Details of VAR-202203-0651

ID

VAR-202203-0651

CVE

CVE-2021-44261

TITLE

Vulnerability related to lack of authentication for important functions in multiple NETGEAR products

Trust: 0.8

sources: JVNDB: JVNDB-2021-018883

DESCRIPTION

A vulnerability is in the 'BRS_top.html' page of the Netgear W104, version WAC104-V1.0.4.13, which can allow a remote attacker to access this page without any authentication. When processed, it exposes firmware version information for the device. WAC104 firmware, R7450 firmware, R6900 Multiple NETGEAR products, such as firmware, have vulnerabilities related to lack of authentication for important functions.Information may be obtained. Netgear W104 is a wireless access point from Netgear Corporation of the United States. The vulnerability stems from the lack of protection and permission restrictions for sensitive information on the BRS_top.html page

Trust: 2.16

sources: NVD: CVE-2021-44261 // JVNDB: JVNDB-2021-018883 // CNVD: CNVD-2022-22305

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2022-22305

AFFECTED PRODUCTS

vendor:	netgear	model:	r7800	scope:	eq	version:	*	Trust: 1.0
vendor:	netgear	model:	r6900	scope:	eq	version:	*	Trust: 1.0
vendor:	netgear	model:	wac104	scope:	lte	version:	1.0.4.13	Trust: 1.0
vendor:	netgear	model:	r6220	scope:	lte	version:	1.1.0.34_1.0.1	Trust: 1.0
vendor:	netgear	model:	r7450	scope:	eq	version:	*	Trust: 1.0
vendor:	ネットギア	model:	wac104	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	r6220	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	r6900	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	r7450	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	r7800	scope:	-	version:	-	Trust: 0.8
vendor:	netgear	model:	wac104	scope:	lte	version:	<=1.0.4.13	Trust: 0.6

sources: CNVD: CNVD-2022-22305 // JVNDB: JVNDB-2021-018883 // NVD: CVE-2021-44261

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-44261
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2021-44261
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2022-22305
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202203-1574
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2021-44261
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2022-22305
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2021-44261
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.1
Trust: 1.0
NVD:	CVE-2021-44261
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2022-22305 // JVNDB: JVNDB-2021-018883 // CNNVD: CNNVD-202203-1574 // NVD: CVE-2021-44261

PROBLEMTYPE DATA

problemtype:	CWE-306	Trust: 1.0
problemtype:	Lack of authentication for critical features (CWE-306) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-018883 // NVD: CVE-2021-44261

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202203-1574

TYPE

access control error

Trust: 0.6

sources: CNNVD: CNNVD-202203-1574

EXTERNAL IDS

db:	NVD	id:	CVE-2021-44261	Trust: 3.8
db:	JVNDB	id:	JVNDB-2021-018883	Trust: 0.8
db:	CNVD	id:	CNVD-2022-22305	Trust: 0.6
db:	CNNVD	id:	CNNVD-202203-1574	Trust: 0.6

sources: CNVD: CNVD-2022-22305 // JVNDB: JVNDB-2021-018883 // CNNVD: CNNVD-202203-1574 // NVD: CVE-2021-44261

REFERENCES

url:	https://github.com/zer0yu/cve_request/blob/master/netgear/netgear_w104_unauthorized_access_vulnerability_first.md	Trust: 2.4
url:	https://www.netgear.com/about/security/	Trust: 2.4
url:	https://nvd.nist.gov/vuln/detail/cve-2021-44261	Trust: 1.4
url:	https://cxsecurity.com/cveshow/cve-2021-44261/	Trust: 0.6

sources: CNVD: CNVD-2022-22305 // JVNDB: JVNDB-2021-018883 // CNNVD: CNNVD-202203-1574 // NVD: CVE-2021-44261

SOURCES

db:	CNVD	id:	CNVD-2022-22305
db:	JVNDB	id:	JVNDB-2021-018883
db:	CNNVD	id:	CNNVD-202203-1574
db:	NVD	id:	CVE-2021-44261

LAST UPDATE DATE

2024-11-23T22:24:57.780000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2022-22305	date:	2022-03-24T00:00:00
db:	JVNDB	id:	JVNDB-2021-018883	date:	2023-07-10T08:22:00
db:	CNNVD	id:	CNNVD-202203-1574	date:	2022-03-24T00:00:00
db:	NVD	id:	CVE-2021-44261	date:	2024-11-21T06:30:40.947

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2022-22305	date:	2022-03-24T00:00:00
db:	JVNDB	id:	JVNDB-2021-018883	date:	2023-07-10T00:00:00
db:	CNNVD	id:	CNNVD-202203-1574	date:	2022-03-17T00:00:00
db:	NVD	id:	CVE-2021-44261	date:	2022-03-17T13:15:07.550