CVE-2021-34983

Name of the Vulnerable Software and Affected Versions NETGEAR R6400 versions R6400 through R6400v2 NETGEAR R6700 versions R6700v3 NETGEAR R6900P NETGEAR R7000 versions R7000 through R7000P NETGEAR R7850 NETGEAR R7900P NETGEAR R7960P NETGEAR R8000 versions R8000 through R8000P NETGEAR RAX15 NETGEAR RAX20 NETGEAR RAX200 NETGEAR RAX35 version RAX35v2 NETGEAR RAX38 version RAX38v2 NETGEAR RAX40 version RAX40v2 NETGEAR RAX42 NETGEAR RAX43 NETGEAR RAX45 NETGEAR RAX48 NETGEAR RAX50 versions RAX50 through RAX50S NETGEAR RAX75 NETGEAR RAX80 NETGEAR RAXE450 NETGEAR RAXE500 NETGEAR RS400 NETGEAR WNDR3400 version WNDR3400v3 NETGEAR WNR3500L version WNR3500Lv2 NETGEAR D6220 NETGEAR D6400 NETGEAR EX6120 NETGEAR EX6130 NETGEAR EX7500

Description The issue is related to a buffer copy without checking the size of the input data in the httpd service of the NETGEAR router's firmware. This can be exploited by a remote attacker to execute arbitrary code. The specific flaw exists within the httpd service, which listens on TCP port 80 by default. The issue results from the lack of authentication prior to allowing access to system configuration information. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise.

Recommendations For NETGEAR R6400 versions R6400 through R6400v2, update the firmware to a version that addresses the missing authentication issue in the httpd service. For NETGEAR R6700 versions R6700v3, update the firmware to a version that addresses the missing authentication issue in the httpd service. For NETGEAR R6900P, update the firmware to a version that addresses the missing authentication issue in the httpd service. For NETGEAR R7000 versions R7000 through R7000P, update the firmware to a version that addresses the missing authentication issue in the httpd service. For NETGEAR R7850, update the firmware to a version that addresses the missing authentication issue in the httpd service. For NETGEAR R7900P, update the firmware to a version that addresses the missing authentication issue in the httpd service. For NETGEAR R7960P, update the firmware to a version that addresses the missing authentication issue in the httpd service. For NETGEAR R8000 versions R8000 through R8000P, update the firmware to a version that addresses the missing authentication issue in the httpd service. For NETGEAR RAX15, update the firmware to a version that addresses the missing authentication issue in the httpd service. For NETGEAR RAX20, update the firmware to a version that addresses the missing authentication issue in the httpd service. For NETGEAR RAX200, update the firmware to a version that addresses the missing authentication issue in the httpd service. For NETGEAR RAX35 version RAX35v2, update the firmware to a version that addresses the missing authentication issue in the httpd service. For NETGEAR RAX38 version RAX38v2, update the firmware to a version that addresses the missing authentication issue in the httpd service. For NETGEAR RAX40 version RAX40v2, update the firmware to a version that addresses the missing authentication issue in the httpd service. For NETGEAR RAX42, update the firmware to a version that addresses the missing authentication issue in the httpd service. For NETGEAR RAX43, update the firmware to a version that addresses the missing authentication issue in the httpd service. For NETGEAR RAX45, update the firmware to a version that addresses the missing authentication issue in the httpd service. For NETGEAR RAX48, update the firmware to a version that addresses the missing authentication issue in the httpd service. For NETGEAR RAX50 versions RAX50 through RAX50S, update the firmware to a version that addresses the missing authentication issue in the httpd service. For NETGEAR RAX75, update the firmware to a version that addresses the missing authentication issue in the httpd service. For NETGEAR RAX80, update the firmware to a version that addresses the missing authentication issue in the httpd service. For NETGEAR RAXE450, update the firmware to a version that addresses the missing authentication issue in the httpd service. For NETGEAR RAXE500, update the firmware to a version that addresses the missing authentication issue in the httpd service. For NETGEAR RS400, update the firmware to a version that addresses the missing authentication issue in the httpd service. For NETGEAR WNDR3400 version WNDR3400v3, update the firmware to a version that addresses the missing authentication issue in the httpd service. For NETGEAR WNR3500L version WNR3500Lv2, update the firmware to a version that addresses the missing authentication issue in the httpd service. For NETGEAR D6220, update the firmware to a version that addresses the missing authentication issue in the httpd service. For NETGEAR D6400, update the firmware to a version that addresses the missing authentication issue in the httpd service. For NETGEAR EX6120, update the firmware to a version that addresses the missing authentication issue in the httpd service. For NETGEAR EX6130, update the firmware to a version that addresses the missing authentication issue in the httpd service. For NETGEAR EX7500, update the firmware to a version that addresses the missing authentication issue in the httpd service. At the moment, there is no information about a newer version that contains a fix for this vulnerability.