CVE-2021-45604 in CBR750info

Summary

by MITRE • 12/26/2021

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects CBR750 before 3.2.18.2, D6220 before 1.0.0.68, D6400 before 1.0.0.102, D8500 before 1.0.3.60, LAX20 before 1.1.6.28, MK62 before 1.0.6.116, MR60 before 1.0.6.116, MS60 before 1.0.6.116, R6300v2 before 1.0.4.50, R6400 before 1.0.1.68, R6400v2 before 1.0.4.118, R6700v3 before 1.0.4.118, R6900P before 1.3.3.140, R7000 before 1.0.11.116, R7000P before 1.3.3.140, R7850 before 1.0.5.68, R7900 before 1.0.4.38, R7900P before 1.4.2.84, R7960P before 1.4.2.84, R8000 before 1.0.4.68, R8000P before 1.4.2.84, RAX15 before 1.0.3.96, RAX20 before 1.0.3.96, RAX200 before 1.0.4.120, RAX35v2 before 1.0.3.96, RAX40v2 before 1.0.3.96, RAX43 before 1.0.3.96, RAX45 before 1.0.3.96, RAX50 before 1.0.3.96, RAX75 before 1.0.4.120, RAX80 before 1.0.4.120, RBK752 before 3.2.17.12, RBK852 before 3.2.17.12, RBR750 before 3.2.17.12, RBR850 before 3.2.17.12, RBS750 before 3.2.17.12, RBS850 before 3.2.17.12, RS400 before 1.5.1.80, and XR1000 before 1.0.0.58.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Analysis

by VulDB Data Team • 12/28/2021

This vulnerability represents a critical stack-based buffer overflow flaw that affects numerous NETGEAR wireless routers and networking devices, specifically targeting authenticated users who can exploit the vulnerability through legitimate administrative access. The issue stems from improper input validation within the device's web interface handling mechanisms, creating a condition where maliciously crafted input can overwrite adjacent memory locations on the stack. According to CWE-121, this classification indicates a classic stack-based buffer overflow vulnerability where the attacker can manipulate memory layout to execute arbitrary code or cause denial of service conditions. The affected devices span multiple product lines including popular models like R7000, R7900, R8000, and various RAX series routers, with specific version ranges indicating the scope of impacted firmware implementations.

The operational impact of this vulnerability extends beyond simple denial of service scenarios, as authenticated attackers with administrative privileges can leverage this flaw to execute arbitrary code on affected devices. This capability directly aligns with ATT&CK technique T1059.007 for command and scripting interpreter, and potentially T1068 for exploit for privilege escalation. The buffer overflow allows for memory corruption that can lead to complete system compromise, enabling attackers to gain persistent access to the network infrastructure. The vulnerability affects devices that may be deployed in both residential and enterprise environments, making it particularly concerning for organizations that rely on NETGEAR networking equipment for critical operations. Attackers could potentially use this vulnerability to establish backdoors, redirect traffic, or exfiltrate sensitive network information from within the device's memory space.

Mitigation strategies should focus on immediate firmware updates from NETGEAR, as the vendor has released patches addressing this specific vulnerability in versions beyond the affected ranges mentioned in the CVE. Network segmentation and monitoring of administrative access logs become crucial defensive measures, as the vulnerability requires authenticated access but provides high-impact exploitation capabilities once accessed. Implementing network access controls to limit administrative access to only trusted users and systems helps reduce the attack surface. Security teams should also conduct comprehensive vulnerability assessments to identify all affected devices within their networks and establish monitoring procedures for anomalous administrative activities. The vulnerability demonstrates the importance of input validation in web-based administrative interfaces and reinforces the need for proper memory management practices in embedded networking equipment, particularly when handling user-supplied data through web forms and configuration parameters.

Responsible

MITRE

Reservation

12/25/2021

Disclosure

12/26/2021

Moderation

accepted

CPE

ready

EPSS

0.00369

KEV

no

Activities

very low

Sources

Want to know what is going to be exploited?

We predict KEV entries!