Lucene search

[email protected]CVE-2021-45650

HistoryDec 26, 2021 - 1:15 a.m.

CVE-2021-45650

2021-12-2601:15:00

CWE-200

[email protected]

web.nvd.nist.gov

cve-2021-45650

netgear

sensitive information disclosure

r7000

r7900

r8000

rs400

r6400v2

r7000p

r6700v3

r6900p

nvd

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.4 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

51.1%

JSON

Certain NETGEAR devices are affected by disclosure of sensitive information. This affects R7000 before 1.0.11.110, R7900 before 1.0.4.30, R8000 before 1.0.4.62, RS400 before 1.5.1.80, R6400v2 before 1.0.4.102, R7000P before 1.3.2.126, R6700v3 before 1.0.4.102, and R6900P before 1.3.2.126.

CPENameOperatorVersion
netgear:r7000_firmwarenetgear r7000 firmwarelt1.0.11.110
netgear:r7900_firmwarenetgear r7900 firmwarelt1.0.4.30
netgear:r8000_firmwarenetgear r8000 firmwarelt1.0.4.62
netgear:rs400_firmwarenetgear rs400 firmwarelt1.5.1.80
netgear:r6400v2_firmwarenetgear r6400v2 firmwarelt1.0.4.102
netgear:r7000p_firmwarenetgear r7000p firmwarelt1.3.2.126
netgear:r6700v3_firmwarenetgear r6700v3 firmwarelt1.0.4.102
netgear:r6900p_firmwarenetgear r6900p firmwarelt1.3.2.126

CPE	Name	Operator	Version
netgear:r7000_firmware	netgear r7000 firmware	lt	1.0.11.110
netgear:r7900_firmware	netgear r7900 firmware	lt	1.0.4.30
netgear:r8000_firmware	netgear r8000 firmware	lt	1.0.4.62
netgear:rs400_firmware	netgear rs400 firmware	lt	1.5.1.80
netgear:r6400v2_firmware	netgear r6400v2 firmware	lt	1.0.4.102
netgear:r7000p_firmware	netgear r7000p firmware	lt	1.3.2.126
netgear:r6700v3_firmware	netgear r6700v3 firmware	lt	1.0.4.102
netgear:r6900p_firmware	netgear r6900p firmware	lt	1.3.2.126

References

kb.netgear.com/000064459/Security-Advisory-for-Sensitive-Information-Disclosure-on-Some-Routers-PSV-2020-0117

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.4 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

51.1%

JSON

Related for CVE-2021-45650

prion1 cvelist1