CVE-2021-34982

Q: What is the severity of CVE-2021-34982?

CVE-2021-34982 has a CVSS score of 8.8 (HIGH). This is a critical stack-based buffer overflow vulnerability in NETGEAR routers' httpd service that allows network-adjacent attackers to execute arbitrary code as root without authentication. It affects multiple NETGEAR router models when parsing strings files. Attackers on the same network can exploit this to gain complete control of affected devices.

8.8 HIGH

Remote Code Execution Buffer Overflow

📋 TL;DR

This is a critical stack-based buffer overflow vulnerability in NETGEAR routers' httpd service that allows network-adjacent attackers to execute arbitrary code as root without authentication. It affects multiple NETGEAR router models when parsing strings files. Attackers on the same network can exploit this to gain complete control of affected devices.

💻 Affected Systems

Products:

NETGEAR R6400v2
NETGEAR R6700
NETGEAR R6700v3
NETGEAR R6900P
NETGEAR R7000
NETGEAR R7000P
NETGEAR R7850
NETGEAR R7900
NETGEAR R8000
NETGEAR RS400

Versions: Firmware versions prior to 1.0.4.120

Operating Systems: Embedded Linux on NETGEAR routers

Default Config Vulnerable: ⚠️ Yes

Notes: Affects both routers and extenders. HTTP service enabled by default on port 80. No authentication required for exploitation.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of router with root privileges, allowing attacker to intercept/modify all network traffic, install persistent malware, pivot to internal network, and disable security features.

🟠

Likely Case

Router takeover leading to DNS hijacking, credential theft, man-in-the-middle attacks, and botnet recruitment.

🟢

If Mitigated

Limited to denial of service if exploit fails or if network segmentation prevents access to vulnerable devices.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: CONFIRMED

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploit code is publicly available. ZDI published technical details. Attack requires network adjacency but no authentication.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Firmware version 1.0.4.120 or later

Vendor Advisory: https://kb.netgear.com/000064313/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Extenders-Routers-and-DSL-Modem-Routers-PSV-2021-0159

Restart Required: Yes

Instructions:

1. Log into router admin interface. 2. Navigate to Advanced > Administration > Firmware Update. 3. Check for updates. 4. Download and install firmware version 1.0.4.120 or later. 5. Reboot router after update completes.

🔧 Temporary Workarounds

Disable remote administration

all

Prevents external access to router's web interface

Network segmentation

all

Isolate vulnerable routers on separate VLANs

🧯 If You Can't Patch

Replace affected hardware with patched or different vendor equipment
Implement strict network access controls to limit who can reach router management interfaces

🔍 How to Verify

Check if Vulnerable:

Check router firmware version in admin interface under Advanced > Administration > Firmware Update

Check Version:

curl -s http://router-ip/currentsetting.htm | grep firmware

Verify Fix Applied:

Confirm firmware version is 1.0.4.120 or later in router admin interface

📡 Detection & Monitoring

Log Indicators:

Unusual HTTP requests to router on port 80
Multiple failed exploit attempts in httpd logs
Router reboot events after suspicious activity

Network Indicators:

Unusual outbound connections from router
DNS queries to suspicious domains from router
HTTP traffic patterns matching known exploit payloads

SIEM Query:

source="router_logs" AND (http_status=200 AND uri CONTAINS "strings" AND content_length>1000) OR (process="httpd" AND event="segmentation_fault")

📊 Metadata

CVE ID: CVE-2021-34982

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-121

Published: May 7, 2024

Last Updated: August 14, 2025

🔗 References

https://kb.netgear.com/000064313/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Extenders-Routers-and-DSL-Modem-Routers-PSV-2021-0159 Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-21-1274/ Third Party Advisory
https://kb.netgear.com/000064313/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Extenders-Routers-and-DSL-Modem-Routers-PSV-2021-0159 Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-21-1274/ Third Party Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

D6220 Firmware by Netgear

D6400 Firmware by Netgear

D7000v2 Firmware by Netgear

Dc112a Firmware by Netgear

Dgn2200v4 Firmware by Netgear

Ex3700 Firmware by Netgear

Ex3800 Firmware by Netgear

Ex6120 Firmware by Netgear

Ex6130 Firmware by Netgear

Ex7000 Firmware by Netgear

Ex7500 Firmware by Netgear

Lax20 Firmware by Netgear

Mr60 Firmware by Netgear

Mr80 Firmware by Netgear

Ms60 Firmware by Netgear

Ms80 Firmware by Netgear

R6400 Firmware by Netgear

R6400v2 Firmware by Netgear

R6700v3 Firmware by Netgear

R6900p Firmware by Netgear

R7000 Firmware by Netgear

R7000p Firmware by Netgear

R7100lg Firmware by Netgear

R7850 Firmware by Netgear

R7900p Firmware by Netgear

R7960p Firmware by Netgear

R8000 Firmware by Netgear

R8000p Firmware by Netgear

R8300 Firmware by Netgear

R8500 Firmware by Netgear

Rax15 Firmware by Netgear

Rax20 Firmware by Netgear

Rax200 Firmware by Netgear

Rax35v2 Firmware by Netgear

Rax38v2 Firmware by Netgear

Rax40v2 Firmware by Netgear

Rax42 Firmware by Netgear

Rax43 Firmware by Netgear

Rax45 Firmware by Netgear

Rax48 Firmware by Netgear

Rax50 Firmware by Netgear

Rax50s Firmware by Netgear

Rax75 Firmware by Netgear

Rax80 Firmware by Netgear

Raxe450 Firmware by Netgear

Raxe500 Firmware by Netgear

Rs400 Firmware by Netgear

V6510 1fxaus Firmware by Netgear

Wndr3400v3 Firmware by Netgear

Wnr3500lv2 Firmware by Netgear

Xr1000 Firmware by Netgear

Xr300 Firmware by Netgear