NETGEAR Multiple Routers mini_httpd Authentication Bypass Vulnerability [CVE-2021-34865]

CVE number = CVE-2021-34865

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of multiple NETGEAR routers. Authentication is not required to exploit this vulnerability.

The specific flaw exists within the mini_httpd service, which listens on TCP port 80 by default. The issue results from incorrect string matching logic when accessing protected pages. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root.

NETGEAR has released fixes for an authentication bypass security vulnerability on the following product models:

• AC2100
• AC2400
• AC2600
• D7000v1
• R6220
• R6230
• R6260
• R6330
• R6350
• R6700v2
• R6800
• R6850
• R6900v2
• R7200
• R7350
• R7400
• R7450

NETGEAR strongly recommends that you download the latest firmware as soon as possible. Firmware fixes are currently available for all affected products:

• AC2100 fixed in firmware version 1.2.0.88
• AC2400 fixed in firmware version 1.2.0.88
• AC2600 fixed in firmware version 1.2.0.88
• D7000v1 fixed in firmware version 1.0.1.80
• R6220 fixed in firmware version 1.1.0.110
• R6230 fixed in firmware version 1.1.0.110
• R6260 fixed in firmware version 1.1.0.84
• R6330 fixed in firmware version 1.1.0.84
• R6350 fixed in firmware version 1.1.0.84
• R6700v2 fixed in firmware version 1.2.0.88
• R6800 fixed in firmware version 1.2.0.88
• R6850 fixed in firmware version 1.1.0.84
• R6900v2 fixed in firmware version 1.2.0.88
• R7200 fixed in firmware version 1.2.0.88
• R7350 fixed in firmware version 1.2.0.88
• R7400 fixed in firmware version 1.2.0.88
• R7450 fixed in firmware version 1.2.0.88

NETGEAR has issued an update to correct this vulnerability. More details can be found at:
https://kb.netgear.com/000063955/Security-Advisory-for-Authentication-Bypass-Vulnerability-on-Some-Routers-PSV-2021-0083?article=000063955