Rewterz Threat Advisory – Microsoft Remote Desktop Web Access information disclosure
March 1, 2021Rewterz Threat Alert – Group 21 Targeting South Asia
March 1, 2021Rewterz Threat Advisory – Microsoft Remote Desktop Web Access information disclosure
March 1, 2021Rewterz Threat Alert – Group 21 Targeting South Asia
March 1, 2021Severity
High
Analysis Summary
CVE-2021-27257
NETGEAR R7800 devices could allow a remote attacker to execute arbitrary code on the system, caused by improper validation of the certificate presented by the server. By sending a specially-crafted request, an attacker could exploit this vulnerability to download files via FTP and execute arbitrary code in the context of root.
CVE-2021-27256
NETGEAR R7800 devices could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the handling of the rc_service parameter provided to apply_save.cgi. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code in the context of root.
Impact
Gain Access
Affected Vendors
NETGEAR
Affected Products
NETGEAR R7800 1.0.2
Remediation
Refer to NETGEAR Security Advisory for patch, upgrade or suggested workaround information.