Details of VAR-202112-2311

ID

VAR-202112-2311

CVE

CVE-2021-45638

TITLE

plural NETGEAR Out-of-bounds write vulnerabilities in devices

Trust: 0.8

sources: JVNDB: JVNDB-2021-017543

DESCRIPTION

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects D6220 before 1.0.0.68, D6400 before 1.0.0.102, D7000v2 before 1.0.0.74, D8500 before 1.0.3.60, DC112A before 1.0.0.56, R6300v2 before 1.0.4.50, R6400 before 1.0.1.68, R7000 before 1.0.11.116, R7100LG before 1.0.0.70, RBS40V before 2.6.2.8, RBW30 before 2.6.2.2, RS400 before 1.5.1.80, R7000P before 1.3.2.132, and R6900P before 1.3.2.132. plural NETGEAR The device contains a vulnerability related to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This affects D6220 prior to 1.0.0.68, D6400 prior to 1.0.0.102, D7000v2 prior to 1.0.0.74, D8500 prior to 1.0.3.60, DC112A prior to 1.0.0.56, R6300v2 prior to 1.0.4.50, R6400 prior to 1.0.1.68, R7000 prior to 1.0.11.116, R7100LG prior to 1.0.0.70, RBS40V prior to 2.6.2.8, RBW30 prior to 2.6.2.2, RS400 prior to 1.5.1.80, R7000P prior to 1.3.2.132, and R6900P prior to 1.3.2.132

Trust: 1.71

sources: NVD: CVE-2021-45638 // JVNDB: JVNDB-2021-017543 // VULMON: CVE-2021-45638

AFFECTED PRODUCTS

vendor:	netgear	model:	rbs40v	scope:	lt	version:	2.6.2.8	Trust: 1.0
vendor:	netgear	model:	rbw30	scope:	lt	version:	2.6.2.2	Trust: 1.0
vendor:	netgear	model:	r7000p	scope:	lt	version:	1.3.2.132	Trust: 1.0
vendor:	netgear	model:	d6220	scope:	lt	version:	1.0.0.68	Trust: 1.0
vendor:	netgear	model:	d7000v2	scope:	lt	version:	1.0.0.74	Trust: 1.0
vendor:	netgear	model:	rs400	scope:	lt	version:	1.5.1.80	Trust: 1.0
vendor:	netgear	model:	r6900p	scope:	lt	version:	1.3.2.132	Trust: 1.0
vendor:	netgear	model:	r7100lg	scope:	lt	version:	1.0.0.70	Trust: 1.0
vendor:	netgear	model:	dc112a	scope:	lt	version:	1.0.0.56	Trust: 1.0
vendor:	netgear	model:	d8500	scope:	lt	version:	1.0.3.60	Trust: 1.0
vendor:	netgear	model:	r6300v2	scope:	lt	version:	1.0.4.50	Trust: 1.0
vendor:	netgear	model:	d6400	scope:	lt	version:	1.0.0.102	Trust: 1.0
vendor:	netgear	model:	r6400	scope:	lt	version:	1.0.1.68	Trust: 1.0
vendor:	netgear	model:	r7000	scope:	lt	version:	1.0.11.116	Trust: 1.0
vendor:	ネットギア	model:	r7100lg	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	d6220	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	d8500	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	r7000	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	r6300v2	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	r6400	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	d7000v2	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	r7000p	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	d6400	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	dc112a	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-017543 // NVD: CVE-2021-45638

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-45638
value:	CRITICAL
Trust: 1.0
cve@mitre.org:	CVE-2021-45638
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2021-45638
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-202112-2434
value:	CRITICAL
Trust: 0.6

nvd@nist.gov:	CVE-2021-45638
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8

nvd@nist.gov:	CVE-2021-45638
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
cve@mitre.org:	CVE-2021-45638
baseSeverity:	CRITICAL
baseScore:	9.6
vectorString:	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	6.0
version:	3.1
Trust: 1.0
NVD:	CVE-2021-45638
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2021-017543 // CNNVD: CNNVD-202112-2434 // NVD: CVE-2021-45638 // NVD: CVE-2021-45638

PROBLEMTYPE DATA

problemtype:	CWE-787	Trust: 1.0
problemtype:	Out-of-bounds writing (CWE-787) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-017543 // NVD: CVE-2021-45638

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202112-2434

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202112-2434

PATCH

title:	Security Advisory for Pre-Authentication Stack Overflow on Some Routers, PSV-2020-0464	url:	https://kb.netgear.com/000064496/Security-Advisory-for-Pre-Authentication-Stack-Overflow-on-Some-Routers-PSV-2020-0464	Trust: 0.8
title:	Netgear NETGEAR Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=176672	Trust: 0.6

sources: JVNDB: JVNDB-2021-017543 // CNNVD: CNNVD-202112-2434

EXTERNAL IDS

db:	NVD	id:	CVE-2021-45638	Trust: 3.3
db:	JVNDB	id:	JVNDB-2021-017543	Trust: 0.8
db:	CNNVD	id:	CNNVD-202112-2434	Trust: 0.6
db:	VULMON	id:	CVE-2021-45638	Trust: 0.1

sources: VULMON: CVE-2021-45638 // JVNDB: JVNDB-2021-017543 // CNNVD: CNNVD-202112-2434 // NVD: CVE-2021-45638

REFERENCES

url:	https://kb.netgear.com/000064496/security-advisory-for-pre-authentication-stack-overflow-on-some-routers-psv-2020-0464	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2021-45638	Trust: 1.4
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULMON: CVE-2021-45638 // JVNDB: JVNDB-2021-017543 // CNNVD: CNNVD-202112-2434 // NVD: CVE-2021-45638

SOURCES

db:	VULMON	id:	CVE-2021-45638
db:	JVNDB	id:	JVNDB-2021-017543
db:	CNNVD	id:	CNNVD-202112-2434
db:	NVD	id:	CVE-2021-45638

LAST UPDATE DATE

2024-11-23T22:32:58.505000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2021-45638	date:	2021-12-27T00:00:00
db:	JVNDB	id:	JVNDB-2021-017543	date:	2023-01-25T02:01:00
db:	CNNVD	id:	CNNVD-202112-2434	date:	2022-01-11T00:00:00
db:	NVD	id:	CVE-2021-45638	date:	2024-11-21T06:32:44.717

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2021-45638	date:	2021-12-26T00:00:00
db:	JVNDB	id:	JVNDB-2021-017543	date:	2023-01-25T00:00:00
db:	CNNVD	id:	CNNVD-202112-2434	date:	2021-12-26T00:00:00
db:	NVD	id:	CVE-2021-45638	date:	2021-12-26T01:15:19.550