Lucene search

MitreCVE-2021-29068

HistoryMar 23, 2021 - 7:15 a.m.

CVE-2021-29068

2021-03-2307:15:13

CWE-120

mitre

web.nvd.nist.gov

cve-2021-29068

netgear

buffer overflow

authenticated user

nvd

security vulnerability

CVSS2

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

CVSS3

9.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

AI Score

8.8

Confidence

High

EPSS

0.001

Percentile

40.5%

JSON

Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. This affects R6700v3 before 1.0.4.98, R6400v2 before 1.0.4.98, R7000 before 1.0.11.106, R6900P before 1.3.2.124, R7000P before 1.3.2.124, R7900 before 1.0.4.26, R7850 before 1.0.5.60, R8000 before 1.0.4.58, RS400 before 1.5.0.48, R6400 before 1.0.1.62, R6700 before 1.0.2.16, R6900 before 1.0.2.16, MK60 before 1.0.5.102, MR60 before 1.0.5.102, MS60 before 1.0.5.102, CBR40 before 2.5.0.10, R8000P before 1.4.1.62, R7960P before 1.4.1.62, R7900P before 1.4.1.62, RAX15 before 1.0.1.64, RAX20 before 1.0.1.64, RAX75 before 1.0.3.102, RAX80 before 1.0.3.102, RAX200 before 1.0.2.102, RAX45 before 1.0.2.64, RAX50 before 1.0.2.64, EX7500 before 1.0.0.68, EAX80 before 1.0.1.62, EAX20 before 1.0.0.36, RBK752 before 3.2.16.6, RBK753 before 3.2.16.6, RBK753S before 3.2.16.6, RBK754 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBK853 before 3.2.16.6, RBK854 before 3.2.16.6, RBR850 before 3.2.16.6, RBS850 before 3.2.16.6, RBR840 before 3.2.16.6, RBS840 before 3.2.16.6, R6120 before 1.0.0.70, R6220 before 1.1.0.100, R6230 before 1.1.0.100, R6260 before 1.1.0.76, R6850 before 1.1.0.76, R6350 before 1.1.0.76, R6330 before 1.1.0.76, D7800 before 1.0.1.58, RBK50 before 2.6.1.40, RBR50 before 2.6.1.40, RBS50 before 2.6.1.40, RBK40 before 2.6.1.36, RBR40 before 2.6.1.36, RBS40 before 2.6.1.38, RBK23 before 2.6.1.36, RBR20 before 2.6.1.38, RBS20 before 2.6.1.38, RBK12 before 2.6.1.44, RBK13 before 2.6.1.44, RBK14 before 2.6.1.44, RBK15 before 2.6.1.44, RBR10 before 2.6.1.44, RBS10 before 2.6.1.44, R6800 before 1.2.0.72, R6900v2 before 1.2.0.72, R6700v2 before 1.2.0.72, R7200 before 1.2.0.72, R7350 before 1.2.0.72, R7400 before 1.2.0.72, R7450 before 1.2.0.72, AC2100 before 1.2.0.72, AC2400 before 1.2.0.72, AC2600 before 1.2.0.72, R7800 before 1.0.2.74, R8900 before 1.0.5.24, R9000 before 1.0.5.24, RAX120 before 1.0.1.136, XR450 before 2.3.2.66, XR500 before 2.3.2.66, XR700 before 1.0.1.34, and XR300 before 1.0.3.50.

Affected configurations

Nvd

Node

netgearr6700_firmwareRange<1.0.4.98

AND

netgearr6700Matchv3

Node

netgearr6400_firmwareRange<1.0.4.98

AND

netgearr6400Matchv2

Node

netgearr7000_firmwareRange<1.0.11.106

AND

netgearr7000

Node

netgearr6900p_firmwareRange<1.3.2.124

AND

netgearr6900p

Node

netgearr7000p_firmwareRange<1.3.2.124

AND

netgearr7000p

Node

netgearr7900_firmwareRange<1.0.4.26

AND

netgearr7900

Node

netgearr7850_firmwareRange<1.0.5.60

AND

netgearr7850

Node

netgearr8000_firmwareRange<1.0.4.58

AND

netgearr8000

Node

netgearrs400_firmwareRange<1.5.0.48

AND

netgearrs400

Node

netgearr6400_firmwareRange<1.0.1.62

AND

netgearr6400

Node

netgearr6700_firmwareRange<1.0.2.16

AND

netgearr6700

Node

netgearr6900_firmwareRange<1.0.2.16

AND

netgearr6900

Node

netgearmk60_firmwareRange<1.0.5.102

AND

netgearmk60

Node

netgearmr60_firmwareRange<1.0.5.102

AND

netgearmr60

Node

netgearms60_firmwareRange<1.0.5.102

AND

netgearms60

Node

netgearcbr40_firmwareRange<2.5.0.10

AND

netgearcbr40

Node

netgearr8000p_firmwareRange<1.4.1.62

AND

netgearr8000p

Node

netgearr7960p_firmwareRange<1.4.1.62

AND

netgearr7960p

Node

netgearr7900p_firmwareRange<1.4.1.62

AND

netgearr7900p

Node

netgearrax15_firmwareRange<1.0.1.64

AND

netgearrax15

Node

netgearrax20_firmwareRange<1.0.1.64

AND

netgearrax20

Node

netgearrax75_firmwareRange<1.0.3.102

AND

netgearrax75

Node

netgearrax80_firmwareRange<1.0.3.102

AND

netgearrax80

Node

netgearrax200_firmwareRange<1.0.2.102

AND

netgearrax200

Node

netgearrax45_firmwareRange<1.0.2.64

AND

netgearrax45

Node

netgearrax50_firmwareRange<1.0.2.64

AND

netgearrax50

Node

netgearex7500_firmwareRange<1.0.0.68

AND

netgearex7500

Node

netgeareax80_firmwareRange<1.0.1.62

AND

netgeareax80

Node

netgeareax20_firmwareRange<1.0.0.36

AND

netgeareax20

Node

netgearrbk752_firmwareRange<3.2.16.6

AND

netgearrbk752

Node

netgearrbk753_firmwareRange<3.2.16.6

AND

netgearrbk753

Node

netgearrbk753s_firmwareRange<3.2.16.6

AND

netgearrbk753s

Node

netgearrbk754_firmwareRange<3.2.16.6

AND

netgearrbk754

Node

netgearrbr750_firmwareRange<3.2.16.6

AND

netgearrbr750

Node

netgearrbs750_firmwareRange<3.2.16.6

AND

netgearrbs750

Node

netgearrbk852_firmwareRange<3.2.16.6

AND

netgearrbk852

Node

netgearrbk853_firmwareRange<3.2.16.6

AND

netgearrbk853

Node

netgearrbk854_firmwareRange<3.2.16.6

AND

netgearrbk854

Node

netgearrbr850_firmwareRange<3.2.16.6

AND

netgearrbr850

Node

netgearrbs850_firmwareRange<3.2.16.6

AND

netgearrbs850

Node

netgearrbk842_firmwareRange<3.2.16.6

AND

netgearrbk842

Node

netgearrbr840_firmwareRange<3.2.16.6

AND

netgearrbr840

Node

netgearrbs840_firmwareRange<3.2.16.6

AND

netgearrbs840

Node

netgearr6120_firmwareRange<1.0.0.70

AND

netgearr6120

Node

netgearr6220_firmwareRange<1.0.0.70

AND

netgearr6220

Node

netgearr6230_firmwareRange<1.0.0.70

AND

netgearr6230

Node

netgearr6260_firmwareRange<1.1.0.76

AND

netgearr6260

Node

netgearr6850_firmwareRange<1.1.0.76

AND

netgearr6850

Node

netgearr6350_firmwareRange<1.1.0.76

AND

netgearr6350

Node

netgearr6330_firmwareRange<1.1.0.76

AND

netgearr6330

Node

netgeard7800_firmwareRange<1.0.1.58

AND

netgeard7800

Node

netgearrbk50_firmwareRange<2.6.1.40

AND

netgearrbk50

Node

netgearrbr50_firmwareRange<2.6.1.40

AND

netgearrbr50

Node

netgearrbs50_firmwareRange<2.6.1.40

AND

netgearrbs50

Node

netgearrbk40_firmwareRange<2.6.1.36

AND

netgearrbk40

Node

netgearrbr40_firmwareRange<2.6.1.36

AND

netgearrbr40

Node

netgearrbs40_firmwareRange<2.6.1.38

AND

netgearrbs40

Node

netgearrbk23_firmwareRange<2.6.1.36

AND

netgearrbk23

Node

netgearrbr20_firmwareRange<2.6.1.38

AND

netgearrbr20

Node

netgearrbs20_firmwareRange<2.6.1.38

AND

netgearrbs20

Node

netgearrbk12_firmwareRange<2.6.1.44

AND

netgearrbk12

Node

netgearrbk13_firmwareRange<2.6.1.44

AND

netgearrbk13

Node

netgearrbk14_firmwareRange<2.6.1.44

AND

netgearrbk14

Node

netgearrbk15_firmwareRange<2.6.1.44

AND

netgearrbk15

Node

netgearrbr10_firmwareRange<2.6.1.44

AND

netgearrbr10

Node

netgearrbs10_firmwareRange<2.6.1.44

AND

netgearrbs10

Node

netgearr6800_firmwareRange<1.2.0.72

AND

netgearr6800

Node

netgearr6900_firmwareRange<1.2.0.72

AND

netgearr6900Matchv2

Node

netgearr6700_firmwareRange<1.2.0.72

AND

netgearr6700Matchv2

Node

netgearr7200_firmwareRange<1.2.0.72

AND

netgearr7200

Node

netgearr7350_firmwareRange<1.2.0.72

AND

netgearr7350

Node

netgearr7400_firmwareRange<1.2.0.72

AND

netgearr7400

Node

netgearr7450_firmwareRange<1.2.0.72

AND

netgearr7450

Node

netgearac2100_firmwareRange<1.2.0.72

AND

netgearac2100

Node

netgearac2400_firmwareRange<1.2.0.72

AND

netgearac2400

Node

netgearac2600_firmwareRange<1.2.0.72

AND

netgearac2600

Node

netgearr7800_firmwareRange<1.0.2.74

AND

netgearr7800

Node

netgearr8900_firmwareRange<1.0.5.24

AND

netgearr8900

Node

netgearr9000_firmwareRange<1.0.5.24

AND

netgearr9000

Node

netgearrax120_firmwareRange<1.0.1.136

AND

netgearrax120

Node

netgearxr450_firmwareRange<2.3.2.66

AND

netgearxr450

Node

netgearxr500_firmwareRange<2.3.2.66

AND

netgearxr500

Node

netgearxr700_firmwareRange<1.0.1.34

AND

netgearxr700

Node

netgearxr300_firmwareRange<1.0.3.50

AND

netgearxr300

VendorProductVersionCPE
netgearr6700_firmware*cpe:2.3:o:netgear:r6700_firmware:*:*:*:*:*:*:*:*
netgearr6700v3cpe:2.3:h:netgear:r6700:v3:*:*:*:*:*:*:*
netgearr6400_firmware*cpe:2.3:o:netgear:r6400_firmware:*:*:*:*:*:*:*:*
netgearr6400v2cpe:2.3:h:netgear:r6400:v2:*:*:*:*:*:*:*
netgearr7000_firmware*cpe:2.3:o:netgear:r7000_firmware:*:*:*:*:*:*:*:*
netgearr7000*cpe:2.3:h:netgear:r7000:*:*:*:*:*:*:*:*
netgearr6900p_firmware*cpe:2.3:o:netgear:r6900p_firmware:*:*:*:*:*:*:*:*
netgearr6900p*cpe:2.3:h:netgear:r6900p:*:*:*:*:*:*:*:*
netgearr7000p_firmware*cpe:2.3:o:netgear:r7000p_firmware:*:*:*:*:*:*:*:*
netgearr7000p*cpe:2.3:h:netgear:r7000p:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
netgear	r6700_firmware	*	cpe:2.3:o:netgear:r6700_firmware::::::::
netgear	r6700	v3	cpe:2.3:h:netgear:r6700:v3:::::::*
netgear	r6400_firmware	*	cpe:2.3:o:netgear:r6400_firmware::::::::
netgear	r6400	v2	cpe:2.3:h:netgear:r6400:v2:::::::*
netgear	r7000_firmware	*	cpe:2.3:o:netgear:r7000_firmware::::::::
netgear	r7000	*	cpe:2.3:h:netgear:r7000::::::::
netgear	r6900p_firmware	*	cpe:2.3:o:netgear:r6900p_firmware::::::::
netgear	r6900p	*	cpe:2.3:h:netgear:r6900p::::::::
netgear	r7000p_firmware	*	cpe:2.3:o:netgear:r7000p_firmware::::::::
netgear	r7000p	*	cpe:2.3:h:netgear:r7000p::::::::

Rows per page:

1-10 of 1641

References

kb.netgear.com/000063021/Security-Advisory-for-Post-Authentication-Buffer-Overflow-on-Some-Routers-Extenders-and-WiFi-Systems-PSV-2020-0155

Social References

CVSS2

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

CVSS3

9.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

AI Score

8.8

Confidence

High

EPSS

0.001

Percentile

40.5%

JSON

Related for CVE-2021-29068