Details of VAR-202103-1267

ID

VAR-202103-1267

CVE

CVE-2021-29082

TITLE

plural NETGEAR Information leakage vulnerabilities in devices

Trust: 0.8

sources: JVNDB: JVNDB-2021-004587

DESCRIPTION

Certain NETGEAR devices are affected by disclosure of sensitive information. This affects RBW30 before 2.6.1.4, RBS40V before 2.6.1.4, RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBK754 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.15.25, RBK853 before 3.2.15.25, RBK854 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25. plural NETGEAR The device contains a vulnerability related to information leakage.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. This affects RBW30 prior to 2.6.1.4, RBS40V prior to 2.6.1.4, RBK752 prior to 3.2.15.25, RBK753 prior to 3.2.15.25, RBK753S prior to 3.2.15.25, RBK754 prior to 3.2.15.25, RBR750 prior to 3.2.15.25, RBS750 prior to 3.2.15.25, RBK852 prior to 3.2.15.25, RBK853 prior to 3.2.15.25, RBK854 prior to 3.2.15.25, RBR850 prior to 3.2.15.25, and RBS850 prior to 3.2.15.25

Trust: 1.71

sources: NVD: CVE-2021-29082 // JVNDB: JVNDB-2021-004587 // VULMON: CVE-2021-29082

AFFECTED PRODUCTS

vendor:	netgear	model:	rbr750	scope:	lt	version:	3.2.15.25	Trust: 1.0
vendor:	netgear	model:	rbs850	scope:	lt	version:	3.2.15.25	Trust: 1.0
vendor:	netgear	model:	rbr850	scope:	lt	version:	3.2.15.25	Trust: 1.0
vendor:	netgear	model:	rbk752	scope:	lt	version:	3.2.15.25	Trust: 1.0
vendor:	netgear	model:	rbs750	scope:	lt	version:	3.2.15.25	Trust: 1.0
vendor:	netgear	model:	rbw30	scope:	lt	version:	2.6.1.4	Trust: 1.0
vendor:	netgear	model:	rbs40v	scope:	lt	version:	2.6.1.4	Trust: 1.0
vendor:	netgear	model:	rbk852	scope:	lt	version:	3.2.15.25	Trust: 1.0
vendor:	netgear	model:	rbk753	scope:	lt	version:	3.2.15.25	Trust: 1.0
vendor:	netgear	model:	rbk853	scope:	lt	version:	3.2.15.25	Trust: 1.0
vendor:	netgear	model:	rbk754	scope:	lt	version:	3.2.15.25	Trust: 1.0
vendor:	netgear	model:	rbk753s	scope:	lt	version:	3.2.15.25	Trust: 1.0
vendor:	netgear	model:	rbk854	scope:	lt	version:	3.2.15.25	Trust: 1.0
vendor:	ネットギア	model:	rbk852	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	rbk753s	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	rbk853	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	rbw30	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	rbk752	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	rbk753	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	rbr750	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	rbs750	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	rbs40v	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	rbk754	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-004587 // NVD: CVE-2021-29082

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-29082
value:	HIGH
Trust: 1.0
cve@mitre.org:	CVE-2021-29082
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2021-29082
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202103-1341
value:	HIGH
Trust: 0.6
VULMON:	CVE-2021-29082
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2021-29082
severity:	LOW
baseScore:	3.3
vectorString:	AV:A/AC:L/AU:N/C:P/I:N/A:N
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	6.5
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9

nvd@nist.gov:	CVE-2021-29082
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:L
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	LOW
availabilityImpact:	LOW
exploitabilityScore:	2.8
impactScore:	5.3
version:	3.1
Trust: 1.0
cve@mitre.org:	CVE-2021-29082
baseSeverity:	CRITICAL
baseScore:	9.6
vectorString:	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	LOW
exploitabilityScore:	2.8
impactScore:	6.0
version:	3.1
Trust: 1.0
NVD:	CVE-2021-29082
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:L
attackVector:	ADJACENT NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	LOW
availabilityImpact:	LOW
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULMON: CVE-2021-29082 // JVNDB: JVNDB-2021-004587 // CNNVD: CNNVD-202103-1341 // NVD: CVE-2021-29082 // NVD: CVE-2021-29082

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	information leak (CWE-200) [NVD Evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-004587 // NVD: CVE-2021-29082

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202103-1341

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-202103-1341

PATCH

title:	Security Advisory for Sensitive Information Disclosure on Some WiFi Systems, PSV-2020-0037	url:	https://kb.netgear.com/000063005/Security-Advisory-for-Sensitive-Information-Disclosure-on-Some-WiFi-Systems-PSV-2020-0037	Trust: 0.8
title:	NETGEAR Repair measures for information disclosure vulnerabilities of various products	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=145157	Trust: 0.6

sources: JVNDB: JVNDB-2021-004587 // CNNVD: CNNVD-202103-1341

EXTERNAL IDS

db:	NVD	id:	CVE-2021-29082	Trust: 2.5
db:	JVNDB	id:	JVNDB-2021-004587	Trust: 0.8
db:	CNNVD	id:	CNNVD-202103-1341	Trust: 0.6
db:	VULMON	id:	CVE-2021-29082	Trust: 0.1

sources: VULMON: CVE-2021-29082 // JVNDB: JVNDB-2021-004587 // CNNVD: CNNVD-202103-1341 // NVD: CVE-2021-29082

REFERENCES

url:	https://kb.netgear.com/000063005/security-advisory-for-sensitive-information-disclosure-on-some-wifi-systems-psv-2020-0037	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2021-29082	Trust: 1.4
url:	https://cwe.mitre.org/data/definitions/200.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULMON: CVE-2021-29082 // JVNDB: JVNDB-2021-004587 // CNNVD: CNNVD-202103-1341 // NVD: CVE-2021-29082

SOURCES

db:	VULMON	id:	CVE-2021-29082
db:	JVNDB	id:	JVNDB-2021-004587
db:	CNNVD	id:	CNNVD-202103-1341
db:	NVD	id:	CVE-2021-29082

LAST UPDATE DATE

2024-11-23T22:40:42.092000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2021-29082	date:	2021-03-24T00:00:00
db:	JVNDB	id:	JVNDB-2021-004587	date:	2021-11-25T03:10:00
db:	CNNVD	id:	CNNVD-202103-1341	date:	2021-08-16T00:00:00
db:	NVD	id:	CVE-2021-29082	date:	2024-11-21T06:00:40.660

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2021-29082	date:	2021-03-23T00:00:00
db:	JVNDB	id:	JVNDB-2021-004587	date:	2021-11-25T00:00:00
db:	CNNVD	id:	CNNVD-202103-1341	date:	2021-03-23T00:00:00
db:	NVD	id:	CVE-2021-29082	date:	2021-03-23T07:15:14.390