Details of VAR-202108-1658

ID

VAR-202108-1658

CVE

CVE-2021-38531

TITLE

plural NETGEAR Vulnerabilities in devices

Trust: 0.8

sources: JVNDB: JVNDB-2021-010447

DESCRIPTION

Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D6200 before 1.1.00.40, D7000 before 1.0.1.78, R6020 before 1.0.0.42, R6080 before 1.0.0.42, R6120 before 1.0.0.66, R6260 before 1.1.0.78, R6700v2 before 1.2.0.76, R6800 before 1.2.0.76, R6900v2 before 1.2.0.76, R7450 before 1.2.0.76, AC2100 before 1.2.0.76, and AC2400 before 1.2.0.76. plural NETGEAR There is an unspecified vulnerability in the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This affects D6200 prior to 1.1.00.40, D7000 prior to 1.0.1.78, R6020 prior to 1.0.0.42, R6080 prior to 1.0.0.42, R6120 prior to 1.0.0.66, R6260 prior to 1.1.0.78, R6700v2 prior to 1.2.0.76, R6800 prior to 1.2.0.76, R6900v2 prior to 1.2.0.76, R7450 prior to 1.2.0.76, AC2100 prior to 1.2.0.76, and AC2400 prior to 1.2.0.76

Trust: 1.71

sources: NVD: CVE-2021-38531 // JVNDB: JVNDB-2021-010447 // VULMON: CVE-2021-38531

AFFECTED PRODUCTS

vendor:	netgear	model:	r6120	scope:	lt	version:	1.0.0.66	Trust: 1.0
vendor:	netgear	model:	ac2100	scope:	lt	version:	1.2.0.76	Trust: 1.0
vendor:	netgear	model:	r6260	scope:	lt	version:	1.1.0.78	Trust: 1.0
vendor:	netgear	model:	r6900	scope:	lt	version:	1.2.0.76	Trust: 1.0
vendor:	netgear	model:	d7000	scope:	lt	version:	1.0.1.78	Trust: 1.0
vendor:	netgear	model:	r6080	scope:	lt	version:	1.0.0.42	Trust: 1.0
vendor:	netgear	model:	d6200	scope:	lt	version:	1.1.00.40	Trust: 1.0
vendor:	netgear	model:	r7450	scope:	lt	version:	1.2.0.76	Trust: 1.0
vendor:	netgear	model:	r6700	scope:	lt	version:	1.2.0.76	Trust: 1.0
vendor:	netgear	model:	ac2400	scope:	lt	version:	1.2.0.76	Trust: 1.0
vendor:	netgear	model:	r6020	scope:	lt	version:	1.0.0.42	Trust: 1.0
vendor:	netgear	model:	r6800	scope:	lt	version:	1.2.0.76	Trust: 1.0
vendor:	ネットギア	model:	r7450	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	d7000	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	r6020	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	r6700	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	r6080	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	r6800	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	r6120	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	r6900	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	r6260	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	d6200	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-010447 // NVD: CVE-2021-38531

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-38531
value:	HIGH
Trust: 1.0
cve@mitre.org:	CVE-2021-38531
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2021-38531
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202108-949
value:	HIGH
Trust: 0.6
VULMON:	CVE-2021-38531
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-38531
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9

nvd@nist.gov:	CVE-2021-38531
baseSeverity:	HIGH
baseScore:	7.2
vectorString:	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.2
impactScore:	5.9
version:	3.1
Trust: 1.0
cve@mitre.org:	CVE-2021-38531
baseSeverity:	MEDIUM
baseScore:	4.7
vectorString:	CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:L/A:N
attackVector:	LOCAL
attackComplexity:	HIGH
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	0.5
impactScore:	4.2
version:	3.1
Trust: 1.0
NVD:	CVE-2021-38531
baseSeverity:	HIGH
baseScore:	7.2
vectorString:	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULMON: CVE-2021-38531 // JVNDB: JVNDB-2021-010447 // CNNVD: CNNVD-202108-949 // NVD: CVE-2021-38531 // NVD: CVE-2021-38531

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	Lack of information (CWE-noinfo) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-010447 // NVD: CVE-2021-38531

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202108-949

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202108-949

PATCH

title:	Security Advisory for Security Misconfiguration on Some Routers and Gateways, PSV-2019-0113	url:	https://kb.netgear.com/000063769/Security-Advisory-for-Security-Misconfiguration-on-Some-Routers-and-Gateways-PSV-2019-0113	Trust: 0.8
title:	Netgear NETGEAR Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=159343	Trust: 0.6

sources: JVNDB: JVNDB-2021-010447 // CNNVD: CNNVD-202108-949

EXTERNAL IDS

db:	NVD	id:	CVE-2021-38531	Trust: 3.3
db:	JVNDB	id:	JVNDB-2021-010447	Trust: 0.8
db:	CNNVD	id:	CNNVD-202108-949	Trust: 0.6
db:	VULMON	id:	CVE-2021-38531	Trust: 0.1

sources: VULMON: CVE-2021-38531 // JVNDB: JVNDB-2021-010447 // CNNVD: CNNVD-202108-949 // NVD: CVE-2021-38531

REFERENCES

url:	https://kb.netgear.com/000063769/security-advisory-for-security-misconfiguration-on-some-routers-and-gateways-psv-2019-0113	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2021-38531	Trust: 1.4
url:	https://cwe.mitre.org/data/definitions/.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULMON: CVE-2021-38531 // JVNDB: JVNDB-2021-010447 // CNNVD: CNNVD-202108-949 // NVD: CVE-2021-38531

SOURCES

db:	VULMON	id:	CVE-2021-38531
db:	JVNDB	id:	JVNDB-2021-010447
db:	CNNVD	id:	CNNVD-202108-949
db:	NVD	id:	CVE-2021-38531

LAST UPDATE DATE

2024-08-14T14:37:53.931000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2021-38531	date:	2021-08-19T00:00:00
db:	JVNDB	id:	JVNDB-2021-010447	date:	2022-07-01T06:12:00
db:	CNNVD	id:	CNNVD-202108-949	date:	2021-08-26T00:00:00
db:	NVD	id:	CVE-2021-38531	date:	2021-08-19T14:20:47.163

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2021-38531	date:	2021-08-11T00:00:00
db:	JVNDB	id:	JVNDB-2021-010447	date:	2022-07-01T00:00:00
db:	CNNVD	id:	CNNVD-202108-949	date:	2021-08-10T00:00:00
db:	NVD	id:	CVE-2021-38531	date:	2021-08-11T00:17:07.800