Severity

High

Analysis Summary

CVE-2021-40847

Multiple NETGEAR routers could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the update process of the Circle Parental Control Service. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.

Impact

• Code Execution

Affected Vendors

• NETGEAR

Affected Products

• Netgear R6700
• Netgear R6900
• NETGEAR R7000P
• NETGEAR R8000
• NETGEAR R6400v2
• NETGEAR R6700v3
• NETGEAR R7000
• NETGEAR R7850
• NETGEAR R7900
• NETGEAR RS400
• NETGEAR R6900P

Remediation

Refer to NETGEAR Security Advisory for patch, upgrade or suggested workaround information.