CVE-2021-31802

HIGH

Netgear R7000 Firmware < 1.0.11.116 - Out-of-Bounds Write

Title source: rule

Description

NETGEAR R7000 1.0.11.116 devices have a heap-based Buffer Overflow that is exploitable from the local network without authentication. The vulnerability exists within the handling of an HTTP request. An attacker can leverage this to execute code as root. The problem is that a user-provided length value is trusted during a backup.cgi file upload. The attacker must add a \n before the Content-Length header.

Exploits (1)

metasploit WORKING POC

by colorlight2019, SSD Disclosure, Grant Willcox (tekwizz123) · rubypoclinux

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/admin/http/netgear_r7000_backup_cgi_heap_overflow_rce.rb

View Code ZIP pw:eip

References (2)

[Exploit, Third Party Advisory] https://ssd-disclosure.com/ssd-advisory-netgear-nighthawk-r7000-httpd-preauth-rce/

[Vendor Advisory] https://www.netgear.com/about/security/

Scores

CVSS v3 8.8

EPSS 0.1372

EPSS Percentile 94.3%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-787

Status published

Products (1)

netgear/r7000_firmware < 1.0.11.116

Published Apr 26, 2021

Tracked Since Feb 18, 2026