How severe is CVE-2021-27255?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.3 out of 10.

What type of vulnerability is CVE-2021-27255?

This is classified as CWE-306, which is a common weakness in software security.

CVE-2021-27255 - MEDIUM Severity | CVSS 6.3

Vulnerability Description

This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR R7800 firmware version 1.0.2.76. Authentication is not required to exploit this vulnerability. The specific flaw exists within the refresh_status.aspx endpoint. The issue results from a lack of authentication required to start a service on the server. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-12360.

Related Vulnerabilities

CVE-2017-12155

MEDIUM

CVSS:6.3(Medium)

A resource-permission flaw was found in the openstack-tripleo-heat-templates package where ceph.client.openstack.keyring is created as world-readable. A local attacker with access to the key could rea...

CWE-3062017

CVE-2021-21472

MEDIUM

CVSS:6.3(Medium)

SAP Software Provisioning Manager 1.0 (SAP NetWeaver Master Data Management Server 7.1) does not have an option to set password during its installation, this allows an authenticated attacker to perfor...

CWE-3062021

CVE-2021-26278

MEDIUM

CVSS:6.3(Medium)

The wifi module exposes the interface and has improper permission control, leaking sensitive information about the device.

CWE-3062021

CVE-2022-48621

MEDIUM

CVSS:6.3(Medium)

Vulnerability of missing authentication for critical functions in the Wi-Fi module.Successful exploitation of this vulnerability may affect service confidentiality.

CWE-3062022

CVE-2024-22326

MEDIUM

CVSS:6.3(Medium)

IBM System Storage DS8900F 89.22.19.0, 89.30.68.0, 89.32.40.0, 89.33.48.0, 89.40.83.0, and 89.40.93.0 could allow a remote user to create an LDAP connection with a valid username and empty password to...

CWE-3062024

CVE-2024-39364

HIGH

CVSS:6.3(Medium)

Advantech ADAM-5630 has built-in commands that can be executed without authenticating the user. These commands allow for restarting the operating system, rebooting the hardware, and stopping the execu...

CWE-3062024