Sign-up

ID

VAR-202112-2344


CVE

CVE-2021-45605


TITLE

plural  NETGEAR  Out-of-bounds write vulnerabilities in devices

Trust: 0.8

sources: JVNDB: JVNDB-2021-017086

DESCRIPTION

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects R6400 before 1.0.1.68, R7000 before 1.0.11.116, R6900P before 1.3.3.140, R7000P before 1.3.3.140, R7900 before 1.0.4.38, RAX75 before 1.0.3.102, RAX80 before 1.0.3.102, and XR300 before 1.0.3.50. plural NETGEAR The device contains a vulnerability related to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This affects R6400 prior to 1.0.1.68, R7000 prior to 1.0.11.116, R6900P prior to 1.3.3.140, R7000P prior to 1.3.3.140, R7900 prior to 1.0.4.38, RAX75 prior to 1.0.3.102, RAX80 prior to 1.0.3.102, and XR300 prior to 1.0.3.50

Trust: 1.71

sources: NVD: CVE-2021-45605 // JVNDB: JVNDB-2021-017086 // VULMON: CVE-2021-45605

AFFECTED PRODUCTS

vendor:netgearmodel:r7000scope:ltversion:1.0.11.116

Trust: 1.0

vendor:netgearmodel:rax75scope:ltversion:1.0.3.102

Trust: 1.0

vendor:netgearmodel:xr300scope:ltversion:1.0.3.50

Trust: 1.0

vendor:netgearmodel:r6900pscope:ltversion:1.3.3.140

Trust: 1.0

vendor:netgearmodel:r7900scope:ltversion:1.0.4.38

Trust: 1.0

vendor:netgearmodel:rax80scope:ltversion:1.0.3.102

Trust: 1.0

vendor:netgearmodel:r6400scope:ltversion:1.0.1.68

Trust: 1.0

vendor:netgearmodel:r7000pscope:ltversion:1.3.3.140

Trust: 1.0

vendor:ネットギアmodel:r6400scope: - version: -

Trust: 0.8

vendor:ネットギアmodel:rax75scope: - version: -

Trust: 0.8

vendor:ネットギアmodel:rax80scope: - version: -

Trust: 0.8

vendor:ネットギアmodel:r7000pscope: - version: -

Trust: 0.8

vendor:ネットギアmodel:r7900scope: - version: -

Trust: 0.8

vendor:ネットギアmodel:r7000scope: - version: -

Trust: 0.8

vendor:ネットギアmodel:r6900pscope: - version: -

Trust: 0.8

vendor:ネットギアmodel:xr300scope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-017086 // NVD: CVE-2021-45605

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-45605
value: HIGH

Trust: 1.0

cve@mitre.org: CVE-2021-45605
value: MEDIUM

Trust: 1.0

NVD: CVE-2021-45605
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202112-2404
value: HIGH

Trust: 0.6

VULMON: CVE-2021-45605
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-45605
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

nvd@nist.gov: CVE-2021-45605
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

cve@mitre.org: CVE-2021-45605
baseSeverity: MEDIUM
baseScore: 6.0
vectorString: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 1.5
impactScore: 4.0
version: 3.1

Trust: 1.0

NVD: CVE-2021-45605
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULMON: CVE-2021-45605 // JVNDB: JVNDB-2021-017086 // CNNVD: CNNVD-202112-2404 // NVD: CVE-2021-45605 // NVD: CVE-2021-45605

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.0

problemtype:Out-of-bounds writing (CWE-787) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2021-017086 // NVD: CVE-2021-45605

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202112-2404

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202112-2404

PATCH

title:Security Advisory for Post-Authentication Stack Overflow on Some Routers, PSV-2019-0214url:https://kb.netgear.com/000064072/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-PSV-2019-0214

Trust: 0.8

title:Netgear NETGEAR Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=177125

Trust: 0.6

sources: JVNDB: JVNDB-2021-017086 // CNNVD: CNNVD-202112-2404

EXTERNAL IDS

db:NVDid:CVE-2021-45605

Trust: 3.3

db:JVNDBid:JVNDB-2021-017086

Trust: 0.8

db:CNNVDid:CNNVD-202112-2404

Trust: 0.6

db:VULMONid:CVE-2021-45605

Trust: 0.1

sources: VULMON: CVE-2021-45605 // JVNDB: JVNDB-2021-017086 // CNNVD: CNNVD-202112-2404 // NVD: CVE-2021-45605

REFERENCES

url:https://kb.netgear.com/000064072/security-advisory-for-post-authentication-stack-overflow-on-some-routers-psv-2019-0214

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2021-45605

Trust: 1.4

url:https://cwe.mitre.org/data/definitions/787.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULMON: CVE-2021-45605 // JVNDB: JVNDB-2021-017086 // CNNVD: CNNVD-202112-2404 // NVD: CVE-2021-45605

SOURCES

db:VULMONid:CVE-2021-45605
db:JVNDBid:JVNDB-2021-017086
db:CNNVDid:CNNVD-202112-2404
db:NVDid:CVE-2021-45605

LAST UPDATE DATE

2024-11-23T23:03:57.922000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2021-45605date:2022-01-05T00:00:00
db:JVNDBid:JVNDB-2021-017086date:2023-01-04T01:52:00
db:CNNVDid:CNNVD-202112-2404date:2022-01-10T00:00:00
db:NVDid:CVE-2021-45605date:2024-11-21T06:32:38.927

SOURCES RELEASE DATE

db:VULMONid:CVE-2021-45605date:2021-12-26T00:00:00
db:JVNDBid:JVNDB-2021-017086date:2023-01-04T00:00:00
db:CNNVDid:CNNVD-202112-2404date:2021-12-26T00:00:00
db:NVDid:CVE-2021-45605date:2021-12-26T01:15:17.947