Lucene search

[email protected]CVE-2021-45501

HistoryDec 26, 2021 - 1:15 a.m.

CVE-2021-45501

2021-12-2601:15:12

[email protected]

web.nvd.nist.gov

cve-2021-45501

netgear

authentication bypass

security vulnerability

nvd

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.5 High

AI Score

Confidence

High

10 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.002 Low

EPSS

Percentile

57.3%

JSON

Certain NETGEAR devices are affected by authentication bypass. This affects AC2400 before 1.1.0.84, AC2600 before 1.1.0.84, D7000 before 1.0.1.82, R6020 before 1.0.0.52, R6080 before 1.0.0.52, R6120 before 1.0.0.80, R6220 before 1.1.0.110, R6230 before 1.1.0.110, R6260 before 1.1.0.84, R6330 before 1.1.0.84, R6350 before 1.1.0.84, R6700v2 before 1.1.0.84, R6800 before 1.1.0.84, R6850 before 1.1.0.84, R6900v2 before 1.1.0.84, R7200 before 1.1.0.84, R7350 before 1.1.0.84, R7400 before 1.1.0.84, and R7450 before 1.1.0.84.

Affected configurations

NVD

Node

netgearac2400_firmwareRange<1.1.0.84

AND

netgearac2400Match-

Node

netgearac2600_firmwareRange<1.1.0.84

AND

netgearac2600Match-

Node

netgeard7000_firmwareRange<1.0.1.82

AND

netgeard7000Match-

Node

netgearr6020_firmwareRange<1.0.0.52

AND

netgearr6020Match-

Node

netgearr6080_firmwareRange<1.0.0.52

AND

netgearr6080Match-

Node

netgearr6120_firmwareRange<1.0.0.80

AND

netgearr6120Match-

Node

netgearr6220_firmwareRange<1.1.0.110

AND

netgearr6220Match-

Node

netgearr6230_firmwareRange<1.1.0.110

AND

netgearr6230Match-

Node

netgearr6260_firmwareRange<1.1.0.84

AND

netgearr6260Match-

Node

netgearr6330_firmwareRange<1.1.0.84

AND

netgearr6330Match-

Node

netgearr6350_firmwareRange<1.1.0.84

AND

netgearr6350Match-

Node

netgearr6700v2_firmwareRange<1.1.0.84

AND

netgearr6700v2Match-

Node

netgearr6800_firmwareRange<1.1.0.84

AND

netgearr6800Match-

Node

netgearr6850_firmwareRange<1.1.0.84

AND

netgearr6850Match-

Node

netgearr6900v2_firmwareRange<1.1.0.84

AND

netgearr6900v2Match-

Node

netgearr7200_firmwareRange<1.1.0.84

AND

netgearr7200Match-

Node

netgearr7350_firmwareRange<1.1.0.84

AND

netgearr7350Match-

Node

netgearr7400_firmwareRange<1.1.0.84

AND

netgearr7400Match-

Node

netgearr7450_firmwareRange<1.1.0.84

AND

netgearr7450Match-

CPENameOperatorVersion
netgear:ac2400_firmwarenetgear ac2400 firmwarelt1.1.0.84

CPE	Name	Operator	Version
netgear:ac2400_firmware	netgear ac2400 firmware	lt	1.1.0.84

References

kb.netgear.com/000064532/Security-Advisory-for-Authentication-Bypass-on-Some-Routers-PSV-2021-0154

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.5 High

AI Score

Confidence

High

10 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.002 Low

EPSS

Percentile

57.3%

JSON

Related for CVE-2021-45501

prion1 cvelist1 nvd1