CVE-2021-45650

Certain NETGEAR devices are affected by disclosure of sensitive information. This affects R7000 before 1.0.11.110, R7900 before 1.0.4.30, R8000 before 1.0.4.62, RS400 before 1.5.1.80, R6400v2 before 1.0.4.102, R7000P before 1.3.2.126, R6700v3 before 1.0.4.102, and R6900P before 1.3.2.126.

CVSS v3 7.5 HIGH
CVSS v2.0 5.0 MEDIUM

7.5^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

5.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://kb.netgear.com/000064459/Security-Advisory-for-Sensitive-Information-Disclosure-on-Some-Routers-PSV-2020-0117	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:netgear:r7000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:r7000:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:netgear:r7900_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:r7900:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:netgear:r8000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:r8000:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:netgear:rs400_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:rs400:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:netgear:r6400v2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:r6400v2:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:netgear:r7000p_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:r7000p:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:netgear:r6700v3_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:r6700v3:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:netgear:r6900p_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:r6900p:-:*:*:*:*:*:*:*

History

06 Jan 2022, 15:55

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : 5.0 v3 : 7.5
CWE		CWE-200
CPE		cpe:2.3:h:netgear:r8000:-:::::::* cpe:2.3:o:netgear:r7000p_firmware:::::::: cpe:2.3:h:netgear:r6700v3:-:::::::* cpe:2.3:o:netgear:r6400v2_firmware:::::::: cpe:2.3:o:netgear:r8000_firmware:::::::: cpe:2.3:h:netgear:r6400v2:-:::::::* cpe:2.3:h:netgear:r7000:-:::::::* cpe:2.3:h:netgear:r7900:-:::::::* cpe:2.3:o:netgear:r7900_firmware:::::::: cpe:2.3:h:netgear:r7000p:-:::::::* cpe:2.3:o:netgear:r6700v3_firmware:::::::: cpe:2.3:h:netgear:r6900p:-:::::::* cpe:2.3:o:netgear:r7000_firmware:::::::: cpe:2.3:o:netgear:rs400_firmware:::::::: cpe:2.3:o:netgear:r6900p_firmware:::::::: cpe:2.3:h:netgear:rs400:-:::::::*
References	~~(MISC) https://kb.netgear.com/000064459/Security-Advisory-for-Sensitive-Information-Disclosure-on-Some-Routers-PSV-2020-0117 -~~	(MISC) https://kb.netgear.com/000064459/Security-Advisory-for-Sensitive-Information-Disclosure-on-Some-Routers-PSV-2020-0117 - Patch, Vendor Advisory

26 Dec 2021, 01:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2021-12-26 01:15

Updated : 2024-02-04 22:08

NVD link : CVE-2021-45650

Mitre link : CVE-2021-45650

CVE.ORG link : CVE-2021-45650

JSON object : View

Products Affected

netgear

rs400
r6400v2_firmware
r7900
r7900_firmware
r8000_firmware
r7000p
r6700v3
r6900p
rs400_firmware
r7000_firmware
r6700v3_firmware
r7000p_firmware
r6900p_firmware
r6400v2
r8000
r7000

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

7.5 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

5.0 /10

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

JSON object

Attach tags to CVE-2021-45650

7.5^/10

5.0^/10

Attach tags to `CVE-2021-45650`