CVE-2021-34980 – This vulnerability allows network-adjacent attackers to execute arbitrary code on affected …

13 January 2022

Vuln ID: CVE-2021-34980

Published: 2022-01-13 22:15:12Z

Description: This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6260 1.1.0.78_1.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the setupwizard.cgi page. When parsing the SOAP_LOGIN_TOKEN environment variable, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-14107.

Source: NVD.NIST.GOV

Date:

13 January 2022

Categorie(s):

NVD

Tag(s):

NVD

Ten years of Heartbleed: Lessons learned29 April 2024
Grafana Tool Vulnerability Let Attackers Inject SQL Queries29 April 2024
France willing to buy key Atos assets to keep them French29 April 2024
Voter Registration System Taken Offline in Coffee County Cyber-Incident29 April 2024
Hackers Tool 29 Days from Initial Hack to Sabotage Ransomware Attack29 April 2024