module
Netgear R7000 backup.cgi Heap Overflow RCE
| Disclosed |
|---|
| Apr 21, 2021 |
Disclosed
Apr 21, 2021
Description
This module exploits a heap buffer overflow in the genie.cgi?backup.cgi
page of Netgear R7000 routers running firmware version 1.0.11.116.
Successful exploitation results in unauthenticated attackers gaining
code execution as the root user.
The exploit utilizes these privileges to enable the telnet server
which allows attackers to connect to the target and execute commands
as the admin user from within a BusyBox shell. Users can connect to
this telnet server by running the command "telnet *target IP*".
page of Netgear R7000 routers running firmware version 1.0.11.116.
Successful exploitation results in unauthenticated attackers gaining
code execution as the root user.
The exploit utilizes these privileges to enable the telnet server
which allows attackers to connect to the target and execute commands
as the admin user from within a BusyBox shell. Users can connect to
this telnet server by running the command "telnet *target IP*".
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.