Sign-up

ID

VAR-202103-1285


CVE

CVE-2021-29066


TITLE

plural  NETGEAR  Product authentication vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2021-004914

DESCRIPTION

Certain NETGEAR devices are affected by authentication bypass. This affects RBK852 before 3.2.17.12, RBK853 before 3.2.17.12, RBK854 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12. plural NETGEAR The product contains an authentication vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. This affects RBK852 prior to 3.2.17.12, RBK853 prior to 3.2.17.12, RBK854 prior to 3.2.17.12, RBR850 prior to 3.2.17.12, and RBS850 prior to 3.2.17.12

Trust: 1.71

sources: NVD: CVE-2021-29066 // JVNDB: JVNDB-2021-004914 // VULMON: CVE-2021-29066

AFFECTED PRODUCTS

vendor:netgearmodel:rbk853scope:ltversion:3.2.17.12

Trust: 1.0

vendor:netgearmodel:rbr850scope:ltversion:3.2.17.12

Trust: 1.0

vendor:netgearmodel:rbs850scope:ltversion:3.2.17.12

Trust: 1.0

vendor:netgearmodel:rbk852scope:ltversion:3.2.17.12

Trust: 1.0

vendor:netgearmodel:rbk854scope:ltversion:3.2.17.12

Trust: 1.0

vendor:ネットギアmodel:rbk854scope: - version: -

Trust: 0.8

vendor:ネットギアmodel:rbk852scope: - version: -

Trust: 0.8

vendor:ネットギアmodel:rbs850scope: - version: -

Trust: 0.8

vendor:ネットギアmodel:rbr850scope: - version: -

Trust: 0.8

vendor:ネットギアmodel:rbk853scope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-004914 // NVD: CVE-2021-29066

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-29066
value: CRITICAL

Trust: 1.0

cve@mitre.org: CVE-2021-29066
value: CRITICAL

Trust: 1.0

NVD: CVE-2021-29066
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-202103-1362
value: CRITICAL

Trust: 0.6

VULMON: CVE-2021-29066
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2021-29066
severity: HIGH
baseScore: 8.3
vectorString: AV:A/AC:L/AU:N/C:C/I:C/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

nvd@nist.gov: CVE-2021-29066
baseSeverity: CRITICAL
baseScore: 9.6
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 6.0
version: 3.1

Trust: 2.0

OTHER: JVNDB-2021-004914
baseSeverity: CRITICAL
baseScore: 9.6
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULMON: CVE-2021-29066 // JVNDB: JVNDB-2021-004914 // CNNVD: CNNVD-202103-1362 // NVD: CVE-2021-29066 // NVD: CVE-2021-29066

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:Improper authentication (CWE-287) [NVD Evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2021-004914 // NVD: CVE-2021-29066

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202103-1362

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-202103-1362

PATCH

title:Security Advisory for Authentication Bypass on Some WiFi Systems, PSV-2020-0484url:https://kb.netgear.com/000063014/Security-Advisory-for-Authentication-Bypass-on-Some-WiFi-Systems-PSV-2020-0484

Trust: 0.8

title:Netgear NETGEAR Remediation measures for authorization problem vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=145683

Trust: 0.6

sources: JVNDB: JVNDB-2021-004914 // CNNVD: CNNVD-202103-1362

EXTERNAL IDS

db:NVDid:CVE-2021-29066

Trust: 2.5

db:JVNDBid:JVNDB-2021-004914

Trust: 0.8

db:CNNVDid:CNNVD-202103-1362

Trust: 0.6

db:VULMONid:CVE-2021-29066

Trust: 0.1

sources: VULMON: CVE-2021-29066 // JVNDB: JVNDB-2021-004914 // CNNVD: CNNVD-202103-1362 // NVD: CVE-2021-29066

REFERENCES

url:https://kb.netgear.com/000063014/security-advisory-for-authentication-bypass-on-some-wifi-systems-psv-2020-0484

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2021-29066

Trust: 1.4

url:https://cwe.mitre.org/data/definitions/287.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULMON: CVE-2021-29066 // JVNDB: JVNDB-2021-004914 // CNNVD: CNNVD-202103-1362 // NVD: CVE-2021-29066

SOURCES

db:VULMONid:CVE-2021-29066
db:JVNDBid:JVNDB-2021-004914
db:CNNVDid:CNNVD-202103-1362
db:NVDid:CVE-2021-29066

LAST UPDATE DATE

2024-11-23T22:51:05.661000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2021-29066date:2021-03-26T00:00:00
db:JVNDBid:JVNDB-2021-004914date:2021-12-02T07:31:00
db:CNNVDid:CNNVD-202103-1362date:2022-07-14T00:00:00
db:NVDid:CVE-2021-29066date:2024-11-21T06:00:37.963

SOURCES RELEASE DATE

db:VULMONid:CVE-2021-29066date:2021-03-23T00:00:00
db:JVNDBid:JVNDB-2021-004914date:2021-12-02T00:00:00
db:CNNVDid:CNNVD-202103-1362date:2021-03-23T00:00:00
db:NVDid:CVE-2021-29066date:2021-03-23T07:15:13.157