CVE-2021-34236

Published: Sep 8, 2022Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

Buffer Overflow in Netgear R8000 Router with firmware v1.0.4.56 allows remote attackers to execute arbitrary code or cause a denial-of-service by sending a crafted POST to '/bd_genie_create_account.cgi' with a sufficiently long parameter 'register_country'.

Affected (1)

Products: Netgear: R8000 Firmware

1 product

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear R8000 Firmware	Version 1.0.4.56

Running on/with	Platform Versions
Netgear R8000	All versions

Related CWEs

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

References (3)

https://github.com/Davidteeri/Bug-Report/blob/main/netgear-8000.md

Source: cve@mitre.org

Broken Link

https://github.com/advisories/GHSA-vfq9-7wg3-4mjx

Source: nvd@nist.gov

Third Party Advisory

https://github.com/Davidteeri/Bug-Report/blob/main/netgear-8000.md

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

Timeline

No history available yet.