow vulnerability. For NETGEAR EX6120, update the firmware to a version that fixes the httpd stack-based buffer overflow vulnerability. For NETGEAR EX6130, update the firmware to a version that fixes the httpd stack-based buffer overflow vulnerability. For NETGEAR EX7500, update the firmware to a version that fixes the httpd stack-based buffer overflow vulnerability. As a temporary workaround, consider restricting access to the httpd service on TCP port 80 until a patch is available.