CVE-2021-34947

NETGEAR R7800 net-cgi Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R7800 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of the soap_block_table file. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of root. . Was ZDI-CAN-13055.

CVSS v3 8.8 HIGH

8.8^/10

CVSS v3 : HIGH

V3 Legend

Vector : AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability : 2.8 / Impact : 5.9

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://kb.netgear.com/000064044/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Routers-PSV-2021-0129	Third Party Advisory
https://www.zerodayinitiative.com/advisories/ZDI-21-1116/	Third Party Advisory
https://kb.netgear.com/000064044/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Routers-PSV-2021-0129	Third Party Advisory
https://www.zerodayinitiative.com/advisories/ZDI-21-1116/	Third Party Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:netgear:d7800_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:d7800:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:netgear:ex2700_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:ex2700:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:netgear:ex6100_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:ex6100:v2:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:netgear:ex6150_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:ex6150:v2:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:netgear:ex6200_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:ex6200:v2:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:netgear:ex6250_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:ex6250:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:netgear:ex6400_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:ex6400:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:netgear:ex6400v2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:ex6400v2:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:netgear:ex6410_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:ex6410:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:netgear:ex6420_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:ex6420:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND

cpe:2.3:o:netgear:ex6500v1_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:ex6500v1:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND

cpe:2.3:o:netgear:ex7300_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:ex7300:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND

cpe:2.3:o:netgear:ex7300v2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:ex7300v2:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND

cpe:2.3:o:netgear:ex7320_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:ex7320:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND

cpe:2.3:o:netgear:ex7700_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:ex7700:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND

cpe:2.3:o:netgear:ex8000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:ex8000:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND

cpe:2.3:o:netgear:lbr1020_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:lbr1020:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND

cpe:2.3:o:netgear:lbr20_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:lbr20:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND

cpe:2.3:o:netgear:r6700ax_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:r6700ax:-:*:*:*:*:*:*:*

Configuration 20 (hide)

AND

cpe:2.3:o:netgear:r7800_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:r7800:-:*:*:*:*:*:*:*

Configuration 21 (hide)

AND

cpe:2.3:o:netgear:r8900_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:r8900:-:*:*:*:*:*:*:*

Configuration 22 (hide)

AND

cpe:2.3:o:netgear:r9000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:r9000:-:*:*:*:*:*:*:*

Configuration 23 (hide)

AND

cpe:2.3:o:netgear:rax10_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:rax10:-:*:*:*:*:*:*:*

Configuration 24 (hide)

AND

cpe:2.3:o:netgear:rax120_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:rax120:-:*:*:*:*:*:*:*

Configuration 25 (hide)

AND

cpe:2.3:o:netgear:rax120v2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:rax120v2:-:*:*:*:*:*:*:*

Configuration 26 (hide)

AND

cpe:2.3:o:netgear:rax70_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:rax70:-:*:*:*:*:*:*:*

Configuration 27 (hide)

AND

cpe:2.3:o:netgear:rax78_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:rax78:-:*:*:*:*:*:*:*

Configuration 28 (hide)

AND

cpe:2.3:o:netgear:rbr10_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:rbr10:-:*:*:*:*:*:*:*

Configuration 29 (hide)

AND

cpe:2.3:o:netgear:rbr20_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:rbr20:-:*:*:*:*:*:*:*

Configuration 30 (hide)

AND

cpe:2.3:o:netgear:rbr40_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:rbr40:-:*:*:*:*:*:*:*

Configuration 31 (hide)

AND

cpe:2.3:o:netgear:rbr50_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:rbr50:-:*:*:*:*:*:*:*

Configuration 32 (hide)

AND

cpe:2.3:o:netgear:rbs10_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:rbs10:-:*:*:*:*:*:*:*

Configuration 33 (hide)

AND

cpe:2.3:o:netgear:rbs20_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:rbs20:-:*:*:*:*:*:*:*

Configuration 34 (hide)

AND

cpe:2.3:o:netgear:rbs40_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:rbs40:-:*:*:*:*:*:*:*

Configuration 35 (hide)

AND

cpe:2.3:o:netgear:rbs50_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:rbs50:-:*:*:*:*:*:*:*

Configuration 36 (hide)

AND

cpe:2.3:o:netgear:rbs50y_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:rbs50y:-:*:*:*:*:*:*:*

Configuration 37 (hide)

AND

cpe:2.3:o:netgear:wn3000rpv2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:wn3000rpv2:-:*:*:*:*:*:*:*

Configuration 38 (hide)

AND

cpe:2.3:o:netgear:wnr2000v5_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:wnr2000v5:-:*:*:*:*:*:*:*

Configuration 39 (hide)

AND

cpe:2.3:o:netgear:xr450_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:xr450:-:*:*:*:*:*:*:*

Configuration 40 (hide)

AND

cpe:2.3:o:netgear:xr500_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:xr500:-:*:*:*:*:*:*:*

Configuration 41 (hide)

AND

cpe:2.3:o:netgear:xr700_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:xr700:-:*:*:*:*:*:*:*

History

14 Aug 2025, 01:42

Type	Values Removed	Values Added
First Time		Netgear rbs40 Netgear ex6150 Firmware Netgear xr700 Firmware Netgear rbs40 Firmware Netgear r8900 Firmware Netgear rbr20 Netgear lbr1020 Firmware Netgear lbr20 Netgear ex7320 Firmware Netgear wn3000rpv2 Netgear ex2700 Firmware Netgear xr500 Netgear ex7300v2 Netgear rax120v2 Firmware Netgear xr700 Netgear rbs50 Netgear rbr50 Netgear r9000 Firmware Netgear ex7700 Firmware Netgear r9000 Netgear ex6420 Netgear rbs20 Firmware Netgear ex8000 Netgear rax70 Firmware Netgear ex6200 Firmware Netgear r7800 Firmware Netgear rbr50 Firmware Netgear ex6400v2 Netgear ex6200 Netgear ex7700 Netgear rax78 Netgear xr450 Netgear wn3000rpv2 Firmware Netgear ex6100 Netgear rbr20 Firmware Netgear lbr1020 Netgear ex6400 Netgear rbr40 Firmware Netgear ex6410 Netgear Netgear ex6400 Firmware Netgear rax120 Netgear rbs50 Firmware Netgear ex2700 Netgear xr450 Firmware Netgear ex6420 Firmware Netgear ex6500v1 Firmware Netgear ex6500v1 Netgear ex7320 Netgear r6700ax Netgear rbr10 Firmware Netgear rbs50y Netgear ex6150 Netgear wnr2000v5 Firmware Netgear ex7300 Firmware Netgear rbs10 Netgear ex6250 Netgear rax10 Firmware Netgear rax70 Netgear ex6410 Firmware Netgear ex6100 Firmware Netgear rbs10 Firmware Netgear d7800 Netgear r8900 Netgear ex7300v2 Firmware Netgear r6700ax Firmware Netgear xr500 Firmware Netgear rax78 Firmware Netgear rbr40 Netgear rax120v2 Netgear wnr2000v5 Netgear ex6250 Firmware Netgear rax10 Netgear r7800 Netgear d7800 Firmware Netgear ex8000 Firmware Netgear rbr10 Netgear rbs20 Netgear ex6400v2 Firmware Netgear lbr20 Firmware Netgear ex7300 Netgear rax120 Firmware Netgear rbs50y Firmware
References	~~() https://kb.netgear.com/000064044/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Routers-PSV-2021-0129 -~~	() https://kb.netgear.com/000064044/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Routers-PSV-2021-0129 - Third Party Advisory
References	~~() https://www.zerodayinitiative.com/advisories/ZDI-21-1116/ -~~	() https://www.zerodayinitiative.com/advisories/ZDI-21-1116/ - Third Party Advisory
CPE		cpe:2.3:h:netgear:xr450:-:::::::* cpe:2.3:h:netgear:d7800:-:::::::* cpe:2.3:o:netgear:ex6100_firmware:::::::: cpe:2.3:o:netgear:ex7300_firmware:::::::: cpe:2.3:o:netgear:rbr50_firmware:::::::: cpe:2.3:h:netgear:ex6200:v2:::::::* cpe:2.3:h:netgear:ex7700:-:::::::* cpe:2.3:o:netgear:rbs10_firmware:::::::: cpe:2.3:o:netgear:r7800_firmware:::::::: cpe:2.3:h:netgear:rax78:-:::::::* cpe:2.3:o:netgear:r8900_firmware:::::::: cpe:2.3:o:netgear:xr450_firmware:::::::: cpe:2.3:h:netgear:ex2700:-:::::::* cpe:2.3:o:netgear:ex7700_firmware:::::::: cpe:2.3:o:netgear:wn3000rpv2_firmware:::::::: cpe:2.3:h:netgear:r8900:-:::::::* cpe:2.3:h:netgear:r6700ax:-:::::::* cpe:2.3:h:netgear:rbr20:-:::::::* cpe:2.3:o:netgear:wnr2000v5_firmware:::::::: cpe:2.3:h:netgear:rbr40:-:::::::* cpe:2.3:h:netgear:rbs10:-:::::::* cpe:2.3:h:netgear:wnr2000v5:-:::::::* cpe:2.3:o:netgear:rax120_firmware:::::::: cpe:2.3:h:netgear:ex7320:-:::::::* cpe:2.3:o:netgear:ex6420_firmware:::::::: cpe:2.3:o:netgear:ex2700_firmware:::::::: cpe:2.3:h:netgear:ex6500v1:-:::::::* cpe:2.3:h:netgear:r7800:-:::::::* cpe:2.3:o:netgear:rax70_firmware:::::::: cpe:2.3:o:netgear:ex6500v1_firmware:::::::: cpe:2.3:h:netgear:ex6250:-:::::::* cpe:2.3:h:netgear:ex6100:v2:::::::* cpe:2.3:o:netgear:rbr10_firmware:::::::: cpe:2.3:h:netgear:ex6420:-:::::::* cpe:2.3:h:netgear:xr500:-:::::::* cpe:2.3:o:netgear:xr500_firmware:::::::: cpe:2.3:o:netgear:ex7300v2_firmware:::::::: cpe:2.3:o:netgear:ex6250_firmware:::::::: cpe:2.3:o:netgear:ex6400v2_firmware:::::::: cpe:2.3:o:netgear:r9000_firmware:::::::: cpe:2.3:o:netgear:d7800_firmware:::::::: cpe:2.3:o:netgear:ex6400_firmware:::::::: cpe:2.3:h:netgear:rax120v2:-:::::::* cpe:2.3:o:netgear:rax10_firmware:::::::: cpe:2.3:o:netgear:rax78_firmware:::::::: cpe:2.3:h:netgear:ex6400:-:::::::* cpe:2.3:h:netgear:ex8000:-:::::::* cpe:2.3:o:netgear:rax120v2_firmware:::::::: cpe:2.3:h:netgear:rbs40:-:::::::* cpe:2.3:o:netgear:rbs50_firmware:::::::: cpe:2.3:h:netgear:r9000:-:::::::* cpe:2.3:h:netgear:rbr50:-:::::::* cpe:2.3:o:netgear:lbr20_firmware:::::::: cpe:2.3:o:netgear:rbr40_firmware:::::::: cpe:2.3:h:netgear:lbr20:-:::::::* cpe:2.3:h:netgear:rbs50:-:::::::* cpe:2.3:o:netgear:ex6200_firmware:::::::: cpe:2.3:h:netgear:ex6400v2:-:::::::* cpe:2.3:o:netgear:ex7320_firmware:::::::: cpe:2.3:o:netgear:ex6150_firmware:::::::: cpe:2.3:h:netgear:rbr10:-:::::::* cpe:2.3:h:netgear:ex6150:v2:::::::* cpe:2.3:o:netgear:rbr20_firmware:::::::: cpe:2.3:h:netgear:lbr1020:-:::::::* cpe:2.3:o:netgear:ex8000_firmware:::::::: cpe:2.3:h:netgear:rax70:-:::::::* cpe:2.3:o:netgear:rbs20_firmware:::::::: cpe:2.3:h:netgear:ex6410:-:::::::* cpe:2.3:h:netgear:rbs20:-:::::::* cpe:2.3:h:netgear:wn3000rpv2:-:::::::* cpe:2.3:h:netgear:rax10:-:::::::* cpe:2.3:o:netgear:xr700_firmware:::::::: cpe:2.3:h:netgear:rbs50y:-:::::::* cpe:2.3:h:netgear:ex7300:-:::::::* cpe:2.3:h:netgear:xr700:-:::::::* cpe:2.3:h:netgear:ex7300v2:-:::::::* cpe:2.3:o:netgear:rbs40_firmware:::::::: cpe:2.3:o:netgear:lbr1020_firmware:::::::: cpe:2.3:o:netgear:ex6410_firmware:::::::: cpe:2.3:o:netgear:rbs50y_firmware:::::::: cpe:2.3:h:netgear:rax120:-:::::::* cpe:2.3:o:netgear:r6700ax_firmware::::::::

21 Nov 2024, 06:11

Type	Values Removed	Values Added
References	~~() https://kb.netgear.com/000064044/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Routers-PSV-2021-0129 -~~	() https://kb.netgear.com/000064044/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Routers-PSV-2021-0129 -
References	~~() https://www.zerodayinitiative.com/advisories/ZDI-21-1116/ -~~	() https://www.zerodayinitiative.com/advisories/ZDI-21-1116/ -

08 May 2024, 13:15

Type	Values Removed	Values Added
Summary		(es) Vulnerabilidad de ejecución remota de código de escritura fuera de los límites en NETGEAR R7800 net-cgi. Esta vulnerabilidad permite a atacantes adyacentes a la red ejecutar código arbitrario en instalaciones afectadas de enrutadores NETGEAR R7800. No se requiere autenticación para aprovechar esta vulnerabilidad. La falla específica existe en el análisis del archivo Soap_block_table. El problema se debe a la falta de una validación adecuada de los datos proporcionados por el usuario, lo que puede provocar una escritura más allá del final de una estructura de datos asignada. Un atacante puede aprovechar esta vulnerabilidad para ejecutar código en el contexto de la raíz. Era ZDI-CAN-13055.

07 May 2024, 23:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-05-07 23:15

Updated : 2025-08-14 01:42

NVD link : CVE-2021-34947

Mitre link : CVE-2021-34947

CVE.ORG link : CVE-2021-34947

JSON object : View

Products Affected

netgear

wnr2000v5
ex8000
ex6100
rbr50_firmware
ex6420_firmware
r6700ax_firmware
rbr10
r8900_firmware
ex6250
rbs10
ex6410
rax120
ex6500v1_firmware
ex7300v2
rbr40
r7800
rbr20
ex6400_firmware
lbr20
r8900
ex7300
ex6420
rbr40_firmware
lbr20_firmware
ex8000_firmware
ex7300_firmware
rax120_firmware
rbs50y_firmware
d7800
xr700_firmware
rax70_firmware
rbs50
ex6150
rbs40_firmware
ex6150_firmware
xr450_firmware
xr500_firmware
ex6400
rax120v2
rbs40
lbr1020_firmware
rax70
lbr1020
ex6400v2
ex7320
ex6200_firmware
rax78_firmware
ex7300v2_firmware
rbs50_firmware
ex7700_firmware
wn3000rpv2_firmware
r9000
rbs10_firmware
rax10
xr700
ex6100_firmware
ex7700
rbs50y
rbr20_firmware
ex6500v1
xr450
rbs20_firmware
ex7320_firmware
ex6400v2_firmware
rax78
wn3000rpv2
ex6410_firmware
ex2700_firmware
r6700ax
rbr50
wnr2000v5_firmware
r7800_firmware
d7800_firmware
ex6200
rbr10_firmware
ex6250_firmware
rax10_firmware
rax120v2_firmware
rbs20
xr500
ex2700
r9000_firmware

CWE

CWE-787

Out-of-bounds Write

8.8 /10