CVE-2021-34947

Name of the Vulnerable Software and Affected Versions NETGEAR R6700AX versions (affected versions not specified) NETGEAR R7800 versions (affected versions not specified) NETGEAR R8900 versions (affected versions not specified) NETGEAR R9000 versions (affected versions not specified) NETGEAR RAX10 versions (affected versions not specified) NETGEAR RAX120 versions (affected versions not specified) NETGEAR RAX120v2 versions (affected versions not specified) NETGEAR RAX70 versions (affected versions not specified) NETGEAR RAX78 versions (affected versions not specified) NETGEAR XR700 versions (affected versions not specified)

Description The issue is related to a buffer overflow when parsing the soap block table file, allowing an attacker to execute arbitrary code on affected installations of NETGEAR routers. The flaw exists due to the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of root. No authentication is required to exploit this vulnerability.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.