CVE-2021-45603
Severity Score
5.5
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Certain NETGEAR devices are affected by disclosure of sensitive information. A UPnP request reveals a device's serial number, which can be used for a password reset. This affects D7800 before 1.0.1.66, EX2700 before 1.0.1.68, WN3000RPv2 before 1.0.0.90, WN3000RPv3 before 1.0.2.100, LBR1020 before 2.6.5.20, LBR20 before 2.6.5.32, R6700AX before 1.0.10.110, R7800 before 1.0.2.86, R8900 before 1.0.5.38, R9000 before 1.0.5.38, RAX10 before 1.0.10.110, RAX120v1 before 1.2.3.28, RAX120v2 before 1.2.3.28, RAX70 before 1.0.10.110, RAX78 before 1.0.10.110, XR450 before 2.3.2.130, XR500 before 2.3.2.130, and XR700 before 1.0.1.46.
Determinados dispositivos NETGEAR están afectados por una divulgación de información confidencial. Una petición UPnP revela el número de serie de un dispositivo, que puede ser usado para restablecer la contraseña. Esto afecta a D7800 versiones anteriores a 1.0.1.66, a EX2700 versiones anteriores a 1.0.1.68, al WN3000RPv2 versiones anteriores a 1.0.0.90, al WN3000RPv3 versiones anteriores a 1.0.2.100, a LBR1020 versiones anteriores a 2.6.5.20, a LBR20 versiones anteriores a 2.6.5.32, a R6700AX versiones anteriores a 1.0.10.110, a R7800 versiones anteriores a 1.0.2.86, a R8900 versiones anteriores a 1. 0.5.38, R9000 versiones anteriores a 1.0.5.38, RAX10 versiones anteriores a 1.0.10.110, RAX120v1 versiones anteriores a 1.2.3.28, RAX120v2 versiones anteriores a 1.2.3.28, RAX70 versiones anteriores a 1.0.10.110, RAX78 versiones anteriores a 1.0.10.110, XR450 versiones anteriores a 2.3.2.130, XR500 versiones anteriores a 2.3.2.130 y XR700 versiones anteriores a 1.0.1.46
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2021-12-25 CVE Reserved
- 2021-12-26 CVE Published
- 2023-07-18 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| https://immersivelabs.com/resources/blog/netgear-vulnerabilities-could-put-small-business-routers-at-risk | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://kb.netgear.com/000064407/Security-Advisory-for-Post-Authentication-Command-Injection-Sensitive-Information-Disclosure-on-Multiple-Products-PSV-2021-0169-PSV-2021-0171 | 2022-01-06 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Netgear Search vendor "Netgear" | D7800 Firmware Search vendor "Netgear" for product "D7800 Firmware" | < 1.0.1.66 Search vendor "Netgear" for product "D7800 Firmware" and version " < 1.0.1.66" | - |
Affected
| in | Netgear Search vendor "Netgear" | D7800 Search vendor "Netgear" for product "D7800" | - | - |
Safe
|
| Netgear Search vendor "Netgear" | Ex2700 Firmware Search vendor "Netgear" for product "Ex2700 Firmware" | < 1.0.1.68 Search vendor "Netgear" for product "Ex2700 Firmware" and version " < 1.0.1.68" | - |
Affected
| in | Netgear Search vendor "Netgear" | Ex2700 Search vendor "Netgear" for product "Ex2700" | - | - |
Safe
|
| Netgear Search vendor "Netgear" | Wn3000rpv2 Firmware Search vendor "Netgear" for product "Wn3000rpv2 Firmware" | < 1.0.0.90 Search vendor "Netgear" for product "Wn3000rpv2 Firmware" and version " < 1.0.0.90" | - |
Affected
| in | Netgear Search vendor "Netgear" | Wn3000rpv2 Search vendor "Netgear" for product "Wn3000rpv2" | - | - |
Safe
|
| Netgear Search vendor "Netgear" | Wn3000rpv3 Firmware Search vendor "Netgear" for product "Wn3000rpv3 Firmware" | < 1.0.2.100 Search vendor "Netgear" for product "Wn3000rpv3 Firmware" and version " < 1.0.2.100" | - |
Affected
| in | Netgear Search vendor "Netgear" | Wn3000rpv3 Search vendor "Netgear" for product "Wn3000rpv3" | - | - |
Safe
|
| Netgear Search vendor "Netgear" | Lbr1020 Firmware Search vendor "Netgear" for product "Lbr1020 Firmware" | < 2.6.5.20 Search vendor "Netgear" for product "Lbr1020 Firmware" and version " < 2.6.5.20" | - |
Affected
| in | Netgear Search vendor "Netgear" | Lbr1020 Search vendor "Netgear" for product "Lbr1020" | - | - |
Safe
|
| Netgear Search vendor "Netgear" | Lbr20 Firmware Search vendor "Netgear" for product "Lbr20 Firmware" | < 2.6.5.32 Search vendor "Netgear" for product "Lbr20 Firmware" and version " < 2.6.5.32" | - |
Affected
| in | Netgear Search vendor "Netgear" | Lbr20 Search vendor "Netgear" for product "Lbr20" | - | - |
Safe
|
| Netgear Search vendor "Netgear" | R6700ax Firmware Search vendor "Netgear" for product "R6700ax Firmware" | < 1.0.10.110 Search vendor "Netgear" for product "R6700ax Firmware" and version " < 1.0.10.110" | - |
Affected
| in | Netgear Search vendor "Netgear" | R6700ax Search vendor "Netgear" for product "R6700ax" | - | - |
Safe
|
| Netgear Search vendor "Netgear" | R7800 Firmware Search vendor "Netgear" for product "R7800 Firmware" | < 1.0.2.86 Search vendor "Netgear" for product "R7800 Firmware" and version " < 1.0.2.86" | - |
Affected
| in | Netgear Search vendor "Netgear" | R7800 Search vendor "Netgear" for product "R7800" | - | - |
Safe
|
| Netgear Search vendor "Netgear" | R8900 Firmware Search vendor "Netgear" for product "R8900 Firmware" | < 1.0.5.38 Search vendor "Netgear" for product "R8900 Firmware" and version " < 1.0.5.38" | - |
Affected
| in | Netgear Search vendor "Netgear" | R8900 Search vendor "Netgear" for product "R8900" | - | - |
Safe
|
| Netgear Search vendor "Netgear" | R9000 Firmware Search vendor "Netgear" for product "R9000 Firmware" | < 1.0.5.38 Search vendor "Netgear" for product "R9000 Firmware" and version " < 1.0.5.38" | - |
Affected
| in | Netgear Search vendor "Netgear" | R9000 Search vendor "Netgear" for product "R9000" | - | - |
Safe
|
| Netgear Search vendor "Netgear" | Rax10 Firmware Search vendor "Netgear" for product "Rax10 Firmware" | < 1.0.10.110 Search vendor "Netgear" for product "Rax10 Firmware" and version " < 1.0.10.110" | - |
Affected
| in | Netgear Search vendor "Netgear" | Rax10 Search vendor "Netgear" for product "Rax10" | - | - |
Safe
|
| Netgear Search vendor "Netgear" | Rax120v1 Firmware Search vendor "Netgear" for product "Rax120v1 Firmware" | < 1.2.3.28 Search vendor "Netgear" for product "Rax120v1 Firmware" and version " < 1.2.3.28" | - |
Affected
| in | Netgear Search vendor "Netgear" | Rax120v1 Search vendor "Netgear" for product "Rax120v1" | - | - |
Safe
|
| Netgear Search vendor "Netgear" | Rax120v2 Firmware Search vendor "Netgear" for product "Rax120v2 Firmware" | < 1.2.3.28 Search vendor "Netgear" for product "Rax120v2 Firmware" and version " < 1.2.3.28" | - |
Affected
| in | Netgear Search vendor "Netgear" | Rax120v2 Search vendor "Netgear" for product "Rax120v2" | - | - |
Safe
|
| Netgear Search vendor "Netgear" | Rax70 Firmware Search vendor "Netgear" for product "Rax70 Firmware" | < 1.0.10.110 Search vendor "Netgear" for product "Rax70 Firmware" and version " < 1.0.10.110" | - |
Affected
| in | Netgear Search vendor "Netgear" | Rax70 Search vendor "Netgear" for product "Rax70" | - | - |
Safe
|
| Netgear Search vendor "Netgear" | Rax78 Firmware Search vendor "Netgear" for product "Rax78 Firmware" | < 1.0.10.110 Search vendor "Netgear" for product "Rax78 Firmware" and version " < 1.0.10.110" | - |
Affected
| in | Netgear Search vendor "Netgear" | Rax78 Search vendor "Netgear" for product "Rax78" | - | - |
Safe
|
| Netgear Search vendor "Netgear" | Xr450 Firmware Search vendor "Netgear" for product "Xr450 Firmware" | < 2.3.2.130 Search vendor "Netgear" for product "Xr450 Firmware" and version " < 2.3.2.130" | - |
Affected
| in | Netgear Search vendor "Netgear" | Xr450 Search vendor "Netgear" for product "Xr450" | - | - |
Safe
|
| Netgear Search vendor "Netgear" | Xr500 Firmware Search vendor "Netgear" for product "Xr500 Firmware" | < 2.3.2.130 Search vendor "Netgear" for product "Xr500 Firmware" and version " < 2.3.2.130" | - |
Affected
| in | Netgear Search vendor "Netgear" | Xr500 Search vendor "Netgear" for product "Xr500" | - | - |
Safe
|
| Netgear Search vendor "Netgear" | Xr700 Firmware Search vendor "Netgear" for product "Xr700 Firmware" | < 1.0.1.46 Search vendor "Netgear" for product "Xr700 Firmware" and version " < 1.0.1.46" | - |
Affected
| in | Netgear Search vendor "Netgear" | Xr700 Search vendor "Netgear" for product "Xr700" | - | - |
Safe
|