Details of VAR-202112-2209

ID

VAR-202112-2209

CVE

CVE-2021-45512

TITLE

plural NETGEAR Device cryptographic strength vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2021-017110

DESCRIPTION

Certain NETGEAR devices are affected by weak cryptography. This affects D7000v2 before 1.0.0.62, D8500 before 1.0.3.50, EX3700 before 1.0.0.84, EX3800 before 1.0.0.84, EX6120 before 1.0.0.54, EX6130 before 1.0.0.36, EX7000 before 1.0.1.90, R6250 before 1.0.4.42, R6400v2 before 1.0.4.98, R6700v3 before 1.0.4.98, R6900P before 1.3.2.124, R7000 before 1.0.11.106, R7000P before 1.3.2.124, R7100LG before 1.0.0.56, R7900 before 1.0.4.26, R8000 before 1.0.4.58, R8300 before 1.0.2.134, R8500 before 1.0.2.134, RS400 before 1.5.0.48, WNR3500Lv2 before 1.2.0.62, and XR300 before 1.0.3.50. plural NETGEAR The device has cryptographic strength vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This affects D7000v2 prior to 1.0.0.62, D8500 prior to 1.0.3.50, EX3700 prior to 1.0.0.84, EX3800 prior to 1.0.0.84, EX6120 prior to 1.0.0.54, EX6130 prior to 1.0.0.36, EX7000 prior to 1.0.1.90, R6250 prior to 1.0.4.42, R6400v2 prior to 1.0.4.98, R6700v3 prior to 1.0.4.98, R6900P prior to 1.3.2.124, R7000 prior to 1.0.11.106, R7000P prior to 1.3.2.124, R7100LG prior to 1.0.0.56, R7900 prior to 1.0.4.26, R8000 prior to 1.0.4.58, R8300 prior to 1.0.2.134, R8500 prior to 1.0.2.134, RS400 prior to 1.5.0.48, WNR3500Lv2 prior to 1.2.0.62, and XR300 prior to 1.0.3.50

Trust: 1.71

sources: NVD: CVE-2021-45512 // JVNDB: JVNDB-2021-017110 // VULMON: CVE-2021-45512

AFFECTED PRODUCTS

vendor:	netgear	model:	r6900p	scope:	lt	version:	1.3.2.124	Trust: 1.0
vendor:	netgear	model:	ex6120	scope:	lt	version:	1.0.0.54	Trust: 1.0
vendor:	netgear	model:	r6700	scope:	lt	version:	1.0.4.98	Trust: 1.0
vendor:	netgear	model:	r6250	scope:	lt	version:	1.0.4.42	Trust: 1.0
vendor:	netgear	model:	ex3700	scope:	lt	version:	1.0.0.84	Trust: 1.0
vendor:	netgear	model:	r7100lg	scope:	lt	version:	1.0.0.56	Trust: 1.0
vendor:	netgear	model:	r6400	scope:	lt	version:	1.0.4.98	Trust: 1.0
vendor:	netgear	model:	ex7000	scope:	lt	version:	1.0.1.90	Trust: 1.0
vendor:	netgear	model:	r7000p	scope:	lt	version:	1.3.2.124	Trust: 1.0
vendor:	netgear	model:	ex3800	scope:	lt	version:	1.0.0.84	Trust: 1.0
vendor:	netgear	model:	ex6130	scope:	lt	version:	1.0.0.36	Trust: 1.0
vendor:	netgear	model:	d8500	scope:	lt	version:	1.0.3.50	Trust: 1.0
vendor:	netgear	model:	r8300	scope:	lt	version:	1.0.2.134	Trust: 1.0
vendor:	netgear	model:	rs400	scope:	lt	version:	1.5.0.48	Trust: 1.0
vendor:	netgear	model:	xr300	scope:	lt	version:	1.0.3.50	Trust: 1.0
vendor:	netgear	model:	wnr3500l	scope:	lt	version:	1.2.0.62	Trust: 1.0
vendor:	netgear	model:	r8500	scope:	lt	version:	1.0.2.134	Trust: 1.0
vendor:	netgear	model:	r7900	scope:	lt	version:	1.0.4.26	Trust: 1.0
vendor:	netgear	model:	d7000	scope:	lt	version:	1.0.0.62	Trust: 1.0
vendor:	netgear	model:	r8000	scope:	lt	version:	1.0.4.58	Trust: 1.0
vendor:	netgear	model:	r7000	scope:	lt	version:	1.0.11.106	Trust: 1.0
vendor:	ネットギア	model:	d7000	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	d8500	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	ex3700	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	ex3800	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	r6250	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	r6400	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	ex6120	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	ex7000	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	ex6130	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	r6700	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-017110 // NVD: CVE-2021-45512

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-45512
value:	CRITICAL
Trust: 1.0
cve@mitre.org:	CVE-2021-45512
value:	HIGH
Trust: 1.0
NVD:	CVE-2021-45512
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-202112-2327
value:	CRITICAL
Trust: 0.6
VULMON:	CVE-2021-45512
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2021-45512
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9

nvd@nist.gov:	CVE-2021-45512
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
cve@mitre.org:	CVE-2021-45512
baseSeverity:	HIGH
baseScore:	8.6
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	LOW
availabilityImpact:	LOW
exploitabilityScore:	3.9
impactScore:	4.7
version:	3.1
Trust: 1.0
NVD:	CVE-2021-45512
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULMON: CVE-2021-45512 // JVNDB: JVNDB-2021-017110 // CNNVD: CNNVD-202112-2327 // NVD: CVE-2021-45512 // NVD: CVE-2021-45512

PROBLEMTYPE DATA

problemtype:	CWE-327	Trust: 1.0
problemtype:	Inappropriate cryptographic strength (CWE-326) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-017110 // NVD: CVE-2021-45512

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202112-2327

TYPE

encryption problem

Trust: 0.6

sources: CNNVD: CNNVD-202112-2327

PATCH

title:	Security Advisory for Broken Cryptography on Some Routers and Extenders, PSV-2020-0134	url:	https://kb.netgear.com/000064117/Security-Advisory-for-Broken-Cryptography-on-Some-Routers-and-Extenders-PSV-2020-0134	Trust: 0.8
title:	Netgear WNR3500L and NETGEAR Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=176070	Trust: 0.6

sources: JVNDB: JVNDB-2021-017110 // CNNVD: CNNVD-202112-2327

EXTERNAL IDS

db:	NVD	id:	CVE-2021-45512	Trust: 3.3
db:	JVNDB	id:	JVNDB-2021-017110	Trust: 0.8
db:	CNNVD	id:	CNNVD-202112-2327	Trust: 0.6
db:	VULMON	id:	CVE-2021-45512	Trust: 0.1

sources: VULMON: CVE-2021-45512 // JVNDB: JVNDB-2021-017110 // CNNVD: CNNVD-202112-2327 // NVD: CVE-2021-45512

REFERENCES

url:	https://kb.netgear.com/000064117/security-advisory-for-broken-cryptography-on-some-routers-and-extenders-psv-2020-0134	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2021-45512	Trust: 0.8
url:	https://cwe.mitre.org/data/definitions/326.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULMON: CVE-2021-45512 // JVNDB: JVNDB-2021-017110 // CNNVD: CNNVD-202112-2327 // NVD: CVE-2021-45512

SOURCES

db:	VULMON	id:	CVE-2021-45512
db:	JVNDB	id:	JVNDB-2021-017110
db:	CNNVD	id:	CNNVD-202112-2327
db:	NVD	id:	CVE-2021-45512

LAST UPDATE DATE

2024-11-23T22:40:38.273000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2021-45512	date:	2022-01-05T00:00:00
db:	JVNDB	id:	JVNDB-2021-017110	date:	2023-01-04T06:52:00
db:	CNNVD	id:	CNNVD-202112-2327	date:	2022-01-06T00:00:00
db:	NVD	id:	CVE-2021-45512	date:	2024-11-21T06:32:23.193

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2021-45512	date:	2021-12-26T00:00:00
db:	JVNDB	id:	JVNDB-2021-017110	date:	2023-01-04T00:00:00
db:	CNNVD	id:	CNNVD-202112-2327	date:	2021-12-26T00:00:00
db:	NVD	id:	CVE-2021-45512	date:	2021-12-26T01:15:13.487