Details of VAR-202108-1584

ID

VAR-202108-1584

CVE

CVE-2021-38539

TITLE

plural NETGEAR Privilege management vulnerabilities in devices

Trust: 0.8

sources: JVNDB: JVNDB-2021-010443

DESCRIPTION

Certain NETGEAR devices are affected by privilege escalation. This affects D8500 before 1.0.3.44, R6400v2 before 1.0.2.66, R6700 before 1.0.2.6, R6700v3 before 1.0.2.66, R6900 before 1.0.2.4, R6900P before 1.3.2.126, R7000 before 1.0.9.42, R7000P before 1.3.2.126, R7100LG before 1.0.0.50, R7300DST before 1.0.0.70, R7900 before 1.0.3.10, R8300 before 1.0.2.130, and R8500 before 1.0.2.130. plural NETGEAR A vulnerability exists in the device regarding permission management.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This affects D8500 prior to 1.0.3.44, R6400v2 prior to 1.0.2.66, R6700 prior to 1.0.2.6, R6700v3 prior to 1.0.2.66, R6900 prior to 1.0.2.4, R6900P prior to 1.3.2.126, R7000 prior to 1.0.9.42, R7000P prior to 1.3.2.126, R7100LG prior to 1.0.0.50, R7300DST prior to 1.0.0.70, R7900 prior to 1.0.3.10, R8300 prior to 1.0.2.130, and R8500 prior to 1.0.2.130

Trust: 1.71

sources: NVD: CVE-2021-38539 // JVNDB: JVNDB-2021-010443 // VULMON: CVE-2021-38539

AFFECTED PRODUCTS

vendor:	netgear	model:	r7000	scope:	lt	version:	1.0.9.42	Trust: 1.0
vendor:	netgear	model:	r6700	scope:	lt	version:	1.0.2.66	Trust: 1.0
vendor:	netgear	model:	r6900	scope:	lt	version:	1.0.2.4	Trust: 1.0
vendor:	netgear	model:	d8500	scope:	lt	version:	1.0.3.44	Trust: 1.0
vendor:	netgear	model:	r6400	scope:	lt	version:	1.0.2.66	Trust: 1.0
vendor:	netgear	model:	r7100lg	scope:	lt	version:	1.0.0.50	Trust: 1.0
vendor:	netgear	model:	r7300dst	scope:	lt	version:	1.0.0.70	Trust: 1.0
vendor:	netgear	model:	r7900	scope:	lt	version:	1.0.3.10	Trust: 1.0
vendor:	netgear	model:	r8300	scope:	lt	version:	1.0.2.130	Trust: 1.0
vendor:	netgear	model:	r6700	scope:	lt	version:	1.0.2.6	Trust: 1.0
vendor:	netgear	model:	r6900p	scope:	lt	version:	1.3.2.126	Trust: 1.0
vendor:	netgear	model:	r8500	scope:	lt	version:	1.0.2.130	Trust: 1.0
vendor:	netgear	model:	r7000p	scope:	lt	version:	1.3.2.126	Trust: 1.0
vendor:	ネットギア	model:	r7000	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	r7300dst	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	r6700	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	r7900	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	r6400	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	d8500	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	r6900p	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	r6900	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	r7000p	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	r7100lg	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-010443 // NVD: CVE-2021-38539

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-38539
value:	HIGH
Trust: 1.0
cve@mitre.org:	CVE-2021-38539
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2021-38539
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202108-1061
value:	HIGH
Trust: 0.6
VULMON:	CVE-2021-38539
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-38539
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9

nvd@nist.gov:	CVE-2021-38539
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
cve@mitre.org:	CVE-2021-38539
baseSeverity:	MEDIUM
baseScore:	6.3
vectorString:	CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	2.1
impactScore:	4.2
version:	3.1
Trust: 1.0
NVD:	CVE-2021-38539
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULMON: CVE-2021-38539 // JVNDB: JVNDB-2021-010443 // CNNVD: CNNVD-202108-1061 // NVD: CVE-2021-38539 // NVD: CVE-2021-38539

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	Improper authority management (CWE-269) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-010443 // NVD: CVE-2021-38539

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202108-1061

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202108-1061

PATCH

title:	Security Advisory for Vertical Privilege Escalation on Some Routers and Gateways, PSV-2018-0385	url:	https://kb.netgear.com/000063760/Security-Advisory-for-Vertical-Privilege-Escalation-on-Some-Routers-and-Gateways-PSV-2018-0385	Trust: 0.8
title:	Netgear NETGEAR Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=159434	Trust: 0.6

sources: JVNDB: JVNDB-2021-010443 // CNNVD: CNNVD-202108-1061

EXTERNAL IDS

db:	NVD	id:	CVE-2021-38539	Trust: 3.3
db:	JVNDB	id:	JVNDB-2021-010443	Trust: 0.8
db:	CNNVD	id:	CNNVD-202108-1061	Trust: 0.6
db:	VULMON	id:	CVE-2021-38539	Trust: 0.1

sources: VULMON: CVE-2021-38539 // JVNDB: JVNDB-2021-010443 // CNNVD: CNNVD-202108-1061 // NVD: CVE-2021-38539

REFERENCES

url:	https://kb.netgear.com/000063760/security-advisory-for-vertical-privilege-escalation-on-some-routers-and-gateways-psv-2018-0385	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2021-38539	Trust: 1.4
url:	https://cwe.mitre.org/data/definitions/269.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULMON: CVE-2021-38539 // JVNDB: JVNDB-2021-010443 // CNNVD: CNNVD-202108-1061 // NVD: CVE-2021-38539

SOURCES

db:	VULMON	id:	CVE-2021-38539
db:	JVNDB	id:	JVNDB-2021-010443
db:	CNNVD	id:	CNNVD-202108-1061
db:	NVD	id:	CVE-2021-38539

LAST UPDATE DATE

2024-08-14T13:53:56.291000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2021-38539	date:	2021-08-19T00:00:00
db:	JVNDB	id:	JVNDB-2021-010443	date:	2022-07-01T06:11:00
db:	CNNVD	id:	CNNVD-202108-1061	date:	2022-07-14T00:00:00
db:	NVD	id:	CVE-2021-38539	date:	2022-07-12T17:42:04.277

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2021-38539	date:	2021-08-11T00:00:00
db:	JVNDB	id:	JVNDB-2021-010443	date:	2022-07-01T00:00:00
db:	CNNVD	id:	CNNVD-202108-1061	date:	2021-08-10T00:00:00
db:	NVD	id:	CVE-2021-38539	date:	2021-08-11T00:17:58.310