Lucene search

[email protected]CVE-2021-45647

HistoryDec 26, 2021 - 1:15 a.m.

CVE-2021-45647

2021-12-2601:15:19

CWE-200

[email protected]

web.nvd.nist.gov

cve-2021-45647

netgear

information disclosure

eax80

ex7000

r6120

r6220

r6230

r6260

r6850

r6350

r6330

r6800

r6900v2

r6700v2

r7000

r6900p

r7000p

r7200

r7350

r7400

r7450

ac2100

ac2400

ac2600

r7900

r7960p

r8000

r7900p

r8000p

rax15

rax20

rax200

rax45

rax50

rax75

rax80

nvd

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.4 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

51.4%

JSON

Certain NETGEAR devices are affected by disclosure of sensitive information. This affects EAX80 before 1.0.1.62, EX7000 before 1.0.1.104, R6120 before 1.0.0.76, R6220 before 1.1.0.110, R6230 before 1.1.0.110, R6260 before 1.1.0.78, R6850 before 1.1.0.78, R6350 before 1.1.0.78, R6330 before 1.1.0.78, R6800 before 1.2.0.76, R6900v2 before 1.2.0.76, R6700v2 before 1.2.0.76, R7000 before 1.0.11.116, R6900P before 1.3.3.140, R7000P before 1.3.3.140, R7200 before 1.2.0.76, R7350 before 1.2.0.76, R7400 before 1.2.0.76, R7450 before 1.2.0.76, AC2100 before 1.2.0.76, AC2400 before 1.2.0.76, AC2600 before 1.2.0.76, R7900 before 1.0.4.38, R7960P before 1.4.1.66, R8000 before 1.0.4.68, R7900P before 1.4.1.66, R8000P before 1.4.1.66, RAX15 before 1.0.2.82, RAX20 before 1.0.2.82, RAX200 before 1.0.3.106, RAX45 before 1.0.2.72, RAX50 before 1.0.2.72, RAX75 before 1.0.3.106, and RAX80 before 1.0.3.106.

Affected configurations

NVD

Node

netgeareax80_firmwareRange<1.0.1.62

AND

netgeareax80Match-

Node

netgearex7000_firmwareRange<1.0.1.104

AND

netgearex7000Match-

Node

netgearr6120_firmwareRange<1.0.0.76

AND

netgearr6120Match-

Node

netgearr6220_firmwareMatch1.1.0.110

AND

netgearr6220Match-

Node

netgearr6230_firmwareRange<1.1.0.110

AND

netgearr6230Match-

Node

netgearr6260_firmwareRange<1.1.0.78

AND

netgearr6260Match-

Node

netgearr6850_firmwareRange<1.1.0.78

AND

netgearr6850Match-

Node

netgearr6350_firmwareRange<1.1.0.78

AND

netgearr6350Match-

Node

netgearr6330_firmwareRange<1.1.0.78

AND

netgearr6330Match-

Node

netgearr6800_firmwareRange<1.2.0.76

AND

netgearr6800Match-

Node

netgearr6900v2_firmwareRange<1.2.0.76

AND

netgearr6900v2Match-

Node

netgearr6700v2_firmwareRange<1.2.0.76

AND

netgearr6700v2Match-

Node

netgearr7000_firmwareRange<1.0.11.116

AND

netgearr7000Match-

Node

netgearr7000p_firmwareRange<1.3.3.140

AND

netgearr7000pMatch-

Node

netgearr6900p_firmwareRange<1.3.3.140

AND

netgearr6900pMatch-

Node

netgearr7200_firmwareRange<1.2.0.76

AND

netgearr7200Match-

Node

netgearr7350_firmwareRange<1.2.0.76

AND

netgearr7350Match-

Node

netgearr7400_firmwareRange<1.2.0.76

AND

netgearr7400Match-

Node

netgearr7450_firmwareRange<1.2.0.76

AND

netgearr7450Match-

Node

netgearac2100_firmwareRange<1.2.0.76

AND

netgearac2100Match-

Node

netgearac2400_firmwareRange<1.2.0.76

AND

netgearac2400Match-

Node

netgearac2600_firmwareRange<1.2.0.76

AND

netgearac2600Match-

Node

netgearr7900_firmwareRange<1.0.4.38

AND

netgearr7900Match-

Node

netgearr7900p_firmwareRange<1.4.1.66

AND

netgearr7900pMatch-

Node

netgearr7960p_firmwareRange<1.4.1.66

AND

netgearr7960pMatch-

Node

netgearr8000_firmwareRange<1.0.4.68

AND

netgearr8000Match-

Node

netgearr8000p_firmwareRange<1.4.1.66

AND

netgearr8000pMatch-

Node

netgearrax15_firmwareRange<1.0.2.82

AND

netgearrax15Match-

Node

netgearrax20_firmwareRange<1.0.2.82

AND

netgearrax20Match-

Node

netgearrax200_firmwareRange<1.0.3.106

AND

netgearrax200Match-

Node

netgearrax45_firmwareRange<1.0.2.72

AND

netgearrax45Match-

Node

netgearrax50_firmwareRange<1.0.2.72

AND

netgearrax50Match-

Node

netgearrax75_firmwareRange<1.0.3.106

AND

netgearrax75Match-

Node

netgearrax80_firmwareRange<1.0.3.106

AND

netgearrax80Match-

CPENameOperatorVersion
netgear:eax80_firmwarenetgear eax80 firmwarelt1.0.1.62

CPE	Name	Operator	Version
netgear:eax80_firmware	netgear eax80 firmware	lt	1.0.1.62

References

kb.netgear.com/000064118/Security-Advisory-for-Sensitive-Information-Disclosure-on-Some-Routers-and-Extenders-PSV-2020-0184

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.4 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

51.4%

JSON

Related for CVE-2021-45647

prion1 nvd1 cvelist1