#VU56975 Out-of-bounds write in NETGEAR products - CVE-2021-34947

Vulnerability identifier: #VU56975

Vulnerability risk: Medium

CVSSv4.0: 6.3 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2021-34947

CWE-ID: CWE-787

Exploitation vector: Local network

Exploit availability: No

Vulnerable software:
R6700AX
Hardware solutions / Routers for home users
R7800
Hardware solutions / Routers for home users
R8900
Hardware solutions / Routers for home users
R9000
Hardware solutions / Routers for home users
RAX10
Hardware solutions / Routers for home users
RAX120
Hardware solutions / Routers for home users
RAX120v2
Hardware solutions / Routers for home users
RAX70
Hardware solutions / Routers for home users
RAX78
Hardware solutions / Routers for home users
XR700
Hardware solutions / Routers for home users

Vendor: NETGEAR

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error within the parsing of the soap_block_table file. A remote attacker on the local network can trigger out-of-bounds write and execute arbitrary code on the target system.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

R6700AX: before 1.0.5.108

R7800: before 1.0.2.84

R8900: before 1.0.5.36

R9000: before 1.0.5.36

RAX10: before 1.0.5.108

RAX120: before 1.2.2.24

RAX120v2: before 1.2.2.24

RAX70: before 1.0.5.108

RAX78: before 1.0.5.108

XR700: before 1.0.1.44

---

External links
https://www.zerodayinitiative.com/advisories/ZDI-21-1116/
https://kb.netgear.com/000064044/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Routers-PSV-2021-0129

---

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.