Details of VAR-202112-2312

ID

VAR-202112-2312

CVE

CVE-2021-45637

TITLE

plural NETGEAR Out-of-bounds write vulnerabilities in devices

Trust: 0.8

sources: JVNDB: JVNDB-2021-017542

DESCRIPTION

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects R6260 before 1.1.0.76, R6800 before 1.2.0.62, R6700v2 before 1.2.0.62, R6900v2 before 1.2.0.62, R7450 before 1.2.0.62, AC2100 before 1.2.0.62, AC2400 before 1.2.0.62, and AC2600 before 1.2.0.62. plural NETGEAR The device contains a vulnerability related to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This affects R6260 prior to 1.1.0.76, R6800 prior to 1.2.0.62, R6700v2 prior to 1.2.0.62, R6900v2 prior to 1.2.0.62, R7450 prior to 1.2.0.62, AC2100 prior to 1.2.0.62, AC2400 prior to 1.2.0.62, and AC2600 prior to 1.2.0.62

Trust: 1.71

sources: NVD: CVE-2021-45637 // JVNDB: JVNDB-2021-017542 // VULMON: CVE-2021-45637

AFFECTED PRODUCTS

vendor:	netgear	model:	r6800	scope:	lt	version:	1.2.0.62	Trust: 1.0
vendor:	netgear	model:	r6260	scope:	lt	version:	1.1.0.76	Trust: 1.0
vendor:	netgear	model:	ac2600	scope:	lt	version:	1.2.0.62	Trust: 1.0
vendor:	netgear	model:	ac2100	scope:	lt	version:	1.2.0.62	Trust: 1.0
vendor:	netgear	model:	r6700v2	scope:	lt	version:	1.2.0.62	Trust: 1.0
vendor:	netgear	model:	r6900v2	scope:	lt	version:	1.2.0.62	Trust: 1.0
vendor:	netgear	model:	r7450	scope:	lt	version:	1.2.0.62	Trust: 1.0
vendor:	netgear	model:	ac2400	scope:	lt	version:	1.2.0.62	Trust: 1.0
vendor:	ネットギア	model:	ac2100	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	r6900v2	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	r6260	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	r6800	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	r6700v2	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	ac2400	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	ac2600	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	r7450	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-017542 // NVD: CVE-2021-45637

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-45637
value:	CRITICAL
Trust: 1.0
cve@mitre.org:	CVE-2021-45637
value:	HIGH
Trust: 1.0
NVD:	CVE-2021-45637
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-202112-2432
value:	CRITICAL
Trust: 0.6
VULMON:	CVE-2021-45637
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2021-45637
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9

nvd@nist.gov:	CVE-2021-45637
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
cve@mitre.org:	CVE-2021-45637
baseSeverity:	HIGH
baseScore:	8.3
vectorString:	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	LOW
exploitabilityScore:	2.8
impactScore:	5.5
version:	3.1
Trust: 1.0
NVD:	CVE-2021-45637
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULMON: CVE-2021-45637 // JVNDB: JVNDB-2021-017542 // CNNVD: CNNVD-202112-2432 // NVD: CVE-2021-45637 // NVD: CVE-2021-45637

PROBLEMTYPE DATA

problemtype:	CWE-787	Trust: 1.0
problemtype:	Out-of-bounds writing (CWE-787) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-017542 // NVD: CVE-2021-45637

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202112-2432

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202112-2432

PATCH

title:	Security Advisory for Pre-Authentication Stack Overflow on Some Routers, PSV-2019-0081	url:	https://kb.netgear.com/000064059/Security-Advisory-for-Pre-Authentication-Stack-Overflow-on-Some-Routers-PSV-2019-0081	Trust: 0.8
title:	Netgear NETGEAR Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=176670	Trust: 0.6

sources: JVNDB: JVNDB-2021-017542 // CNNVD: CNNVD-202112-2432

EXTERNAL IDS

db:	NVD	id:	CVE-2021-45637	Trust: 3.3
db:	JVNDB	id:	JVNDB-2021-017542	Trust: 0.8
db:	CNNVD	id:	CNNVD-202112-2432	Trust: 0.6
db:	VULMON	id:	CVE-2021-45637	Trust: 0.1

sources: VULMON: CVE-2021-45637 // JVNDB: JVNDB-2021-017542 // CNNVD: CNNVD-202112-2432 // NVD: CVE-2021-45637

REFERENCES

url:	https://kb.netgear.com/000064059/security-advisory-for-pre-authentication-stack-overflow-on-some-routers-psv-2019-0081	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2021-45637	Trust: 1.4
url:	https://cwe.mitre.org/data/definitions/787.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULMON: CVE-2021-45637 // JVNDB: JVNDB-2021-017542 // CNNVD: CNNVD-202112-2432 // NVD: CVE-2021-45637

SOURCES

db:	VULMON	id:	CVE-2021-45637
db:	JVNDB	id:	JVNDB-2021-017542
db:	CNNVD	id:	CNNVD-202112-2432
db:	NVD	id:	CVE-2021-45637

LAST UPDATE DATE

2024-11-23T22:10:56.829000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2021-45637	date:	2022-01-07T00:00:00
db:	JVNDB	id:	JVNDB-2021-017542	date:	2023-01-25T02:01:00
db:	CNNVD	id:	CNNVD-202112-2432	date:	2022-01-10T00:00:00
db:	NVD	id:	CVE-2021-45637	date:	2024-11-21T06:32:44.553

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2021-45637	date:	2021-12-26T00:00:00
db:	JVNDB	id:	JVNDB-2021-017542	date:	2023-01-25T00:00:00
db:	CNNVD	id:	CNNVD-202112-2432	date:	2021-12-26T00:00:00
db:	NVD	id:	CVE-2021-45637	date:	2021-12-26T01:15:19.507