Sign-up

ID

VAR-202103-1284


CVE

CVE-2021-29065


TITLE

NETGEAR RBR850  Authentication vulnerability in device

Trust: 0.8

sources: JVNDB: JVNDB-2021-004915

DESCRIPTION

NETGEAR RBR850 devices before 3.2.10.11 are affected by authentication bypass. NETGEAR RBR850 There is an authentication vulnerability in the device.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state

Trust: 1.71

sources: NVD: CVE-2021-29065 // JVNDB: JVNDB-2021-004915 // VULMON: CVE-2021-29065

AFFECTED PRODUCTS

vendor:netgearmodel:rbr850scope:ltversion:3.2.10.11

Trust: 1.0

vendor:ネットギアmodel:rbr850scope:eqversion:rbr850 firmware 3.2.10.11

Trust: 0.8

vendor:ネットギアmodel:rbr850scope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-004915 // NVD: CVE-2021-29065

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2021-29065
value: CRITICAL

Trust: 1.8

CNNVD: CNNVD-202103-1363
value: CRITICAL

Trust: 0.6

VULMON: CVE-2021-29065
value: HIGH

Trust: 0.1

VULMON: CVE-2021-29065
severity: HIGH
baseScore: 8.3
vectorString: AV:A/AC:L/AU:N/C:C/I:C/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

NVD: CVE-2021-29065
baseSeverity: CRITICAL
baseScore: 9.6
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
attackVector: ADJACENT_NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 6.0
version: 3.1

Trust: 1.0

OTHER: JVNDB-2021-004915
baseSeverity: CRITICAL
baseScore: 9.6
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULMON: CVE-2021-29065 // JVNDB: JVNDB-2021-004915 // CNNVD: CNNVD-202103-1363 // NVD: CVE-2021-29065

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.0

problemtype:Improper authentication (CWE-287) [NVD Evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2021-004915 // NVD: CVE-2021-29065

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202103-1363

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-202103-1363

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2021-29065

PATCH
title:Security Advisory for Authentication Bypass on RBR850, PSV-2020-0029url:https://kb.netgear.com/000063006/security-advisory-for-authentication-bypass-on-rbr850-psv-2020-0029
Trust: 0.8
title:Netgear NETGEAR RBR850 Remediation measures for authorization problem vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=145684
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2021-004915 // 
            
            
            
            CNNVD: CNNVD-202103-1363

EXTERNAL IDS
db:NVDid:CVE-2021-29065
Trust: 2.5
db:JVNDBid:JVNDB-2021-004915
Trust: 0.8
db:CNNVDid:CNNVD-202103-1363
Trust: 0.6
db:VULMONid:CVE-2021-29065
Trust: 0.1
sources:
            
            
            VULMON: CVE-2021-29065 // 
            
            
            
            JVNDB: JVNDB-2021-004915 // 
            
            
            
            CNNVD: CNNVD-202103-1363 // 
            
            
            
            NVD: CVE-2021-29065

REFERENCES
url:https://kb.netgear.com/000063006/security-advisory-for-authentication-bypass-on-rbr850-psv-2020-0029
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2021-29065
Trust: 1.4
url:https://cwe.mitre.org/data/definitions/287.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULMON: CVE-2021-29065 // 
            
            
            
            JVNDB: JVNDB-2021-004915 // 
            
            
            
            CNNVD: CNNVD-202103-1363 // 
            
            
            
            NVD: CVE-2021-29065

SOURCES
db:VULMONid:CVE-2021-29065
db:JVNDBid:JVNDB-2021-004915
db:CNNVDid:CNNVD-202103-1363
db:NVDid:CVE-2021-29065

LAST UPDATE DATE
2022-05-04T09:32:29.510000+00:00

SOURCES UPDATE DATE
db:VULMONid:CVE-2021-29065date:2021-03-26T00:00:00
db:JVNDBid:JVNDB-2021-004915date:2021-12-02T07:59:00
db:CNNVDid:CNNVD-202103-1363date:2021-03-30T00:00:00
db:NVDid:CVE-2021-29065date:2021-03-26T14:23:00

SOURCES RELEASE DATE
db:VULMONid:CVE-2021-29065date:2021-03-23T00:00:00
db:JVNDBid:JVNDB-2021-004915date:2021-12-02T00:00:00
db:CNNVDid:CNNVD-202103-1363date:2021-03-23T00:00:00
db:NVDid:CVE-2021-29065date:2021-03-23T07:15:00