Details of VAR-202103-1286

ID

VAR-202103-1286

CVE

CVE-2021-29067

TITLE

plural NETGEAR Product authentication vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2021-004913

DESCRIPTION

Certain NETGEAR devices are affected by authentication bypass. This affects RBW30 before 2.6.2.2, RBS40V before 2.6.2.4, RBK852 before 3.2.17.12, RBK853 before 3.2.17.12, RBK854 before 3.2.17.12, RBR850 before 3.2.17.12, RBS850 before 3.2.17.12, RBK752 before 3.2.17.12, RBK753 before 3.2.17.12, RBK753S before 3.2.17.12, RBK754 before 3.2.17.12, RBR750 before 3.2.17.12, and RBS750 before 3.2.17.12. plural NETGEAR The product contains an authentication vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. This affects RBW30 prior to 2.6.2.2, RBS40V prior to 2.6.2.4, RBK852 prior to 3.2.17.12, RBK853 prior to 3.2.17.12, RBK854 prior to 3.2.17.12, RBR850 prior to 3.2.17.12, RBS850 prior to 3.2.17.12, RBK752 prior to 3.2.17.12, RBK753 prior to 3.2.17.12, RBK753S prior to 3.2.17.12, RBK754 prior to 3.2.17.12, RBR750 prior to 3.2.17.12, and RBS750 prior to 3.2.17.12

Trust: 1.71

sources: NVD: CVE-2021-29067 // JVNDB: JVNDB-2021-004913 // VULMON: CVE-2021-29067

AFFECTED PRODUCTS

vendor:	netgear	model:	rbr750	scope:	lt	version:	3.2.17.12	Trust: 1.0
vendor:	netgear	model:	rbk752	scope:	lt	version:	3.2.17.12	Trust: 1.0
vendor:	netgear	model:	rbs850	scope:	lt	version:	3.2.17.12	Trust: 1.0
vendor:	netgear	model:	rbr850	scope:	lt	version:	3.2.17.12	Trust: 1.0
vendor:	netgear	model:	rbk852	scope:	lt	version:	3.2.17.12	Trust: 1.0
vendor:	netgear	model:	rbk753	scope:	lt	version:	3.2.17.12	Trust: 1.0
vendor:	netgear	model:	rbs750	scope:	lt	version:	3.2.17.12	Trust: 1.0
vendor:	netgear	model:	rbk754	scope:	lt	version:	3.2.17.12	Trust: 1.0
vendor:	netgear	model:	rbw30	scope:	lt	version:	2.6.2.2	Trust: 1.0
vendor:	netgear	model:	rbk853	scope:	lt	version:	3.2.17.12	Trust: 1.0
vendor:	netgear	model:	rbk753s	scope:	lt	version:	3.2.17.12	Trust: 1.0
vendor:	netgear	model:	rbs40v	scope:	lt	version:	2.6.2.4	Trust: 1.0
vendor:	netgear	model:	rbk854	scope:	lt	version:	3.2.17.12	Trust: 1.0
vendor:	ネットギア	model:	rbk854	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	rbk753s	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	rbw30	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	rbk852	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	rbs850	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	rbs40v	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	rbk752	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	rbk753	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	rbr850	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	rbk853	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-004913 // NVD: CVE-2021-29067

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-29067
value:	CRITICAL
Trust: 1.0
cve@mitre.org:	CVE-2021-29067
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2021-29067
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-202103-1361
value:	CRITICAL
Trust: 0.6
VULMON:	CVE-2021-29067
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2021-29067
severity:	HIGH
baseScore:	8.3
vectorString:	AV:A/AC:L/AU:N/C:C/I:C/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.5
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9

nvd@nist.gov:	CVE-2021-29067
baseSeverity:	CRITICAL
baseScore:	9.6
vectorString:	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	6.0
version:	3.1
Trust: 2.0
OTHER:	JVNDB-2021-004913
baseSeverity:	CRITICAL
baseScore:	9.6
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
attackVector:	ADJACENT NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULMON: CVE-2021-29067 // JVNDB: JVNDB-2021-004913 // CNNVD: CNNVD-202103-1361 // NVD: CVE-2021-29067 // NVD: CVE-2021-29067

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	Improper authentication (CWE-287) [NVD Evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-004913 // NVD: CVE-2021-29067

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202103-1361

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-202103-1361

PATCH

title:	Security Advisory for Authentication Bypass on Some WiFi Systems, PSV-2020-0492	url:	https://kb.netgear.com/000063017/Security-Advisory-for-Authentication-Bypass-on-Some-WiFi-Systems-PSV-2020-0492	Trust: 0.8
title:	Netgear NETGEAR Remediation measures for authorization problem vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=145682	Trust: 0.6

sources: JVNDB: JVNDB-2021-004913 // CNNVD: CNNVD-202103-1361

EXTERNAL IDS

db:	NVD	id:	CVE-2021-29067	Trust: 2.5
db:	JVNDB	id:	JVNDB-2021-004913	Trust: 0.8
db:	CNNVD	id:	CNNVD-202103-1361	Trust: 0.6
db:	VULMON	id:	CVE-2021-29067	Trust: 0.1

sources: VULMON: CVE-2021-29067 // JVNDB: JVNDB-2021-004913 // CNNVD: CNNVD-202103-1361 // NVD: CVE-2021-29067

REFERENCES

url:	https://kb.netgear.com/000063017/security-advisory-for-authentication-bypass-on-some-wifi-systems-psv-2020-0492	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2021-29067	Trust: 1.4
url:	https://cwe.mitre.org/data/definitions/287.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULMON: CVE-2021-29067 // JVNDB: JVNDB-2021-004913 // CNNVD: CNNVD-202103-1361 // NVD: CVE-2021-29067

SOURCES

db:	VULMON	id:	CVE-2021-29067
db:	JVNDB	id:	JVNDB-2021-004913
db:	CNNVD	id:	CNNVD-202103-1361
db:	NVD	id:	CVE-2021-29067

LAST UPDATE DATE

2024-11-23T21:58:42.571000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2021-29067	date:	2021-03-26T00:00:00
db:	JVNDB	id:	JVNDB-2021-004913	date:	2021-12-02T07:19:00
db:	CNNVD	id:	CNNVD-202103-1361	date:	2022-07-14T00:00:00
db:	NVD	id:	CVE-2021-29067	date:	2024-11-21T06:00:38.160

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2021-29067	date:	2021-03-23T00:00:00
db:	JVNDB	id:	JVNDB-2021-004913	date:	2021-12-02T00:00:00
db:	CNNVD	id:	CNNVD-202103-1361	date:	2021-03-23T00:00:00
db:	NVD	id:	CVE-2021-29067	date:	2021-03-23T07:15:13.233