Sign-up

ID

VAR-202112-2217


CVE

CVE-2021-45504


TITLE

Netgear NETGEAR Authorization problem vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202112-2348

DESCRIPTION

Certain NETGEAR devices are affected by authentication bypass. This affects CBR40 before 2.5.0.24, CBR750 before 4.6.3.6, RBR852 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12. This affects CBR40 prior to 2.5.0.24, CBR750 prior to 4.6.3.6, RBR852 prior to 3.2.17.12, RBR850 prior to 3.2.17.12, and RBS850 prior to 3.2.17.12

Trust: 0.99

sources: NVD: CVE-2021-45504 // VULMON: CVE-2021-45504

AFFECTED PRODUCTS

vendor:netgearmodel:rbr852scope:ltversion:3.2.17.12

Trust: 1.0

vendor:netgearmodel:rbs850scope:ltversion:3.2.17.12

Trust: 1.0

vendor:netgearmodel:rbr850scope:ltversion:3.2.17.12

Trust: 1.0

vendor:netgearmodel:cbr40scope:ltversion:2.5.0.24

Trust: 1.0

vendor:netgearmodel:cbr750scope:ltversion:4.6.3.6

Trust: 1.0

sources: NVD: CVE-2021-45504

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2021-45504
value: CRITICAL

Trust: 1.0

CNNVD: CNNVD-202112-2348
value: CRITICAL

Trust: 0.6

VULMON: CVE-2021-45504
value: HIGH

Trust: 0.1

VULMON: CVE-2021-45504
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: CVE-2021-45504
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

sources: VULMON: CVE-2021-45504 // CNNVD: CNNVD-202112-2348 // NVD: CVE-2021-45504

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.0

sources: NVD: CVE-2021-45504

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202112-2348

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-202112-2348

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2021-45504

PATCH
title:Netgear NETGEAR Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=176146
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-202112-2348

EXTERNAL IDS
db:NVDid:CVE-2021-45504
Trust: 1.7
db:CNNVDid:CNNVD-202112-2348
Trust: 0.6
db:VULMONid:CVE-2021-45504
Trust: 0.1
sources:
            
            
            VULMON: CVE-2021-45504 // 
            
            
            
            CNNVD: CNNVD-202112-2348 // 
            
            
            
            NVD: CVE-2021-45504

REFERENCES
url:https://kb.netgear.com/000064128/security-advisory-for-authentication-bypass-on-some-wifi-systems-psv-2020-0475
Trust: 1.7
url:https://cwe.mitre.org/data/definitions/287.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULMON: CVE-2021-45504 // 
            
            
            
            CNNVD: CNNVD-202112-2348 // 
            
            
            
            NVD: CVE-2021-45504

SOURCES
db:VULMONid:CVE-2021-45504
db:CNNVDid:CNNVD-202112-2348
db:NVDid:CVE-2021-45504

LAST UPDATE DATE
2022-05-04T10:07:01.182000+00:00

SOURCES UPDATE DATE
db:VULMONid:CVE-2021-45504date:2022-01-05T00:00:00
db:CNNVDid:CNNVD-202112-2348date:2022-01-06T00:00:00
db:NVDid:CVE-2021-45504date:2022-01-05T13:29:00

SOURCES RELEASE DATE
db:VULMONid:CVE-2021-45504date:2021-12-26T00:00:00
db:CNNVDid:CNNVD-202112-2348date:2021-12-26T00:00:00
db:NVDid:CVE-2021-45504date:2021-12-26T01:15:00