Details of VAR-202112-2302

ID

VAR-202112-2302

CVE

CVE-2021-45647

TITLE

plural NETGEAR Device information disclosure vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2021-017539

DESCRIPTION

Certain NETGEAR devices are affected by disclosure of sensitive information. This affects EAX80 before 1.0.1.62, EX7000 before 1.0.1.104, R6120 before 1.0.0.76, R6220 before 1.1.0.110, R6230 before 1.1.0.110, R6260 before 1.1.0.78, R6850 before 1.1.0.78, R6350 before 1.1.0.78, R6330 before 1.1.0.78, R6800 before 1.2.0.76, R6900v2 before 1.2.0.76, R6700v2 before 1.2.0.76, R7000 before 1.0.11.116, R6900P before 1.3.3.140, R7000P before 1.3.3.140, R7200 before 1.2.0.76, R7350 before 1.2.0.76, R7400 before 1.2.0.76, R7450 before 1.2.0.76, AC2100 before 1.2.0.76, AC2400 before 1.2.0.76, AC2600 before 1.2.0.76, R7900 before 1.0.4.38, R7960P before 1.4.1.66, R8000 before 1.0.4.68, R7900P before 1.4.1.66, R8000P before 1.4.1.66, RAX15 before 1.0.2.82, RAX20 before 1.0.2.82, RAX200 before 1.0.3.106, RAX45 before 1.0.2.72, RAX50 before 1.0.2.72, RAX75 before 1.0.3.106, and RAX80 before 1.0.3.106. This affects EAX80 prior to 1.0.1.62, EX7000 prior to 1.0.1.104, R6120 prior to 1.0.0.76, R6220 prior to 1.1.0.110, R6230 prior to 1.1.0.110, R6260 prior to 1.1.0.78, R6850 prior to 1.1.0.78, R6350 prior to 1.1.0.78, R6330 prior to 1.1.0.78, R6800 prior to 1.2.0.76, R6900v2 prior to 1.2.0.76, R6700v2 prior to 1.2.0.76, R7000 prior to 1.0.11.116, R6900P prior to 1.3.3.140, R7000P prior to 1.3.3.140, R7200 prior to 1.2.0.76, R7350 prior to 1.2.0.76, R7400 prior to 1.2.0.76, R7450 prior to 1.2.0.76, AC2100 prior to 1.2.0.76, AC2400 prior to 1.2.0.76, AC2600 prior to 1.2.0.76, R7900 prior to 1.0.4.38, R7960P prior to 1.4.1.66, R8000 prior to 1.0.4.68, R7900P prior to 1.4.1.66, R8000P prior to 1.4.1.66, RAX15 prior to 1.0.2.82, RAX20 prior to 1.0.2.82, RAX200 prior to 1.0.3.106, RAX45 prior to 1.0.2.72, RAX50 prior to 1.0.2.72, RAX75 prior to 1.0.3.106, and RAX80 prior to 1.0.3.106

Trust: 1.71

sources: NVD: CVE-2021-45647 // JVNDB: JVNDB-2021-017539 // VULMON: CVE-2021-45647

AFFECTED PRODUCTS

vendor:	netgear	model:	rax45	scope:	lt	version:	1.0.2.72	Trust: 1.0
vendor:	netgear	model:	r7900	scope:	lt	version:	1.0.4.38	Trust: 1.0
vendor:	netgear	model:	ac2100	scope:	lt	version:	1.2.0.76	Trust: 1.0
vendor:	netgear	model:	rax75	scope:	lt	version:	1.0.3.106	Trust: 1.0
vendor:	netgear	model:	r7350	scope:	lt	version:	1.2.0.76	Trust: 1.0
vendor:	netgear	model:	r6350	scope:	lt	version:	1.1.0.78	Trust: 1.0
vendor:	netgear	model:	ac2400	scope:	lt	version:	1.2.0.76	Trust: 1.0
vendor:	netgear	model:	r8000	scope:	lt	version:	1.0.4.68	Trust: 1.0
vendor:	netgear	model:	rax20	scope:	lt	version:	1.0.2.82	Trust: 1.0
vendor:	netgear	model:	ac2600	scope:	lt	version:	1.2.0.76	Trust: 1.0
vendor:	netgear	model:	r7450	scope:	lt	version:	1.2.0.76	Trust: 1.0
vendor:	netgear	model:	r6900p	scope:	lt	version:	1.3.3.140	Trust: 1.0
vendor:	netgear	model:	r6700v2	scope:	lt	version:	1.2.0.76	Trust: 1.0
vendor:	netgear	model:	r6330	scope:	lt	version:	1.1.0.78	Trust: 1.0
vendor:	netgear	model:	r6800	scope:	lt	version:	1.2.0.76	Trust: 1.0
vendor:	netgear	model:	r7960p	scope:	lt	version:	1.4.1.66	Trust: 1.0
vendor:	netgear	model:	r7200	scope:	lt	version:	1.2.0.76	Trust: 1.0
vendor:	netgear	model:	r7000	scope:	lt	version:	1.0.11.116	Trust: 1.0
vendor:	netgear	model:	r6900v2	scope:	lt	version:	1.2.0.76	Trust: 1.0
vendor:	netgear	model:	r6120	scope:	lt	version:	1.0.0.76	Trust: 1.0
vendor:	netgear	model:	r8000p	scope:	lt	version:	1.4.1.66	Trust: 1.0
vendor:	netgear	model:	rax15	scope:	lt	version:	1.0.2.82	Trust: 1.0
vendor:	netgear	model:	r6230	scope:	lt	version:	1.1.0.110	Trust: 1.0
vendor:	netgear	model:	eax80	scope:	lt	version:	1.0.1.62	Trust: 1.0
vendor:	netgear	model:	r7400	scope:	lt	version:	1.2.0.76	Trust: 1.0
vendor:	netgear	model:	ex7000	scope:	lt	version:	1.0.1.104	Trust: 1.0
vendor:	netgear	model:	r7900p	scope:	lt	version:	1.4.1.66	Trust: 1.0
vendor:	netgear	model:	r6220	scope:	eq	version:	1.1.0.110	Trust: 1.0
vendor:	netgear	model:	r7000p	scope:	lt	version:	1.3.3.140	Trust: 1.0
vendor:	netgear	model:	rax50	scope:	lt	version:	1.0.2.72	Trust: 1.0
vendor:	netgear	model:	rax200	scope:	lt	version:	1.0.3.106	Trust: 1.0
vendor:	netgear	model:	r6850	scope:	lt	version:	1.1.0.78	Trust: 1.0
vendor:	netgear	model:	r6260	scope:	lt	version:	1.1.0.78	Trust: 1.0
vendor:	netgear	model:	rax80	scope:	lt	version:	1.0.3.106	Trust: 1.0
vendor:	ネットギア	model:	r6850	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	ex7000	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	r6120	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	r6350	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	r6260	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	r6220	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	eax80	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	r6330	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	r6800	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	r6230	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-017539 // NVD: CVE-2021-45647

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-45647
value:	HIGH
Trust: 1.0
cve@mitre.org:	CVE-2021-45647
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2021-45647
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202112-2441
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2021-45647
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8

nvd@nist.gov:	CVE-2021-45647
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
cve@mitre.org:	CVE-2021-45647
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2021-45647
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2021-017539 // CNNVD: CNNVD-202112-2441 // NVD: CVE-2021-45647 // NVD: CVE-2021-45647

PROBLEMTYPE DATA

problemtype:	CWE-200	Trust: 1.0
problemtype:	information leak (CWE-200) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-017539 // NVD: CVE-2021-45647

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202112-2441

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-202112-2441

PATCH

title:	Security Advisory for Sensitive Information Disclosure on Some Routers and Extenders, PSV-2020-0184	url:	https://kb.netgear.com/000064118/Security-Advisory-for-Sensitive-Information-Disclosure-on-Some-Routers-and-Extenders-PSV-2020-0184	Trust: 0.8
title:	Netgear NETGEAR Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=176203	Trust: 0.6

sources: JVNDB: JVNDB-2021-017539 // CNNVD: CNNVD-202112-2441

EXTERNAL IDS

db:	NVD	id:	CVE-2021-45647	Trust: 3.3
db:	JVNDB	id:	JVNDB-2021-017539	Trust: 0.8
db:	CNNVD	id:	CNNVD-202112-2441	Trust: 0.6
db:	VULMON	id:	CVE-2021-45647	Trust: 0.1

sources: VULMON: CVE-2021-45647 // JVNDB: JVNDB-2021-017539 // CNNVD: CNNVD-202112-2441 // NVD: CVE-2021-45647

REFERENCES

url:	https://kb.netgear.com/000064118/security-advisory-for-sensitive-information-disclosure-on-some-routers-and-extenders-psv-2020-0184	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2021-45647	Trust: 0.8
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULMON: CVE-2021-45647 // JVNDB: JVNDB-2021-017539 // CNNVD: CNNVD-202112-2441 // NVD: CVE-2021-45647

SOURCES

db:	VULMON	id:	CVE-2021-45647
db:	JVNDB	id:	JVNDB-2021-017539
db:	CNNVD	id:	CNNVD-202112-2441
db:	NVD	id:	CVE-2021-45647

LAST UPDATE DATE

2024-11-23T23:03:57.971000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2021-45647	date:	2021-12-27T00:00:00
db:	JVNDB	id:	JVNDB-2021-017539	date:	2023-01-25T01:50:00
db:	CNNVD	id:	CNNVD-202112-2441	date:	2022-01-11T00:00:00
db:	NVD	id:	CVE-2021-45647	date:	2024-11-21T06:32:46.533

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2021-45647	date:	2021-12-26T00:00:00
db:	JVNDB	id:	JVNDB-2021-017539	date:	2023-01-25T00:00:00
db:	CNNVD	id:	CNNVD-202112-2441	date:	2021-12-26T00:00:00
db:	NVD	id:	CVE-2021-45647	date:	2021-12-26T01:15:19.963