Details of VAR-202108-1619

ID

VAR-202108-1619

CVE

CVE-2021-38513

TITLE

plural NETGEAR Authentication vulnerabilities in devices

Trust: 0.8

sources: JVNDB: JVNDB-2021-010413

DESCRIPTION

Certain NETGEAR devices are affected by authentication bypass. This affects RBK852 before 3.2.10.11, RBR850 before 3.2.10.11, RBS850 before 3.2.10.11, CBR40 before 2.5.0.10, EAX20 before 1.0.0.48, MK62 before 1.0.6.110, MR60 before 1.0.6.110, MS60 before 1.0.6.110, RBK752 before 3.2.10.10, RBR750 before 3.2.10.10, and RBS750 before 3.2.10.10. plural NETGEAR There is an authentication vulnerability in the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Netgear RBR750 is a home WiFi system from Netgear. Several NETGEAR devices have an access control error vulnerability that stems from the product not properly restricting access from unauthorized roles. No detailed vulnerability details are currently provided. This affects RBK852 prior to 3.2.10.11, RBR850 prior to 3.2.10.11, RBS850 prior to 3.2.10.11, CBR40 prior to 2.5.0.10, EAX20 prior to 1.0.0.48, MK62 prior to 1.0.6.110, MR60 prior to 1.0.6.110, MS60 prior to 1.0.6.110, RBK752 prior to 3.2.10.10, RBR750 prior to 3.2.10.10, and RBS750 prior to 3.2.10.10

Trust: 2.25

sources: NVD: CVE-2021-38513 // JVNDB: JVNDB-2021-010413 // CNVD: CNVD-2022-06698 // VULMON: CVE-2021-38513

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2022-06698

AFFECTED PRODUCTS

vendor:	netgear	model:	cbr40	scope:	lt	version:	2.5.0.10	Trust: 1.6
vendor:	netgear	model:	rbk852	scope:	lt	version:	3.2.10.11	Trust: 1.6
vendor:	netgear	model:	rbr850	scope:	lt	version:	3.2.10.11	Trust: 1.6
vendor:	netgear	model:	rbs850	scope:	lt	version:	3.2.10.11	Trust: 1.6
vendor:	netgear	model:	mk62	scope:	lt	version:	1.0.6.110	Trust: 1.6
vendor:	netgear	model:	mr60	scope:	lt	version:	1.0.6.110	Trust: 1.6
vendor:	netgear	model:	ms60	scope:	lt	version:	1.0.6.110	Trust: 1.6
vendor:	netgear	model:	eax20	scope:	lt	version:	1.0.0.48	Trust: 1.6
vendor:	netgear	model:	rbk752	scope:	lt	version:	3.2.10.10	Trust: 1.6
vendor:	netgear	model:	rbr750	scope:	lt	version:	3.2.10.10	Trust: 1.6
vendor:	netgear	model:	rbs750	scope:	lt	version:	3.2.10.10	Trust: 1.6
vendor:	ネットギア	model:	rbk852	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	rbr750	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	ms60	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	rbk752	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	eax20	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	rbr850	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	cbr40	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	rbs850	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	mk62	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	mr60	scope:	-	version:	-	Trust: 0.8

sources: CNVD: CNVD-2022-06698 // JVNDB: JVNDB-2021-010413 // NVD: CVE-2021-38513

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-38513
value:	CRITICAL
Trust: 1.0
cve@mitre.org:	CVE-2021-38513
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2021-38513
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2022-06698
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-202108-963
value:	CRITICAL
Trust: 0.6
VULMON:	CVE-2021-38513
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2021-38513
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2022-06698
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2021-38513
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
cve@mitre.org:	CVE-2021-38513
baseSeverity:	CRITICAL
baseScore:	9.6
vectorString:	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	LOW
exploitabilityScore:	2.8
impactScore:	6.0
version:	3.1
Trust: 1.0
NVD:	CVE-2021-38513
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2022-06698 // VULMON: CVE-2021-38513 // JVNDB: JVNDB-2021-010413 // CNNVD: CNNVD-202108-963 // NVD: CVE-2021-38513 // NVD: CVE-2021-38513

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	Inappropriate authentication (CWE-287) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-010413 // NVD: CVE-2021-38513

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202108-963

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-202108-963

PATCH

title:	Security Advisory for Authentication Bypass on Some Extenders and WiFi Systems, PSV-2020-0008	url:	https://kb.netgear.com/000063777/Security-Advisory-for-Authentication-Bypass-on-Some-Extenders-and-WiFi-Systems-PSV-2020-0008	Trust: 0.8
title:	Patch for Netgear RBR750 Access Control Error Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/316041	Trust: 0.6
title:	Netgear RBR750 Fixes for access control error vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=159357	Trust: 0.6

sources: CNVD: CNVD-2022-06698 // JVNDB: JVNDB-2021-010413 // CNNVD: CNNVD-202108-963

EXTERNAL IDS

db:	NVD	id:	CVE-2021-38513	Trust: 3.9
db:	JVNDB	id:	JVNDB-2021-010413	Trust: 0.8
db:	CNVD	id:	CNVD-2022-06698	Trust: 0.6
db:	CNNVD	id:	CNNVD-202108-963	Trust: 0.6
db:	VULMON	id:	CVE-2021-38513	Trust: 0.1

sources: CNVD: CNVD-2022-06698 // VULMON: CVE-2021-38513 // JVNDB: JVNDB-2021-010413 // CNNVD: CNNVD-202108-963 // NVD: CVE-2021-38513

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2021-38513	Trust: 2.0
url:	https://kb.netgear.com/000063777/security-advisory-for-authentication-bypass-on-some-extenders-and-wifi-systems-psv-2020-0008	Trust: 1.7
url:	https://cwe.mitre.org/data/definitions/287.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2022-06698 // VULMON: CVE-2021-38513 // JVNDB: JVNDB-2021-010413 // CNNVD: CNNVD-202108-963 // NVD: CVE-2021-38513

SOURCES

db:	CNVD	id:	CNVD-2022-06698
db:	VULMON	id:	CVE-2021-38513
db:	JVNDB	id:	JVNDB-2021-010413
db:	CNNVD	id:	CNNVD-202108-963
db:	NVD	id:	CVE-2021-38513

LAST UPDATE DATE

2024-08-14T14:44:21.556000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2022-06698	date:	2022-01-25T00:00:00
db:	VULMON	id:	CVE-2021-38513	date:	2021-08-18T00:00:00
db:	JVNDB	id:	JVNDB-2021-010413	date:	2022-07-01T01:56:00
db:	CNNVD	id:	CNNVD-202108-963	date:	2022-07-14T00:00:00
db:	NVD	id:	CVE-2021-38513	date:	2022-07-12T17:42:04.277

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2022-06698	date:	2022-01-25T00:00:00
db:	VULMON	id:	CVE-2021-38513	date:	2021-08-11T00:00:00
db:	JVNDB	id:	JVNDB-2021-010413	date:	2022-07-01T00:00:00
db:	CNNVD	id:	CNNVD-202108-963	date:	2021-08-10T00:00:00
db:	NVD	id:	CVE-2021-38513	date:	2021-08-11T00:15:10.787