Details of VAR-202112-2300

ID

VAR-202112-2300

CVE

CVE-2021-45649

TITLE

plural NETGEAR Device information disclosure vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2021-017046

DESCRIPTION

Certain NETGEAR devices are affected by disclosure of sensitive information. This affects R6400v2 before 1.0.4.84, R6700v3 before 1.0.4.84, R7000 before 1.0.11.126, R6900P before 1.3.2.126, and R7000P before 1.3.2.126. This affects R6400v2 prior to 1.0.4.84, R6700v3 prior to 1.0.4.84, R7000 prior to 1.0.11.126, R6900P prior to 1.3.2.126, and R7000P prior to 1.3.2.126

Trust: 1.71

sources: NVD: CVE-2021-45649 // JVNDB: JVNDB-2021-017046 // VULMON: CVE-2021-45649

AFFECTED PRODUCTS

vendor:	netgear	model:	r6400v2	scope:	lt	version:	1.0.4.84	Trust: 1.0
vendor:	netgear	model:	r6700v3	scope:	lt	version:	1.0.4.84	Trust: 1.0
vendor:	netgear	model:	r7000p	scope:	lt	version:	1.3.2.126	Trust: 1.0
vendor:	netgear	model:	r6900p	scope:	lt	version:	1.3.2.126	Trust: 1.0
vendor:	netgear	model:	r7000	scope:	lt	version:	1.0.11.126	Trust: 1.0
vendor:	ネットギア	model:	r6900p	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	r6700v3	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	r7000p	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	r6400v2	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	r7000	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-017046 // NVD: CVE-2021-45649

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-45649
value:	MEDIUM
Trust: 1.0
cve@mitre.org:	CVE-2021-45649
value:	HIGH
Trust: 1.0
NVD:	CVE-2021-45649
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202112-2445
value:	MEDIUM
Trust: 0.6
VULMON:	CVE-2021-45649
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2021-45649
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9

nvd@nist.gov:	CVE-2021-45649
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.8
impactScore:	3.6
version:	3.1
Trust: 1.0
cve@mitre.org:	CVE-2021-45649
baseSeverity:	HIGH
baseScore:	7.9
vectorString:	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	1.5
impactScore:	5.8
version:	3.1
Trust: 1.0
NVD:	CVE-2021-45649
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULMON: CVE-2021-45649 // JVNDB: JVNDB-2021-017046 // CNNVD: CNNVD-202112-2445 // NVD: CVE-2021-45649 // NVD: CVE-2021-45649

PROBLEMTYPE DATA

problemtype:	CWE-200	Trust: 1.0
problemtype:	information leak (CWE-200) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-017046 // NVD: CVE-2021-45649

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202112-2445

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-202112-2445

PATCH

title:	Security Advisory for Sensitive Information Disclosure on Some Routers, PSV-2019-0123	url:	https://kb.netgear.com/000064073/Security-Advisory-for-Sensitive-Information-Disclosure-on-Some-Routers-PSV-2019-0123	Trust: 0.8
title:	Netgear NETGEAR Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=176207	Trust: 0.6

sources: JVNDB: JVNDB-2021-017046 // CNNVD: CNNVD-202112-2445

EXTERNAL IDS

db:	NVD	id:	CVE-2021-45649	Trust: 3.3
db:	JVNDB	id:	JVNDB-2021-017046	Trust: 0.8
db:	CNNVD	id:	CNNVD-202112-2445	Trust: 0.6
db:	VULMON	id:	CVE-2021-45649	Trust: 0.1

sources: VULMON: CVE-2021-45649 // JVNDB: JVNDB-2021-017046 // CNNVD: CNNVD-202112-2445 // NVD: CVE-2021-45649

REFERENCES

url:	https://kb.netgear.com/000064073/security-advisory-for-sensitive-information-disclosure-on-some-routers-psv-2019-0123	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2021-45649	Trust: 0.8
url:	https://cwe.mitre.org/data/definitions/200.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULMON: CVE-2021-45649 // JVNDB: JVNDB-2021-017046 // CNNVD: CNNVD-202112-2445 // NVD: CVE-2021-45649

SOURCES

db:	VULMON	id:	CVE-2021-45649
db:	JVNDB	id:	JVNDB-2021-017046
db:	CNNVD	id:	CNNVD-202112-2445
db:	NVD	id:	CVE-2021-45649

LAST UPDATE DATE

2024-11-23T22:36:59.308000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2021-45649	date:	2022-01-05T00:00:00
db:	JVNDB	id:	JVNDB-2021-017046	date:	2022-12-28T03:06:00
db:	CNNVD	id:	CNNVD-202112-2445	date:	2022-01-06T00:00:00
db:	NVD	id:	CVE-2021-45649	date:	2024-11-21T06:32:46.927

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2021-45649	date:	2021-12-26T00:00:00
db:	JVNDB	id:	JVNDB-2021-017046	date:	2022-12-28T00:00:00
db:	CNNVD	id:	CNNVD-202112-2445	date:	2021-12-26T00:00:00
db:	NVD	id:	CVE-2021-45649	date:	2021-12-26T01:15:20.057