N
ETGEAR R7800 net-cgi Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R7800 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of the soap_block_table file. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of root. . Was ZDI-CAN-13055.
References
| Link | Resource |
|---|---|
| https://kb.netgear.com/000064044/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Routers-PSV-2021-0129 | Third Party Advisory |
| https://www.zerodayinitiative.com/advisories/ZDI-21-1116/ | Third Party Advisory |
| https://kb.netgear.com/000064044/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Routers-PSV-2021-0129 | Third Party Advisory |
| https://www.zerodayinitiative.com/advisories/ZDI-21-1116/ | Third Party Advisory |
Configurations
Configuration 1 (hide)
| AND |
|
Configuration 2 (hide)
| AND |
|
Configuration 3 (hide)
| AND |
|
Configuration 4 (hide)
| AND |
|
Configuration 5 (hide)
| AND |
|
Configuration 6 (hide)
| AND |
|
Configuration 7 (hide)
| AND |
|
Configuration 8 (hide)
| AND |
|
Configuration 9 (hide)
| AND |
|
Configuration 10 (hide)
| AND |
|
Configuration 11 (hide)
| AND |
|
Configuration 12 (hide)
| AND |
|
Configuration 13 (hide)
| AND |
|
Configuration 14 (hide)
| AND |
|
Configuration 15 (hide)
| AND |
|
Configuration 16 (hide)
| AND |
|
Configuration 17 (hide)
| AND |
|
Configuration 18 (hide)
| AND |
|
Configuration 19 (hide)
| AND |
|
Configuration 20 (hide)
| AND |
|
Configuration 21 (hide)
| AND |
|
Configuration 22 (hide)
| AND |
|
Configuration 23 (hide)
| AND |
|
Configuration 24 (hide)
| AND |
|
Configuration 25 (hide)
| AND |
|
Configuration 26 (hide)
| AND |
|
Configuration 27 (hide)
| AND |
|
Configuration 28 (hide)
| AND |
|
Configuration 29 (hide)
| AND |
|
Configuration 30 (hide)
| AND |
|
Configuration 31 (hide)
| AND |
|
Configuration 32 (hide)
| AND |
|
Configuration 33 (hide)
| AND |
|
Configuration 34 (hide)
| AND |
|
Configuration 35 (hide)
| AND |
|
Configuration 36 (hide)
| AND |
|
Configuration 37 (hide)
| AND |
|
Configuration 38 (hide)
| AND |
|
Configuration 39 (hide)
| AND |
|
Configuration 40 (hide)
| AND |
|
Configuration 41 (hide)
| AND |
|
History
14 Aug 2025, 01:42
| Type | Values Removed | Values Added |
|---|---|---|
| First Time |
Netgear xr700 Firmware
Netgear rax78 Firmware Netgear ex6500v1 Firmware Netgear ex6420 Firmware Netgear ex6150 Netgear ex6420 Netgear ex6100 Netgear ex6150 Firmware Netgear rbs20 Netgear ex6410 Firmware Netgear lbr1020 Firmware Netgear xr450 Netgear xr500 Firmware Netgear ex6410 Netgear rbr20 Firmware Netgear ex2700 Netgear rbs50 Netgear rbr50 Firmware Netgear ex8000 Netgear wnr2000v5 Firmware Netgear ex7320 Netgear r6700ax Netgear ex6400 Firmware Netgear ex6200 Netgear rbs40 Firmware Netgear r7800 Netgear rbs40 Netgear rbr10 Netgear ex7300 Firmware Netgear rax120 Netgear ex7300v2 Netgear rbr10 Firmware Netgear r6700ax Firmware Netgear rbr20 Netgear rax10 Firmware Netgear rbs10 Firmware Netgear ex7700 Netgear ex7700 Firmware Netgear ex6250 Netgear ex6500v1 Netgear ex8000 Firmware Netgear rbr50 Netgear wn3000rpv2 Netgear xr700 Netgear ex7320 Firmware Netgear r9000 Netgear ex2700 Firmware Netgear d7800 Firmware Netgear wnr2000v5 Netgear ex6200 Firmware Netgear rbr40 Firmware Netgear ex6100 Firmware Netgear rbs50y Netgear d7800 Netgear ex6250 Firmware Netgear r9000 Firmware Netgear rax70 Firmware Netgear rbs10 Netgear lbr1020 Netgear ex6400v2 Netgear rax70 Netgear Netgear r8900 Firmware Netgear rbr40 Netgear ex6400 Netgear ex6400v2 Firmware Netgear r7800 Firmware Netgear wn3000rpv2 Firmware Netgear rax78 Netgear ex7300 Netgear rax120v2 Firmware Netgear lbr20 Firmware Netgear lbr20 Netgear r8900 Netgear xr500 Netgear rbs20 Firmware Netgear rbs50y Firmware Netgear rax10 Netgear xr450 Firmware Netgear ex7300v2 Firmware Netgear rax120v2 Netgear rax120 Firmware Netgear rbs50 Firmware |
|
| CPE | cpe:2.3:o:netgear:wn3000rpv2_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:netgear:wnr2000v5_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:netgear:xr700:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:ex7300v2:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:rax70:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:ex2700:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:rbs10_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:netgear:rbs10:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:ex6400:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:ex6400v2:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:r8900:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:rbs50y_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:netgear:xr700_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:netgear:wn3000rpv2:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:ex7320:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:xr500_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:netgear:rbr40_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:netgear:lbr1020:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:rbr20_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:netgear:ex7700:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:rbr10:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:r6700ax_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:netgear:ex6500v1:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:ex6420_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:netgear:r9000:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:rbr40:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:rax70_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:netgear:xr500:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:rax78_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:netgear:xr450:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:d7800:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:rax120v2_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:netgear:ex6250:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:r7800_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:netgear:rax78:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:rbs50y:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:wnr2000v5:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:ex6150_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:netgear:rbr10_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:netgear:rbr50_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:netgear:rax120v2:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:ex6100:v2:*:*:*:*:*:*:* cpe:2.3:h:netgear:r7800:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:ex7300_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:netgear:ex6250_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:netgear:d7800_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:netgear:r8900_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:netgear:rax120_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:netgear:ex7700_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:netgear:ex6100_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:netgear:rax10:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:rbs20_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:netgear:rbs40_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:netgear:r6700ax:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:ex6500v1_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:netgear:rbs50:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:ex6200_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:netgear:rbr50:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:xr450_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:netgear:ex6150:v2:*:*:*:*:*:*:* cpe:2.3:h:netgear:ex6420:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:rbs40:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:lbr20:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:ex2700_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:netgear:ex7300v2_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:netgear:ex8000_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:netgear:ex6400_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:netgear:rbr20:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:lbr1020_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:netgear:ex8000:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:rax10_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:netgear:rbs20:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:ex7320_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:netgear:ex6200:v2:*:*:*:*:*:*:* cpe:2.3:o:netgear:lbr20_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:netgear:ex6410:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:rbs50_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:netgear:r9000_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:netgear:ex6400v2_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:netgear:ex6410_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:netgear:ex7300:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:rax120:-:*:*:*:*:*:*:* |
|
| References | () https://kb.netgear.com/000064044/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Routers-PSV-2021-0129 - Third Party Advisory | |
| References | () https://www.zerodayinitiative.com/advisories/ZDI-21-1116/ - Third Party Advisory |
21 Nov 2024, 06:11
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://kb.netgear.com/000064044/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Routers-PSV-2021-0129 - | |
| References | () https://www.zerodayinitiative.com/advisories/ZDI-21-1116/ - |
08 May 2024, 13:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2024-05-07 23:15
Updated : 2025-08-14 01:42
NVD link : CVE-2021-34947
Mitre link : CVE-2021-34947
CVE.ORG link : CVE-2021-34947
JSON object : View
Products Affected
- rbs40
- ex2700_firmware
- rax10
- rbr40_firmware
- d7800
- ex7300_firmware
- ex6400_firmware
- ex6400v2_firmware
- xr700_firmware
- ex2700
- r9000_firmware
- ex7300v2_firmware
- rbr10
- ex8000_firmware
- lbr20_firmware
- rbs50y_firmware
- ex6410_firmware
- rbs10
- ex6250
- rax120v2
- rbs20
- r9000
- rbs50y
- ex7300v2
- ex6150
- rax78
- rax120_firmware
- r6700ax
- xr450
- rbr40
- ex6400
- r8900
- rbr20
- r8900_firmware
- rbs50_firmware
- ex6150_firmware
- lbr1020
- ex6410
- r6700ax_firmware
- xr500
- ex7700
- ex6500v1_firmware
- ex6100_firmware
- ex6500v1
- ex8000
- ex6200
- rax120
- lbr1020_firmware
- rax78_firmware
- rbr10_firmware
- ex6420
- ex7320
- rax10_firmware
- wnr2000v5
- ex6400v2
- rbr50
- ex6200_firmware
- rbr50_firmware
- ex7320_firmware
- rbs20_firmware
- wn3000rpv2_firmware
- ex6420_firmware
- r7800
- wn3000rpv2
- rbr20_firmware
- rbs40_firmware
- d7800_firmware
- rax70
- xr700
- lbr20
- rax70_firmware
- rbs50
- ex6100
- rbs10_firmware
- wnr2000v5_firmware
- ex6250_firmware
- ex7700_firmware
- xr450_firmware
- ex7300
- r7800_firmware
- xr500_firmware
- rax120v2_firmware
CWE
CWE-787
Out-of-bounds Write