CVE-2021-27252

HIGH

NETGEAR Multiple Router and Extender Firmware - Unauthenticated OS Command Injection via DHCP Vendor-Specific Opcode

Title source: llm

Description

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R7800 firmware version 1.0.2.76. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the vendor_specific DHCP opcode. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-12216.

References (2)

Core 2

Core References

Patch, Vendor Advisory x_refsource_misc

https://kb.netgear.com/000062883/Security-Advisory-for-Multiple-Vulnerabilities-on-Some-Routers-Satellites-and-Extenders

Third Party Advisory, VDB Entry x_refsource_misc

https://www.zerodayinitiative.com/advisories/ZDI-21-248/

Scores

CVSS v3 8.8

EPSS 0.0056

EPSS Percentile 68.4%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-78

Status published

Products (43)

netgear/br200_firmware < 5.10.0.5

netgear/br500_firmware < 5.10.0.5

netgear/d7800_firmware < 1.0.1.60

netgear/ex6100v2_firmware < 1.0.1.98

netgear/ex6150_firmware < 1.0.1.98

netgear/ex6250_firmware < 1.0.0.134

netgear/ex6400_firmware < 1.0.2.158

netgear/ex6400v2_firmware < 1.0.0.134

netgear/ex6410_firmware < 1.0.0.134

netgear/ex6420_firmware < 1.0.0.134

... and 33 more

Published Apr 14, 2021

Tracked Since Feb 18, 2026