Lucene search

[email protected]CVE-2021-45529

HistoryDec 26, 2021 - 1:15 a.m.

CVE-2021-45529

2021-12-2601:15:14

CWE-120

[email protected]

web.nvd.nist.gov

netgear

buffer overflow

cve-2021-45529

cbr40

d7000v2

d8500

r6400

r7000

r6900p

r7000p

r7900

r8000

wnr3500lv2

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

7.3 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:H

7.1 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

40.6%

JSON

Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. This affects CBR40 before 2.3.5.12, D7000v2 before 1.0.0.66, D8500 before 1.0.3.58, R6400 before 1.0.1.70, R7000 before 1.0.11.126, R6900P before 1.3.2.124, R7000P before 1.3.2.124, R7900 before 1.0.4.30, R8000 before 1.0.4.52, and WNR3500Lv2 before 1.2.0.62.

Affected configurations

NVD

Node

netgearcbr40_firmwareRange<2.3.5.12

AND

netgearcbr40Match-

Node

netgeard7000v2_firmwareRange<1.0.0.66

AND

netgeard7000v2Match-

Node

netgeard8500_firmwareRange<1.0.3.58

AND

netgeard8500Match-

Node

netgearr6400_firmwareRange<1.0.1.70

AND

netgearr6400Match-

Node

netgearr7000_firmwareRange<1.0.11.126

AND

netgearr7000Match-

Node

netgearr7000p_firmwareRange<1.3.2.124

AND

netgearr7000pMatch-

Node

netgearr6900p_firmwareRange<1.3.2.124

AND

netgearr6900pMatch-

Node

netgearr7900_firmwareRange<1.0.4.30

AND

netgearr7900Match-

Node

netgearr8000_firmwareRange<1.0.4.52

AND

netgearr8000Match-

Node

netgearwnr3500lv2_firmwareRange<1.2.0.62

AND

netgearwnr3500lv2Match-

CPENameOperatorVersion
netgear:cbr40_firmwarenetgear cbr40 firmwarelt2.3.5.12

CPE	Name	Operator	Version
netgear:cbr40_firmware	netgear cbr40 firmware	lt	2.3.5.12

References

kb.netgear.com/000064058/Security-Advisory-for-Post-Authentication-Buffer-Overflow-on-Some-Routers-PSV-2019-0077

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

7.3 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:H

7.1 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

40.6%

JSON

Related for CVE-2021-45529

prion1 cvelist1 nvd1