Details of VAR-202112-2307

ID

VAR-202112-2307

CVE

CVE-2021-45642

TITLE

plural NETGEAR Vulnerabilities in devices

Trust: 0.8

sources: JVNDB: JVNDB-2021-017512

DESCRIPTION

Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D7800 before 1.0.1.64, EX6250 before 1.0.0.134, EX7700 before 1.0.0.222, LBR20 before 2.6.3.50, RBS50Y before 2.7.3.22, R8900 before 1.0.5.26, R9000 before 1.0.5.26, XR450 before 2.3.2.66, XR500 before 2.3.2.66, XR700 before 1.0.1.36, EX7320 before 1.0.0.134, RAX120 before 1.2.2.24, EX7300v2 before 1.0.0.134, RAX120v2 before 1.2.2.24, EX6410 before 1.0.0.134, RBR10 before 2.7.3.22, RBR20 before 2.7.3.22, RBR40 before 2.7.3.22, RBR50 before 2.7.3.22, EX6420 before 1.0.0.134, RBS10 before 2.7.3.22, RBS20 before 2.7.3.22, RBS40 before 2.7.3.22, RBS50 before 2.7.3.22, EX6400v2 before 1.0.0.134, RBK12 before 2.7.3.22, RBK20 before 2.7.3.22, RBK40 before 2.7.3.22, and RBK50 before 2.7.3.22. plural NETGEAR There is an unspecified vulnerability in the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This affects D7800 prior to 1.0.1.64, EX6250 prior to 1.0.0.134, EX7700 prior to 1.0.0.222, LBR20 prior to 2.6.3.50, RBS50Y prior to 2.7.3.22, R8900 prior to 1.0.5.26, R9000 prior to 1.0.5.26, XR450 prior to 2.3.2.66, XR500 prior to 2.3.2.66, XR700 prior to 1.0.1.36, EX7320 prior to 1.0.0.134, RAX120 prior to 1.2.2.24, EX7300v2 prior to 1.0.0.134, RAX120v2 prior to 1.2.2.24, EX6410 prior to 1.0.0.134, RBR10 prior to 2.7.3.22, RBR20 prior to 2.7.3.22, RBR40 prior to 2.7.3.22, RBR50 prior to 2.7.3.22, EX6420 prior to 1.0.0.134, RBS10 prior to 2.7.3.22, RBS20 prior to 2.7.3.22, RBS40 prior to 2.7.3.22, RBS50 prior to 2.7.3.22, EX6400v2 prior to 1.0.0.134, RBK12 prior to 2.7.3.22, RBK20 prior to 2.7.3.22, RBK40 prior to 2.7.3.22, and RBK50 prior to 2.7.3.22

Trust: 1.71

sources: NVD: CVE-2021-45642 // JVNDB: JVNDB-2021-017512 // VULMON: CVE-2021-45642

AFFECTED PRODUCTS

vendor:	netgear	model:	rax120	scope:	lt	version:	1.2.2.24	Trust: 1.0
vendor:	netgear	model:	r9000	scope:	lt	version:	1.0.5.26	Trust: 1.0
vendor:	netgear	model:	rbr10	scope:	lt	version:	2.7.3.22	Trust: 1.0
vendor:	netgear	model:	rbk12	scope:	lt	version:	2.7.3.22	Trust: 1.0
vendor:	netgear	model:	rbr20	scope:	lt	version:	2.7.3.22	Trust: 1.0
vendor:	netgear	model:	xr450	scope:	lt	version:	2.3.2.66	Trust: 1.0
vendor:	netgear	model:	ex6420	scope:	lt	version:	1.0.0.134	Trust: 1.0
vendor:	netgear	model:	ex7320	scope:	lt	version:	1.0.0.134	Trust: 1.0
vendor:	netgear	model:	lbr20	scope:	lt	version:	2.6.3.50	Trust: 1.0
vendor:	netgear	model:	xr700	scope:	lt	version:	1.0.1.36	Trust: 1.0
vendor:	netgear	model:	rbr50	scope:	lt	version:	2.7.3.22	Trust: 1.0
vendor:	netgear	model:	ex7700	scope:	lt	version:	1.0.0.222	Trust: 1.0
vendor:	netgear	model:	rbs50y	scope:	lt	version:	2.7.3.22	Trust: 1.0
vendor:	netgear	model:	rbr40	scope:	lt	version:	2.7.3.22	Trust: 1.0
vendor:	netgear	model:	rbk20	scope:	lt	version:	2.7.3.22	Trust: 1.0
vendor:	netgear	model:	rbs20	scope:	lt	version:	2.7.3.22	Trust: 1.0
vendor:	netgear	model:	ex6250	scope:	lt	version:	1.0.0.134	Trust: 1.0
vendor:	netgear	model:	rbk40	scope:	lt	version:	2.7.3.22	Trust: 1.0
vendor:	netgear	model:	rbs50	scope:	lt	version:	2.7.3.22	Trust: 1.0
vendor:	netgear	model:	rbk50	scope:	lt	version:	2.7.3.22	Trust: 1.0
vendor:	netgear	model:	rax120v2	scope:	lt	version:	1.2.2.24	Trust: 1.0
vendor:	netgear	model:	rbs10	scope:	lt	version:	2.7.3.22	Trust: 1.0
vendor:	netgear	model:	xr500	scope:	lt	version:	2.3.2.66	Trust: 1.0
vendor:	netgear	model:	ex6410	scope:	lt	version:	1.0.0.134	Trust: 1.0
vendor:	netgear	model:	ex7300v2	scope:	lt	version:	1.0.0.134	Trust: 1.0
vendor:	netgear	model:	d7800	scope:	lt	version:	1.0.1.64	Trust: 1.0
vendor:	netgear	model:	r8900	scope:	lt	version:	1.0.5.26	Trust: 1.0
vendor:	netgear	model:	ex6400v2	scope:	lt	version:	1.0.0.134	Trust: 1.0
vendor:	netgear	model:	rbs40	scope:	lt	version:	2.7.3.22	Trust: 1.0
vendor:	ネットギア	model:	r8900	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	rbs50	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	rbs10	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	d7800	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	lbr20	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	rbs40	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	rbs20	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	rbs50y	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	ex6250	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	ex7700	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-017512 // NVD: CVE-2021-45642

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-45642
value:	HIGH
Trust: 1.0
cve@mitre.org:	CVE-2021-45642
value:	HIGH
Trust: 1.0
NVD:	CVE-2021-45642
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202112-2443
value:	HIGH
Trust: 0.6
VULMON:	CVE-2021-45642
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2021-45642
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9

nvd@nist.gov:	CVE-2021-45642
baseSeverity:	HIGH
baseScore:	7.2
vectorString:	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.2
impactScore:	5.9
version:	3.1
Trust: 1.0
cve@mitre.org:	CVE-2021-45642
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:L/I:H/A:L
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	HIGH
availabilityImpact:	LOW
exploitabilityScore:	1.7
impactScore:	5.3
version:	3.1
Trust: 1.0
NVD:	CVE-2021-45642
baseSeverity:	HIGH
baseScore:	7.2
vectorString:	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULMON: CVE-2021-45642 // JVNDB: JVNDB-2021-017512 // CNNVD: CNNVD-202112-2443 // NVD: CVE-2021-45642 // NVD: CVE-2021-45642

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	Lack of information (CWE-noinfo) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-017512 // NVD: CVE-2021-45642

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202112-2443

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202112-2443

PATCH

title:	Security Advisory for Security Misconfiguration on Some Routers, Extenders, and WiFi Systems, PSV-2020-0427	url:	https://kb.netgear.com/000064491/Security-Advisory-for-Security-Misconfiguration-on-Some-Routers-Extenders-and-WiFi-Systems-PSV-2020-0427	Trust: 0.8
title:	Netgear NETGEAR Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=176679	Trust: 0.6

sources: JVNDB: JVNDB-2021-017512 // CNNVD: CNNVD-202112-2443

EXTERNAL IDS

db:	NVD	id:	CVE-2021-45642	Trust: 3.3
db:	JVNDB	id:	JVNDB-2021-017512	Trust: 0.8
db:	CNNVD	id:	CNNVD-202112-2443	Trust: 0.6
db:	VULMON	id:	CVE-2021-45642	Trust: 0.1

sources: VULMON: CVE-2021-45642 // JVNDB: JVNDB-2021-017512 // CNNVD: CNNVD-202112-2443 // NVD: CVE-2021-45642

REFERENCES

url:	https://kb.netgear.com/000064491/security-advisory-for-security-misconfiguration-on-some-routers-extenders-and-wifi-systems-psv-2020-0427	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2021-45642	Trust: 1.4
url:	https://cwe.mitre.org/data/definitions/.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULMON: CVE-2021-45642 // JVNDB: JVNDB-2021-017512 // CNNVD: CNNVD-202112-2443 // NVD: CVE-2021-45642

SOURCES

db:	VULMON	id:	CVE-2021-45642
db:	JVNDB	id:	JVNDB-2021-017512
db:	CNNVD	id:	CNNVD-202112-2443
db:	NVD	id:	CVE-2021-45642

LAST UPDATE DATE

2024-11-23T22:57:50.369000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2021-45642	date:	2022-01-12T00:00:00
db:	JVNDB	id:	JVNDB-2021-017512	date:	2023-01-24T05:15:00
db:	CNNVD	id:	CNNVD-202112-2443	date:	2022-01-13T00:00:00
db:	NVD	id:	CVE-2021-45642	date:	2024-11-21T06:32:45.523

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2021-45642	date:	2021-12-26T00:00:00
db:	JVNDB	id:	JVNDB-2021-017512	date:	2023-01-24T00:00:00
db:	CNNVD	id:	CNNVD-202112-2443	date:	2021-12-26T00:00:00
db:	NVD	id:	CVE-2021-45642	date:	2021-12-26T01:15:19.737