Details of VAR-202112-2419

ID

VAR-202112-2419

CVE

CVE-2021-45529

TITLE

plural NETGEAR Classic buffer overflow vulnerability in device

Trust: 0.8

sources: JVNDB: JVNDB-2021-017196

DESCRIPTION

Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. This affects CBR40 before 2.3.5.12, D7000v2 before 1.0.0.66, D8500 before 1.0.3.58, R6400 before 1.0.1.70, R7000 before 1.0.11.126, R6900P before 1.3.2.124, R7000P before 1.3.2.124, R7900 before 1.0.4.30, R8000 before 1.0.4.52, and WNR3500Lv2 before 1.2.0.62. plural NETGEAR A classic buffer overflow vulnerability exists on the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This affects CBR40 prior to 2.3.5.12, D7000v2 prior to 1.0.0.66, D8500 prior to 1.0.3.58, R6400 prior to 1.0.1.70, R7000 prior to 1.0.11.126, R6900P prior to 1.3.2.124, R7000P prior to 1.3.2.124, R7900 prior to 1.0.4.30, R8000 prior to 1.0.4.52, and WNR3500Lv2 prior to 1.2.0.62

Trust: 1.71

sources: NVD: CVE-2021-45529 // JVNDB: JVNDB-2021-017196 // VULMON: CVE-2021-45529

AFFECTED PRODUCTS

vendor:	netgear	model:	r6900p	scope:	lt	version:	1.3.2.124	Trust: 1.0
vendor:	netgear	model:	r8000	scope:	lt	version:	1.0.4.52	Trust: 1.0
vendor:	netgear	model:	r6400	scope:	lt	version:	1.0.1.70	Trust: 1.0
vendor:	netgear	model:	wnr3500lv2	scope:	lt	version:	1.2.0.62	Trust: 1.0
vendor:	netgear	model:	r7000	scope:	lt	version:	1.0.11.126	Trust: 1.0
vendor:	netgear	model:	r7900	scope:	lt	version:	1.0.4.30	Trust: 1.0
vendor:	netgear	model:	cbr40	scope:	lt	version:	2.3.5.12	Trust: 1.0
vendor:	netgear	model:	d8500	scope:	lt	version:	1.0.3.58	Trust: 1.0
vendor:	netgear	model:	r7000p	scope:	lt	version:	1.3.2.124	Trust: 1.0
vendor:	netgear	model:	d7000v2	scope:	lt	version:	1.0.0.66	Trust: 1.0
vendor:	ネットギア	model:	cbr40	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	d7000v2	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	r7000p	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	r7900p	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	d8500	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	wnr3500lv2	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	r8000	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	r7000	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	r6900p	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	r6400	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-017196 // NVD: CVE-2021-45529

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-45529
value:	HIGH
Trust: 1.0
cve@mitre.org:	CVE-2021-45529
value:	HIGH
Trust: 1.0
NVD:	CVE-2021-45529
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202112-2344
value:	HIGH
Trust: 0.6
VULMON:	CVE-2021-45529
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-45529
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9

nvd@nist.gov:	CVE-2021-45529
baseSeverity:	HIGH
baseScore:	7.2
vectorString:	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.2
impactScore:	5.9
version:	3.1
Trust: 1.0
cve@mitre.org:	CVE-2021-45529
baseSeverity:	HIGH
baseScore:	7.3
vectorString:	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	HIGH
exploitabilityScore:	1.5
impactScore:	5.3
version:	3.1
Trust: 1.0
NVD:	CVE-2021-45529
baseSeverity:	HIGH
baseScore:	7.2
vectorString:	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULMON: CVE-2021-45529 // JVNDB: JVNDB-2021-017196 // CNNVD: CNNVD-202112-2344 // NVD: CVE-2021-45529 // NVD: CVE-2021-45529

PROBLEMTYPE DATA

problemtype:	CWE-120	Trust: 1.0
problemtype:	Classic buffer overflow (CWE-120) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-017196 // NVD: CVE-2021-45529

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202112-2344

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202112-2344

PATCH

title:	Security Advisory for Post-Authentication Buffer Overflow on Some Routers, PSV-2019-0077	url:	https://kb.netgear.com/000064058/Security-Advisory-for-Post-Authentication-Buffer-Overflow-on-Some-Routers-PSV-2019-0077	Trust: 0.8
title:	NETGEAR Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=177100	Trust: 0.6

sources: JVNDB: JVNDB-2021-017196 // CNNVD: CNNVD-202112-2344

EXTERNAL IDS

db:	NVD	id:	CVE-2021-45529	Trust: 3.3
db:	JVNDB	id:	JVNDB-2021-017196	Trust: 0.8
db:	CNNVD	id:	CNNVD-202112-2344	Trust: 0.6
db:	VULMON	id:	CVE-2021-45529	Trust: 0.1

sources: VULMON: CVE-2021-45529 // JVNDB: JVNDB-2021-017196 // CNNVD: CNNVD-202112-2344 // NVD: CVE-2021-45529

REFERENCES

url:	https://kb.netgear.com/000064058/security-advisory-for-post-authentication-buffer-overflow-on-some-routers-psv-2019-0077	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2021-45529	Trust: 1.4
url:	https://cwe.mitre.org/data/definitions/120.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULMON: CVE-2021-45529 // JVNDB: JVNDB-2021-017196 // CNNVD: CNNVD-202112-2344 // NVD: CVE-2021-45529

SOURCES

db:	VULMON	id:	CVE-2021-45529
db:	JVNDB	id:	JVNDB-2021-017196
db:	CNNVD	id:	CNNVD-202112-2344
db:	NVD	id:	CVE-2021-45529

LAST UPDATE DATE

2024-11-23T22:15:58.570000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2021-45529	date:	2022-01-06T00:00:00
db:	JVNDB	id:	JVNDB-2021-017196	date:	2023-01-06T09:00:00
db:	CNNVD	id:	CNNVD-202112-2344	date:	2022-01-10T00:00:00
db:	NVD	id:	CVE-2021-45529	date:	2024-11-21T06:32:25.980

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2021-45529	date:	2021-12-26T00:00:00
db:	JVNDB	id:	JVNDB-2021-017196	date:	2023-01-06T00:00:00
db:	CNNVD	id:	CNNVD-202112-2344	date:	2021-12-26T00:00:00
db:	NVD	id:	CVE-2021-45529	date:	2021-12-26T01:15:14.303