PT-2021-6274 · NetGear · Netgear Rax43

Evan Grant

Published

2021-12-30

Updated

2022-01-07

CVE-2021-20166

CVSS v3.1

8.8

High

Vector

AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Netgear RAX43 version 1.0.3.96

Description The issue is caused by a buffer overrun vulnerability in the URL parsing functionality of the cgi-bin endpoint. This can allow a remote attacker to impact the confidentiality, integrity, and availability of protected information by potentially redirecting the control flow of the application.

Recommendations For Netgear RAX43 version 1.0.3.96, consider restricting access to the cgi-bin endpoint until a patch is available. As a temporary workaround, avoid using the vulnerable URL parsing functionality in the cgi-bin endpoint to minimize the risk of exploitation.

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-120

Related Identifiers

BDU:2022-01224

CVE-2021-20166

Affected Products

Netgear Rax43

PT-2021-6274 · NetGear · Netgear Rax43

CVE-2021-20166

Weakness Enumeration

Related Identifiers

Affected Products

References · 4