Details of VAR-202112-2041

ID

VAR-202112-2041

CVE

CVE-2021-23147

TITLE

Netgear Nighthawk R6700 Authentication vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2021-017370

DESCRIPTION

Netgear Nighthawk R6700 version 1.0.4.120 does not have sufficient protections for the UART console. A malicious actor with physical access to the device is able to connect to the UART port via a serial connection and execute commands as the root user without authentication. Netgear Nighthawk R6700 There is an authentication vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 2.25

sources: NVD: CVE-2021-23147 // JVNDB: JVNDB-2021-017370 // CNVD: CNVD-2022-02651 // VULMON: CVE-2021-23147

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2022-02651

AFFECTED PRODUCTS

vendor:	netgear	model:	r6700	scope:	eq	version:	1.0.4.120	Trust: 1.0
vendor:	ネットギア	model:	r6700	scope:	eq	version:	r6700 firmware 1.0.4.120	Trust: 0.8
vendor:	ネットギア	model:	r6700	scope:	eq	version:	-	Trust: 0.8
vendor:	netgear	model:	nighthawk r6700	scope:	eq	version:	1.0.4.120	Trust: 0.6

sources: CNVD: CNVD-2022-02651 // JVNDB: JVNDB-2021-017370 // NVD: CVE-2021-23147

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-23147
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2021-23147
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2022-02651
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-202112-2818
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2021-23147
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2022-02651
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2021-23147
baseSeverity:	MEDIUM
baseScore:	6.8
vectorString:	CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	PHYSICAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	0.9
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2021-23147
baseSeverity:	MEDIUM
baseScore:	6.8
vectorString:	CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	PHYSICAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2022-02651 // JVNDB: JVNDB-2021-017370 // CNNVD: CNNVD-202112-2818 // NVD: CVE-2021-23147

PROBLEMTYPE DATA

problemtype:	CWE-287	Trust: 1.0
problemtype:	Inappropriate authentication (CWE-287) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-017370 // NVD: CVE-2021-23147

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-202112-2818

PATCH

title:	Top Page	url:	https://www.netgear.com/	Trust: 0.8
title:	Patch for Netgear Nighthawk R6700 Authorization Issue Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/312971	Trust: 0.6
title:	Netgear Nighthawk R6700 Remediation measures for authorization problem vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=176865	Trust: 0.6

sources: CNVD: CNVD-2022-02651 // JVNDB: JVNDB-2021-017370 // CNNVD: CNNVD-202112-2818

EXTERNAL IDS

db:	NVD	id:	CVE-2021-23147	Trust: 3.9
db:	TENABLE	id:	TRA-2021-57	Trust: 2.5
db:	JVNDB	id:	JVNDB-2021-017370	Trust: 0.8
db:	CNVD	id:	CNVD-2022-02651	Trust: 0.6
db:	CS-HELP	id:	SB2022010310	Trust: 0.6
db:	CNNVD	id:	CNNVD-202112-2818	Trust: 0.6
db:	VULMON	id:	CVE-2021-23147	Trust: 0.1

sources: CNVD: CNVD-2022-02651 // VULMON: CVE-2021-23147 // JVNDB: JVNDB-2021-017370 // CNNVD: CNNVD-202112-2818 // NVD: CVE-2021-23147

REFERENCES

url:	https://www.tenable.com/security/research/tra-2021-57	Trust: 2.5
url:	https://nvd.nist.gov/vuln/detail/cve-2021-23147	Trust: 2.0
url:	https://www.cybersecurity-help.cz/vdb/sb2022010310	Trust: 0.6
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2022-02651 // VULMON: CVE-2021-23147 // JVNDB: JVNDB-2021-017370 // CNNVD: CNNVD-202112-2818 // NVD: CVE-2021-23147

SOURCES

db:	CNVD	id:	CNVD-2022-02651
db:	VULMON	id:	CVE-2021-23147
db:	JVNDB	id:	JVNDB-2021-017370
db:	CNNVD	id:	CNNVD-202112-2818
db:	NVD	id:	CVE-2021-23147

LAST UPDATE DATE

2024-08-14T13:22:59.208000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2022-02651	date:	2022-01-17T00:00:00
db:	VULMON	id:	CVE-2021-23147	date:	2021-12-31T00:00:00
db:	JVNDB	id:	JVNDB-2021-017370	date:	2023-01-17T05:59:00
db:	CNNVD	id:	CNNVD-202112-2818	date:	2022-01-12T00:00:00
db:	NVD	id:	CVE-2021-23147	date:	2022-01-11T14:46:14.493

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2022-02651	date:	2022-01-12T00:00:00
db:	VULMON	id:	CVE-2021-23147	date:	2021-12-30T00:00:00
db:	JVNDB	id:	JVNDB-2021-017370	date:	2023-01-17T00:00:00
db:	CNNVD	id:	CNNVD-202112-2818	date:	2021-12-30T00:00:00
db:	NVD	id:	CVE-2021-23147	date:	2021-12-30T22:15:09.903