D7800 Firmware
CVE-2021-45608
CRITICAL
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
Certain D-Link, Edimax, NETGEAR, TP-Link, Tenda, and Western Digital devices are affected by an integer overflow by an unauthenticated attacker. Remote code execution from the WAN interface (TCP port 20005) cannot be ruled out; however, exploitability was judged to be of "rather significant complexity" but not "impossible." The overflow is in SoftwareBus_dispatchNormalEPMsgOut in the KCodes NetUSB kernel module. Affected NETGEAR devices are D7800 before 1.0.1.68, R6400v2 before 1.0.4.122, and R6700v3 before 1.0.4.122.
AnalysisAI
Certain D-Link, Edimax, NETGEAR, TP-Link, Tenda, and Western Digital devices are affected by an integer overflow by an unauthenticated attacker. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
Technical ContextAI
This vulnerability is classified as Integer Overflow (CWE-190), which allows attackers to cause unexpected behavior through arithmetic overflow. Certain D-Link, Edimax, NETGEAR, TP-Link, Tenda, and Western Digital devices are affected by an integer overflow by an unauthenticated attacker. Remote code execution from the WAN interface (TCP port 20005) cannot be ruled out; however, exploitability was judged to be of "rather significant complexity" but not "impossible." The overflow is in SoftwareBus_dispatchNormalEPMsgOut in the KCodes NetUSB kernel module. Affected NETGEAR devices are D7800 before 1.0.1.68, R6400v2 before 1.0.4.122, and R6700v3 before 1.0.4.122. Affected products include: Netgear D7800 Firmware, Netgear R6400V2 Firmware, Netgear R6700V3 Firmware. Version information: before 1.0.1.68.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Validate arithmetic operations, use safe integer libraries, check bounds before allocation.
More in D7800 Firmware
View allCertain NETGEAR devices are affected by server-side injection. Rated critical severity (CVSS 9.8), this vulnerability is
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. Rated critical severity (CVSS
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. Rated critical severity (CVSS
Certain NETGEAR devices are affected by lack of access control at the function level. Rated critical severity (CVSS 9.8)
Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. Rated critical sev
Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. Rated critical severity (CVSS
Certain NETGEAR devices are affected by incorrect configuration of security settings. Rated critical severity (CVSS 9.4)
Certain NETGEAR devices are affected by incorrect configuration of security settings. Rated high severity (CVSS 8.8), th
Certain NETGEAR devices are affected by command injection by an authenticated user. Rated high severity (CVSS 8.8), this
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR Nigh
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R780
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR Nigh
Same weakness CWE-190 – Integer Overflow or Wraparound
View allShare
External POC / Exploit Code
Leaving vuln.today