Details of VAR-202112-2221

ID

VAR-202112-2221

CVE

CVE-2021-45500

TITLE

plural NETGEAR Vulnerabilities in devices

Trust: 0.8

sources: JVNDB: JVNDB-2021-017139

DESCRIPTION

Certain NETGEAR devices are affected by authentication bypass. This affects R7000P before 1.3.3.140 and R8000 before 1.0.4.68. NETGEAR R7000P and R8000 Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This affects R7000P prior to 1.3.3.140 and R8000 prior to 1.0.4.68

Trust: 1.71

sources: NVD: CVE-2021-45500 // JVNDB: JVNDB-2021-017139 // VULMON: CVE-2021-45500

AFFECTED PRODUCTS

vendor:	netgear	model:	r8000	scope:	lt	version:	1.0.4.68	Trust: 1.0
vendor:	netgear	model:	r7000p	scope:	lt	version:	1.3.3.140	Trust: 1.0
vendor:	ネットギア	model:	r8000	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	r7000p	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-017139 // NVD: CVE-2021-45500

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-45500
value:	HIGH
Trust: 1.0
cve@mitre.org:	CVE-2021-45500
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2021-45500
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202112-2326
value:	HIGH
Trust: 0.6
VULMON:	CVE-2021-45500
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-45500
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	6.5
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9

nvd@nist.gov:	CVE-2021-45500
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
cve@mitre.org:	CVE-2021-45500
baseSeverity:	CRITICAL
baseScore:	9.6
vectorString:	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	LOW
exploitabilityScore:	2.8
impactScore:	6.0
version:	3.1
Trust: 1.0
NVD:	CVE-2021-45500
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULMON: CVE-2021-45500 // JVNDB: JVNDB-2021-017139 // CNNVD: CNNVD-202112-2326 // NVD: CVE-2021-45500 // NVD: CVE-2021-45500

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	Lack of information (CWE-noinfo) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-017139 // NVD: CVE-2021-45500

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202112-2326

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-202112-2326

PATCH

title:	Security Advisory for Authentication Bypass on Some Routers, PSV-2019-0183	url:	https://kb.netgear.com/000064070/Security-Advisory-for-Authentication-Bypass-on-Some-Routers-PSV-2019-0183	Trust: 0.8
title:	Netgear NETGEAR Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=176066	Trust: 0.6

sources: JVNDB: JVNDB-2021-017139 // CNNVD: CNNVD-202112-2326

EXTERNAL IDS

db:	NVD	id:	CVE-2021-45500	Trust: 3.3
db:	JVNDB	id:	JVNDB-2021-017139	Trust: 0.8
db:	CNNVD	id:	CNNVD-202112-2326	Trust: 0.6
db:	VULMON	id:	CVE-2021-45500	Trust: 0.1

sources: VULMON: CVE-2021-45500 // JVNDB: JVNDB-2021-017139 // CNNVD: CNNVD-202112-2326 // NVD: CVE-2021-45500

REFERENCES

url:	https://kb.netgear.com/000064070/security-advisory-for-authentication-bypass-on-some-routers-psv-2019-0183	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2021-45500	Trust: 0.8
url:	https://cwe.mitre.org/data/definitions/287.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULMON: CVE-2021-45500 // JVNDB: JVNDB-2021-017139 // CNNVD: CNNVD-202112-2326 // NVD: CVE-2021-45500

SOURCES

db:	VULMON	id:	CVE-2021-45500
db:	JVNDB	id:	JVNDB-2021-017139
db:	CNNVD	id:	CNNVD-202112-2326
db:	NVD	id:	CVE-2021-45500

LAST UPDATE DATE

2024-11-23T22:57:50.420000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2021-45500	date:	2022-01-05T00:00:00
db:	JVNDB	id:	JVNDB-2021-017139	date:	2023-01-05T02:24:00
db:	CNNVD	id:	CNNVD-202112-2326	date:	2022-07-14T00:00:00
db:	NVD	id:	CVE-2021-45500	date:	2024-11-21T06:32:21.240

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2021-45500	date:	2021-12-26T00:00:00
db:	JVNDB	id:	JVNDB-2021-017139	date:	2023-01-05T00:00:00
db:	CNNVD	id:	CNNVD-202112-2326	date:	2021-12-26T00:00:00
db:	NVD	id:	CVE-2021-45500	date:	2021-12-26T01:15:12.883