CVE-2021-45527 - Vulnerability Details

Description

Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. This affects D6220 before 1.0.0.68, D6400 before 1.0.0.102, D7000v2 before 1.0.0.66, D8500 before 1.0.3.58, DC112A before 1.0.0.54, EX7000 before 1.0.1.94, EX7500 before 1.0.0.72, R6250 before 1.0.4.48, R6300v2 before 1.0.4.52, R6400 before 1.0.1.70, R6400v2 before 1.0.4.102, R6700v3 before 1.0.4.102, R7000 before 1.0.11.116, R7100LG before 1.0.0.64, R7850 before 1.0.5.68, R7900 before 1.0.4.30, R7960P before 1.4.1.68, R8000 before 1.0.4.52, RAX200 before 1.0.2.88, RBS40V before 2.6.2.4, RS400 before 1.5.1.80, XR300 before 1.0.3.56, R7000P before 1.3.2.124, R8000P before 1.4.1.68, R8500 before 1.0.2.144, RAX80 before 1.0.3.102, R6900P before 1.3.2.124, R7900P before 1.4.1.68, R8300 before 1.0.2.144, RAX75 before 1.0.3.102, RBR750 before 3.2.17.12, RBR850 before 3.2.17.12, RBS750 before 3.2.17.12, RBS850 before 3.2.17.12, RBK752 before 3.2.17.12, and RBK852 before 3.2.17.12.

Published: 2021-12-26

Score: 9.6 Critical

EPSS: 1.2% Low

KEV: No

Impact:

Action:

Analysis

No analysis available yet.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

n/a

affected

Version	Status	Constraints
`n/a`	affected	—

Configuration 1 [-]

AND

cpe:2.3:o:netgear:rbk752_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:rbk752:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:netgear:rbr750_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:rbr750:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:netgear:rbs750_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:rbs750:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:netgear:rbk852_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:rbk852:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:netgear:rbr850_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:rbr850:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:netgear:rbs850_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:rbs850:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:netgear:d6220_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:d6220:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:netgear:d6400_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:d6400:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:netgear:d7000v2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:d7000v2:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:netgear:d8500_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:d8500:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:netgear:dc112a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:dc112a:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND

cpe:2.3:o:netgear:ex7000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:ex7000:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND

cpe:2.3:o:netgear:ex7500_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:ex7500:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND

cpe:2.3:o:netgear:r6250_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:r6250:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND

cpe:2.3:o:netgear:r6300v2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:r6300v2:-:*:*:*:*:*:*:*

Configuration 16 [-]

AND

cpe:2.3:o:netgear:r6400_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:r6400:-:*:*:*:*:*:*:*

Configuration 17 [-]

AND

cpe:2.3:o:netgear:r6400v2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:r6400v2:-:*:*:*:*:*:*:*

Configuration 18 [-]

AND

cpe:2.3:o:netgear:r6700v3_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:r6700v3:-:*:*:*:*:*:*:*

Configuration 19 [-]

AND

cpe:2.3:o:netgear:r7000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:r7000:-:*:*:*:*:*:*:*

Configuration 20 [-]

AND

cpe:2.3:o:netgear:r7100lg_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:r7100lg:-:*:*:*:*:*:*:*

Configuration 21 [-]

AND

cpe:2.3:o:netgear:r7850_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:r7850:-:*:*:*:*:*:*:*

Configuration 22 [-]

AND

cpe:2.3:o:netgear:r7900_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:r7900:-:*:*:*:*:*:*:*

Configuration 23 [-]

AND

cpe:2.3:o:netgear:r7960p_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:r7960p:-:*:*:*:*:*:*:*

Configuration 24 [-]

AND

cpe:2.3:o:netgear:r8000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:r8000:-:*:*:*:*:*:*:*

Configuration 25 [-]

AND

cpe:2.3:o:netgear:rax200_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:rax200:-:*:*:*:*:*:*:*

Configuration 26 [-]

AND

cpe:2.3:o:netgear:rax75_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:rax75:-:*:*:*:*:*:*:*

Configuration 27 [-]

AND

cpe:2.3:o:netgear:rax80_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:rax80:-:*:*:*:*:*:*:*

Configuration 28 [-]

AND

cpe:2.3:o:netgear:rbs40v_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:rbs40v:-:*:*:*:*:*:*:*

Configuration 29 [-]

AND

cpe:2.3:o:netgear:xr300_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:xr300:-:*:*:*:*:*:*:*

Configuration 30 [-]

AND

cpe:2.3:o:netgear:rs400_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:rs400:-:*:*:*:*:*:*:*

Configuration 31 [-]

AND

cpe:2.3:o:netgear:r7000p_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:r7000p:-:*:*:*:*:*:*:*

Configuration 32 [-]

AND

cpe:2.3:o:netgear:r8000p_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:r8000p:-:*:*:*:*:*:*:*

Configuration 33 [-]

AND

cpe:2.3:o:netgear:r8500_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:r8500:-:*:*:*:*:*:*:*

Configuration 34 [-]

AND

cpe:2.3:o:netgear:r6900p_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:r6900p:-:*:*:*:*:*:*:*

Configuration 35 [-]

AND

cpe:2.3:o:netgear:r7900p_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:r7900p:-:*:*:*:*:*:*:*

Configuration 36 [-]

AND

cpe:2.3:o:netgear:r8300_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:r8300:-:*:*:*:*:*:*:*

No data.

No data available yet.

Remediation

No remediation available yet.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
EUVD	EUVD-2021-32293	Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. This affects D6220 before 1.0.0.68, D6400 before 1.0.0.102, D7000v2 before 1.0.0.66, D8500 before 1.0.3.58, DC112A before 1.0.0.54, EX7000 before 1.0.1.94, EX7500 before 1.0.0.72, R6250 before 1.0.4.48, R6300v2 before 1.0.4.52, R6400 before 1.0.1.70, R6400v2 before 1.0.4.102, R6700v3 before 1.0.4.102, R7000 before 1.0.11.116, R7100LG before 1.0.0.64, R7850 before 1.0.5.68, R7900 before 1.0.4.30, R7960P before 1.4.1.68, R8000 before 1.0.4.52, RAX200 before 1.0.2.88, RBS40V before 2.6.2.4, RS400 before 1.5.1.80, XR300 before 1.0.3.56, R7000P before 1.3.2.124, R8000P before 1.4.1.68, R8500 before 1.0.2.144, RAX80 before 1.0.3.102, R6900P before 1.3.2.124, R7900P before 1.4.1.68, R8300 before 1.0.2.144, RAX75 before 1.0.3.102, RBR750 before 3.2.17.12, RBR850 before 3.2.17.12, RBS750 before 3.2.17.12, RBS850 before 3.2.17.12, RBK752 before 3.2.17.12, and RBK852 before 3.2.17.12.

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.01241.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://kb.netgear.com/000064493/Security-Advisory-for-Post-Authentication-Buffer-Overflow-on-Some-Routers-Extenders-and-WiFi-Systems-PSV-2020-0437

History

No history.

Subscriptions

Netgear D6220 D6220 Firmware D6400 D6400 Firmware D7000v2 D7000v2 Firmware D8500 D8500 Firmware Dc112a Dc112a Firmware Ex7000 Ex7000 Firmware Ex7500 Ex7500 Firmware R6250 R6250 Firmware R6300v2 R6300v2 Firmware R6400 R6400 Firmware R6400v2 R6400v2 Firmware R6700v3 R6700v3 Firmware R6900p R6900p Firmware R7000 R7000 Firmware R7000p R7000p Firmware R7100lg R7100lg Firmware R7850 R7850 Firmware R7900 R7900 Firmware R7900p R7900p Firmware R7960p R7960p Firmware R8000 R8000 Firmware R8000p R8000p Firmware R8300 R8300 Firmware R8500 R8500 Firmware Rax200 Rax200 Firmware Rax75 Rax75 Firmware Rax80 Rax80 Firmware Rbk752 Rbk752 Firmware Rbk852 Rbk852 Firmware Rbr750 Rbr750 Firmware Rbr850 Rbr850 Firmware Rbs40v Rbs40v Firmware Rbs750 Rbs750 Firmware Rbs850 Rbs850 Firmware Rs400 Rs400 Firmware Xr300 Xr300 Firmware

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2021-12-26T00:58:02.000Z

Updated: 2024-08-04T04:39:21.497Z

Reserved: 2021-12-25T00:00:00.000Z

Link: CVE-2021-45527

Vulnrichment

No data.

NVD

Status : Modified

Published: 2021-12-26T01:15:14.207

Modified: 2024-11-21T06:32:25.610

Link: CVE-2021-45527

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-120

Tracking

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object