silversurfer
Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
- Aug 17, 2014
- 10,172
Networking equipment company Netgear has released yet another round of patches to remediate a high-severity remote code execution vulnerability affecting multiple routers that could be exploited by remote attackers to take control of an affected system.
Tracked as CVE-2021-34991 (CVSS score: 8.8), the pre-authentication buffer overflow flaw in small office and home office (SOHO) routers can lead to code execution with the highest privileges by taking advantage of an issue residing in the Universal Plug and Play (UPnP) feature that allows devices to discover each other's presence on the same local network and open ports needed to connect to the public Internet.
Because of its ubiquitous nature, UPnP is used by a wide variety of devices, including personal computers, networking equipment, video game consoles and internet of things (IoT) devices.
Critical Root RCE Bug Affects Multiple Netgear SOHO Router Models
A critical pre-authentication RCE as root vulnerability affects several models of Netgear SOHO routers.
thehackernews.com