Researchers identified a pre-authentication buffer overflow vulnerability (CVE-2021-34991) that affects multiple Small Offices/Home Offices (SOHO) Netgear router modules. The vulnerability tracked as CVE-2021-34991 lets attackers perform remote code execution attacks on the vulnerable devices and take control of the devices from the remote. Let’s see how to fix CVE-2021-34991- A Pre-Authentication Buffer Overflow vulnerability on Multiple Netgear Products.
Table of Contents
Summary of CVE-2021-34991:
Associated CVE ID | CVE-2021-34991 |
Description | A pre-authentication buffer overflow vulnerability allows network-adjacent attackers to execute arbitrary code on affected Netgear products. |
Associated ZDI ID | DI-CAN-14110 |
CVSS Score | 8.8 High |
Vector | AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Impact Score | 5.9 |
Exploitability Score | 2.8 |
Attack Vector (AV) | Adjacent |
Attack Complexity (AC) | Low |
Privilege Required (PR) | None |
User Interaction (UI) | None |
Confidentiality (C) | High |
Integrity (I) | High |
availability (a) | High |
Researchers identified a pre-authentication buffer overflow vulnerability (CVE-2021-34991) that affects multiple Small Offices/Home Offices (SOHO) Netgear router modules. The vulnerability tracked as CVE-2021-34991 lets attackers perform remote code execution attacks on the vulnerable devices and take control of the devices from the remote. Let’s see how to fix CVE-2021-34991- A Pre-Authentication Buffer Overflow vulnerability on Multiple Netgear Products.
This vulnerability is associated with the UPnP service, a service that is used by networked devices, such as personal computers, printers, Internet gateways, Wi-Fi access points, and mobile devices to discover other network devices on the same network to establish other functional network services.
UPnP service allows any device on the network to connect to the server without authentication and reconfigure the network to support its operations. This feature of UPnP provides a large attack surface for the attacker as the service allows unauthenticated HTTP SUBSCRIBE and UNSUBSCRIBE requests from clients who wish to receive updates and parse complex input to handle those requests.
The vulnerability that exists in the validation of the UUID request header comes as input. Since there is no proper validation process in the length of user-supplied data prior to copying it to a fixed-length stack-based buffer, an attacker can send more data to the local stack buffer and then validate it. This allows the attacker to perform a Pre-Authentication Buffer Overflow attack.
The disturbing part of the vulnerability is since the UPnP service runs in root privilege, the attacker can perform code executions with root privileges. You can read the original post for complete technical details.
List Of Netgear Products Vulnerable To CVE-2021-34991 Buffer Overflow Vulnerability:
As per the report, these are the Netgear products vulnerable to the buffer overflow vulnerability.
List Of Products Netgear Released Fix For The CVE-2021-34991 Vulnerability:
at the time of publishing this post, NETGEAR has released fixes for the following products:
Extenders:
- EX3700 fixed in firmware version 1.0.0.94
- EX3800 fixed in firmware version 1.0.0.94
- EX6120 fixed in firmware version 1.0.0.66
- EX6130 fixed in firmware version 1.0.0.66
Routers:
- R6400 fixed in firmware version 1.0.1.76
- R6400v2 fixed in firmware version 1.0.4.120
- R6700v3 fixed in firmware version 1.0.4.120
- R6900P fixed in firmware version 1.3.3.142_HOTFIX
- R7000 fixed in firmware version 1.0.11.128
- R7000P fixed in firmware version 1.3.3.142_HOTFIX
- R7100LG fixed in firmware version 1.0.0.72
- R7850 fixed in firmware version 1.0.5.76
- R7900P fixed in firmware version 1.4.2.84
- R7960P fixed in firmware version 1.4.2.84
- R8000 fixed in firmware version 1.0.4.76
- R8000P fixed in firmware version 1.4.2.84
- R8300 fixed in firmware version 1.0.2.156
- R8500 fixed in firmware version 1.0.2.156
- RAX15 fixed in firmware version 1.0.4.100
- RAX20 fixed in firmware version 1.0.4.100
- RAX200 fixed in firmware version 1.0.5.132
- RAX35v2 fixed in firmware version 1.0.4.100
- RAX38v2 fixed in firmware version 1.0.4.100
- RAX40v2 fixed in firmware version 1.0.4.100
- RAX42 fixed in firmware version 1.0.4.100
- RAX43 fixed in firmware version 1.0.4.100
- RAX45 fixed in firmware version 1.0.4.100
- RAX48 fixed in firmware version 1.0.4.100
- RAX50 fixed in firmware version 1.0.4.100
- RAX50S fixed in firmware version 1.0.4.100
- RAX75 fixed in firmware version 1.0.5.132
- RAX80 fixed in firmware version 1.0.5.132
- RAXE450 fixed in firmware version 1.0.8.70
- RAXE500 fixed in firmware version 1.0.8.70
- RS400 fixed in firmware version 1.5.1.80
- WNDR3400v3 fixed in firmware version 1.0.1.42
- WNR3500Lv2 fixed in firmware version 1.2.0.70
- XR300 fixed in firmware version 1.0.3.68
DSL Modem Routers:
- D6220 fixed in firmware version 1.0.0.76
- D6400 fixed in firmware version 1.0.0.108
- D7000v2 fixed in firmware version 1.0.0.76
- DGN2200v4 fixed in firmware version 1.0.0.126
AirCards
- DC112A fixed in firmware version 1.0.0.62
Cable Modems
- CAX80 fixed in firmware version 2.1.3.5
How To Fix CVE-2021-34991- A Pre-Authentication Buffer Overflow Vulnerability?
Netgear has released a patch and released patch along with new firmware. recommends downloading the latest firmware for your NETGEAR product.
Time needed: 10 minutes.
How To Fix CVE-2021-34991, A Pre-Authentication Buffer Overflow Vulnerability?
You can fix CVE-2021-34991 vulnerability by upgrading the firmware of your product to the latest version.
If your product supports one of the Netgear apps, use the app to update your firmware.
1. Orbi products: NETGEAR Orbi app
2. NETGEAR WiFi routers: NETGEAR Nighthawk app
If you have a product that doesn’t support any of the apps, visit the support portal, download the firmware as shown here below, and install it manually.
- Visit the Netgear Support site
URL: https://www.netgear.com/support/
- Search your product in the search box
As soon as you start typing your model number in the search box, you will see your model in the drop-down menu. Select your model as soon as it appears.
- Download the firmware
Click on the download button to download the firmware for your model.
Under Current Versions, select the first download whose title begins with Firmware Version. - Install the firmware
Follow the instructions to install the firmware version. Please refer to the installation guide of your product for further assistance.
Note: Click on the Documents button to download the installation guide and other documentation about the product.
We hope this post will help you in knowing how to fix CVE-2021-34991- A Pre-Authentication Buffer Overflow vulnerability on Multiple Netgear Products. Thanks for reading this threat post. Please share this post and help to secure the digital world. Visit our social media page on Facebook, LinkedIn, Twitter, Telegram, Tumblr, & Medium and subscribe to receive updates like this.
原创文章,作者:ItWorker,如若转载,请注明出处:https://blog.ytso.com/270082.html