CVE-2021-34947

Q: What is the severity of CVE-2021-34947?

CVE-2021-34947 has a CVSS score of 8.8 (HIGH). This is a critical remote code execution vulnerability in NETGEAR R7800 routers that allows network-adjacent attackers to execute arbitrary code as root without authentication. The vulnerability exists in the net-cgi component's parsing of soap_block_table files due to improper input validation leading to an out-of-bounds write. All users with affected NETGEAR R7800 routers are at risk.

8.8 HIGH

Remote Code Execution Buffer Overflow

📋 TL;DR

This is a critical remote code execution vulnerability in NETGEAR R7800 routers that allows network-adjacent attackers to execute arbitrary code as root without authentication. The vulnerability exists in the net-cgi component's parsing of soap_block_table files due to improper input validation leading to an out-of-bounds write. All users with affected NETGEAR R7800 routers are at risk.

💻 Affected Systems

Products:

NETGEAR R7800

Versions: Firmware versions prior to 1.0.2.84

Operating Systems: Embedded Linux-based firmware

Default Config Vulnerable: ⚠️ Yes

Notes: All default configurations are vulnerable. No special configuration required for exploitation.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of the router with root-level code execution, allowing attackers to intercept traffic, modify DNS settings, install persistent malware, pivot to internal networks, or brick the device.

🟠

Likely Case

Router takeover leading to man-in-the-middle attacks, credential theft, network surveillance, and potential lateral movement to connected devices.

🟢

If Mitigated

Limited impact if router is isolated from untrusted networks, though still vulnerable to compromised devices on the same network segment.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires network adjacency but no authentication. The vulnerability is well-documented in security advisories.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Firmware version 1.0.2.84 or later

Vendor Advisory: https://kb.netgear.com/000064044/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Routers-PSV-2021-0129

Restart Required: Yes

Instructions:

1. Log into router admin interface. 2. Navigate to Advanced > Administration > Firmware Update. 3. Check for updates or manually download firmware 1.0.2.84+. 4. Upload and install the update. 5. Router will reboot automatically.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate the router from untrusted devices by placing it on a separate VLAN or network segment

Disable Unnecessary Services

all

Disable remote administration and any unnecessary network services if not required

🧯 If You Can't Patch

Replace the router with a patched model or different vendor
Implement strict network access controls to limit which devices can communicate with the router

🔍 How to Verify

Check if Vulnerable:

Check current firmware version in router admin interface under Advanced > Administration > Firmware Update

Check Version:

Not applicable - check via web interface

Verify Fix Applied:

Verify firmware version is 1.0.2.84 or higher in the router admin interface

📡 Detection & Monitoring

Log Indicators:

Unusual SOAP requests to router management interface
Multiple failed exploit attempts
Unexpected process execution

Network Indicators:

Unusual traffic patterns to router management ports
Exploit-specific payloads in network traffic

SIEM Query:

source="router_logs" AND (soap_block_table OR net-cgi) AND (buffer_overflow OR out_of_bounds)

📊 Metadata

CVE ID: CVE-2021-34947

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-787

Published: May 7, 2024

Last Updated: August 14, 2025

🔗 References

https://kb.netgear.com/000064044/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Routers-PSV-2021-0129 Third Party Advisory
https://www.zerodayinitiative.com/advisories/ZDI-21-1116/ Third Party Advisory
https://kb.netgear.com/000064044/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Routers-PSV-2021-0129 Third Party Advisory
https://www.zerodayinitiative.com/advisories/ZDI-21-1116/ Third Party Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

D7800 Firmware by Netgear

Ex2700 Firmware by Netgear

Ex6100 Firmware by Netgear

Ex6150 Firmware by Netgear

Ex6200 Firmware by Netgear

Ex6250 Firmware by Netgear

Ex6400 Firmware by Netgear

Ex6400v2 Firmware by Netgear

Ex6410 Firmware by Netgear

Ex6420 Firmware by Netgear

Ex6500v1 Firmware by Netgear

Ex7300 Firmware by Netgear

Ex7300v2 Firmware by Netgear

Ex7320 Firmware by Netgear

Ex7700 Firmware by Netgear

Ex8000 Firmware by Netgear

Lbr1020 Firmware by Netgear

Lbr20 Firmware by Netgear

R6700ax Firmware by Netgear

R7800 Firmware by Netgear

R8900 Firmware by Netgear

R9000 Firmware by Netgear

Rax10 Firmware by Netgear

Rax120 Firmware by Netgear

Rax120v2 Firmware by Netgear

Rax70 Firmware by Netgear

Rax78 Firmware by Netgear

Rbr10 Firmware by Netgear

Rbr20 Firmware by Netgear

Rbr40 Firmware by Netgear

Rbr50 Firmware by Netgear

Rbs10 Firmware by Netgear

Rbs20 Firmware by Netgear

Rbs40 Firmware by Netgear

Rbs50 Firmware by Netgear

Rbs50y Firmware by Netgear

Wn3000rpv2 Firmware by Netgear

Wnr2000v5 Firmware by Netgear

Xr450 Firmware by Netgear

Xr500 Firmware by Netgear

Xr700 Firmware by Netgear