CVE-2021-45650

Certain NETGEAR devices are affected by disclosure of sensitive information. This affects R7000 before 1.0.11.110, R7900 before 1.0.4.30, R8000 before 1.0.4.62, RS400 before 1.5.1.80, R6400v2 before 1.0.4.102, R7000P before 1.3.2.126, R6700v3 before 1.0.4.102, and R6900P before 1.3.2.126.

CVSS v3 9.1 CRITICAL
CVSS v2.0 5.0 MEDIUM

9.1^/10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

5.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://kb.netgear.com/000064459/Security-Advisory-for-Sensitive-Information-Disclosure-on-Some-Routers-PSV-2020-0117	Patch Vendor Advisory
https://kb.netgear.com/000064459/Security-Advisory-for-Sensitive-Information-Disclosure-on-Some-Routers-PSV-2020-0117	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:netgear:r7000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:r7000:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:netgear:r7900_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:r7900:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:netgear:r8000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:r8000:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:netgear:rs400_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:rs400:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:netgear:r6400v2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:r6400v2:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:netgear:r7000p_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:r7000p:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:netgear:r6700v3_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:r6700v3:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:netgear:r6900p_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:r6900p:-:*:*:*:*:*:*:*

History

21 Nov 2024, 06:32

Type	Values Removed	Values Added
CVSS	v2 : ~~5.0~~ v3 : ~~7.5~~	v2 : 5.0 v3 : 9.1
References	~~() https://kb.netgear.com/000064459/Security-Advisory-for-Sensitive-Information-Disclosure-on-Some-Routers-PSV-2020-0117 - Patch, Vendor Advisory~~	() https://kb.netgear.com/000064459/Security-Advisory-for-Sensitive-Information-Disclosure-on-Some-Routers-PSV-2020-0117 - Patch, Vendor Advisory

Information

Published : 2021-12-26 01:15

Updated : 2024-11-21 06:32

NVD link : CVE-2021-45650

Mitre link : CVE-2021-45650

CVE.ORG link : CVE-2021-45650

JSON object : View

Products Affected

netgear

rs400
r6400v2_firmware
r6700v3
r7000
r6900p
r7900
rs400_firmware
r8000_firmware
r6900p_firmware
r7900_firmware
r7000p
r6700v3_firmware
r7000p_firmware
r8000
r7000_firmware
r6400v2

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

9.1 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

5.0 /10

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

JSON object

Attach tags to CVE-2021-45650

9.1^/10

5.0^/10

Attach tags to `CVE-2021-45650`