Details of VAR-202112-2298

ID

VAR-202112-2298

CVE

CVE-2021-45651

TITLE

plural NETGEAR Device information disclosure vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2021-016948

DESCRIPTION

Certain NETGEAR devices are affected by disclosure of sensitive information. This affects RBK50 before 2.7.3.22, RBR50 before 2.7.3.22, and RBS50 before 2.7.3.22. RBK50 , RBR50 , RBS50 There is a vulnerability related to information leakage.Information may be obtained. This affects RBK50 prior to 2.7.3.22, RBR50 prior to 2.7.3.22, and RBS50 prior to 2.7.3.22

Trust: 1.71

sources: NVD: CVE-2021-45651 // JVNDB: JVNDB-2021-016948 // VULMON: CVE-2021-45651

AFFECTED PRODUCTS

vendor:	netgear	model:	rbr50	scope:	lt	version:	2.7.3.22	Trust: 1.0
vendor:	netgear	model:	rbk50	scope:	lt	version:	2.7.3.22	Trust: 1.0
vendor:	netgear	model:	rbs50	scope:	lt	version:	2.7.3.22	Trust: 1.0
vendor:	ネットギア	model:	rbr50	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	rbs50	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	rbk50	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-016948 // NVD: CVE-2021-45651

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-45651
value:	HIGH
Trust: 1.0
cve@mitre.org:	CVE-2021-45651
value:	HIGH
Trust: 1.0
NVD:	CVE-2021-45651
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202112-2447
value:	HIGH
Trust: 0.6
VULMON:	CVE-2021-45651
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-45651
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9

nvd@nist.gov:	CVE-2021-45651
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
cve@mitre.org:	CVE-2021-45651
baseSeverity:	HIGH
baseScore:	7.4
vectorString:	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.4
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2021-45651
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULMON: CVE-2021-45651 // JVNDB: JVNDB-2021-016948 // CNNVD: CNNVD-202112-2447 // NVD: CVE-2021-45651 // NVD: CVE-2021-45651

PROBLEMTYPE DATA

problemtype:	CWE-200	Trust: 1.0
problemtype:	information leak (CWE-200) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-016948 // NVD: CVE-2021-45651

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202112-2447

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-202112-2447

PATCH

title:	Security Advisory for Sensitive Information Disclosure on Some WiFi Systems, PSV-2017-3085	url:	https://kb.netgear.com/000064441/Security-Advisory-for-Sensitive-Information-Disclosure-on-Some-WiFi-Systems-PSV-2017-3085	Trust: 0.8
title:	Netgear NETGEAR Repair measures for information disclosure vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=177131	Trust: 0.6

sources: JVNDB: JVNDB-2021-016948 // CNNVD: CNNVD-202112-2447

EXTERNAL IDS

db:	NVD	id:	CVE-2021-45651	Trust: 3.3
db:	JVNDB	id:	JVNDB-2021-016948	Trust: 0.8
db:	CNNVD	id:	CNNVD-202112-2447	Trust: 0.6
db:	VULMON	id:	CVE-2021-45651	Trust: 0.1

sources: VULMON: CVE-2021-45651 // JVNDB: JVNDB-2021-016948 // CNNVD: CNNVD-202112-2447 // NVD: CVE-2021-45651

REFERENCES

url:	https://kb.netgear.com/000064441/security-advisory-for-sensitive-information-disclosure-on-some-wifi-systems-psv-2017-3085	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2021-45651	Trust: 0.8
url:	https://cwe.mitre.org/data/definitions/200.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULMON: CVE-2021-45651 // JVNDB: JVNDB-2021-016948 // CNNVD: CNNVD-202112-2447 // NVD: CVE-2021-45651

SOURCES

db:	VULMON	id:	CVE-2021-45651
db:	JVNDB	id:	JVNDB-2021-016948
db:	CNNVD	id:	CNNVD-202112-2447
db:	NVD	id:	CVE-2021-45651

LAST UPDATE DATE

2024-11-23T22:20:41.867000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2021-45651	date:	2022-01-04T00:00:00
db:	JVNDB	id:	JVNDB-2021-016948	date:	2022-12-27T05:13:00
db:	CNNVD	id:	CNNVD-202112-2447	date:	2022-01-05T00:00:00
db:	NVD	id:	CVE-2021-45651	date:	2024-11-21T06:32:47.247

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2021-45651	date:	2021-12-26T00:00:00
db:	JVNDB	id:	JVNDB-2021-016948	date:	2022-12-27T00:00:00
db:	CNNVD	id:	CNNVD-202112-2447	date:	2021-12-26T00:00:00
db:	NVD	id:	CVE-2021-45651	date:	2021-12-26T01:15:20.150