Vulnerabilites related to netgear - r6850
var-202112-2277
Vulnerability from variot
Certain NETGEAR devices are affected by Stored XSS. This affects D6200 before 1.1.00.40, D7000 before 1.0.1.78, R6020 before 1.0.0.48, R6080 before 1.0.0.48, R6120 before 1.0.0.76, R6220 before 1.1.0.110, R6230 before 1.1.0.110, R6260 before 1.1.0.78, R6800 before 1.2.0.76, R6900v2 before 1.2.0.76, R6700v2 before 1.2.0.76, R6850 before 1.1.0.78, R7200 before 1.2.0.76, R7350 before 1.2.0.76, R7400 before 1.2.0.76, R7450 before 1.2.0.76, AC2100 before 1.2.0.76, AC2400 before 1.2.0.76, AC2600 before 1.2.0.76, and RAX40 before 1.0.3.62. plural NETGEAR A cross-site scripting vulnerability exists in the device.Information may be obtained and information may be tampered with. This affects D6200 prior to 1.1.00.40, D7000 prior to 1.0.1.78, R6020 prior to 1.0.0.48, R6080 prior to 1.0.0.48, R6120 prior to 1.0.0.76, R6220 prior to 1.1.0.110, R6230 prior to 1.1.0.110, R6260 prior to 1.1.0.78, R6800 prior to 1.2.0.76, R6900v2 prior to 1.2.0.76, R6700v2 prior to 1.2.0.76, R6850 prior to 1.1.0.78, R7200 prior to 1.2.0.76, R7350 prior to 1.2.0.76, R7400 prior to 1.2.0.76, R7450 prior to 1.2.0.76, AC2100 prior to 1.2.0.76, AC2400 prior to 1.2.0.76, AC2600 prior to 1.2.0.76, and RAX40 prior to 1.0.3.62
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202112-2277",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "d7000",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.1.78"
},
{
"model": "ac2100",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.2.0.76"
},
{
"model": "r7350",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.2.0.76"
},
{
"model": "ac2400",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.2.0.76"
},
{
"model": "ac2600",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.2.0.76"
},
{
"model": "r7450",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.2.0.76"
},
{
"model": "r6700v2",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.2.0.76"
},
{
"model": "r6800",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.2.0.76"
},
{
"model": "r7200",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.2.0.76"
},
{
"model": "r6900v2",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.2.0.76"
},
{
"model": "r6120",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.0.76"
},
{
"model": "r6230",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.1.0.110"
},
{
"model": "r7400",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.2.0.76"
},
{
"model": "r6080",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.0.48"
},
{
"model": "r6220",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.1.0.110"
},
{
"model": "r6020",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.0.48"
},
{
"model": "r6850",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.1.0.78"
},
{
"model": "d6200",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.1.00.40"
},
{
"model": "rax40",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.3.62"
},
{
"model": "r6260",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.1.0.78"
},
{
"model": "r6230",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "r6900v2",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "d7000",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "r6220",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "r6020",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "d6200",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "r6260",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "r6800",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "r6080",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "r6120",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-017026"
},
{
"db": "NVD",
"id": "CVE-2021-45672"
}
]
},
"cve": "CVE-2021-45672",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"id": "CVE-2021-45672",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 1.7,
"id": "CVE-2021-45672",
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "cve@mitre.org",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 1.1,
"id": "CVE-2021-45672",
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.8,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2021-45672",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "High",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-45672",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "cve@mitre.org",
"id": "CVE-2021-45672",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2021-45672",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202112-2467",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2021-45672",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-45672"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-017026"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2467"
},
{
"db": "NVD",
"id": "CVE-2021-45672"
},
{
"db": "NVD",
"id": "CVE-2021-45672"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Certain NETGEAR devices are affected by Stored XSS. This affects D6200 before 1.1.00.40, D7000 before 1.0.1.78, R6020 before 1.0.0.48, R6080 before 1.0.0.48, R6120 before 1.0.0.76, R6220 before 1.1.0.110, R6230 before 1.1.0.110, R6260 before 1.1.0.78, R6800 before 1.2.0.76, R6900v2 before 1.2.0.76, R6700v2 before 1.2.0.76, R6850 before 1.1.0.78, R7200 before 1.2.0.76, R7350 before 1.2.0.76, R7400 before 1.2.0.76, R7450 before 1.2.0.76, AC2100 before 1.2.0.76, AC2400 before 1.2.0.76, AC2600 before 1.2.0.76, and RAX40 before 1.0.3.62. plural NETGEAR A cross-site scripting vulnerability exists in the device.Information may be obtained and information may be tampered with. This affects D6200 prior to 1.1.00.40, D7000 prior to 1.0.1.78, R6020 prior to 1.0.0.48, R6080 prior to 1.0.0.48, R6120 prior to 1.0.0.76, R6220 prior to 1.1.0.110, R6230 prior to 1.1.0.110, R6260 prior to 1.1.0.78, R6800 prior to 1.2.0.76, R6900v2 prior to 1.2.0.76, R6700v2 prior to 1.2.0.76, R6850 prior to 1.1.0.78, R7200 prior to 1.2.0.76, R7350 prior to 1.2.0.76, R7400 prior to 1.2.0.76, R7450 prior to 1.2.0.76, AC2100 prior to 1.2.0.76, AC2400 prior to 1.2.0.76, AC2600 prior to 1.2.0.76, and RAX40 prior to 1.0.3.62",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-45672"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-017026"
},
{
"db": "VULMON",
"id": "CVE-2021-45672"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-45672",
"trust": 3.3
},
{
"db": "JVNDB",
"id": "JVNDB-2021-017026",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2467",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-45672",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-45672"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-017026"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2467"
},
{
"db": "NVD",
"id": "CVE-2021-45672"
}
]
},
"id": "VAR-202112-2277",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.41049454545454545
},
"last_update_date": "2024-11-23T22:20:41.891000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Security\u00a0Advisory\u00a0for\u00a0Stored\u00a0Cross\u00a0Site\u00a0Scripting\u00a0on\u00a0Some\u00a0Routers,\u00a0PSV-2019-0244",
"trust": 0.8,
"url": "https://kb.netgear.com/000064075/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-PSV-2019-0244"
},
{
"title": "Netgear NETGEAR Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=175888"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-017026"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2467"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.0
},
{
"problemtype": "Cross-site scripting (CWE-79) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-017026"
},
{
"db": "NVD",
"id": "CVE-2021-45672"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://kb.netgear.com/000064075/security-advisory-for-stored-cross-site-scripting-on-some-routers-psv-2019-0244"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-45672"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/79.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-45672"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-017026"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2467"
},
{
"db": "NVD",
"id": "CVE-2021-45672"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2021-45672"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-017026"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2467"
},
{
"db": "NVD",
"id": "CVE-2021-45672"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-12-26T00:00:00",
"db": "VULMON",
"id": "CVE-2021-45672"
},
{
"date": "2022-12-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-017026"
},
{
"date": "2021-12-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202112-2467"
},
{
"date": "2021-12-26T01:15:21.103000",
"db": "NVD",
"id": "CVE-2021-45672"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-01-05T00:00:00",
"db": "VULMON",
"id": "CVE-2021-45672"
},
{
"date": "2022-12-27T23:51:00",
"db": "JVNDB",
"id": "JVNDB-2021-017026"
},
{
"date": "2022-01-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202112-2467"
},
{
"date": "2024-11-21T06:32:50.727000",
"db": "NVD",
"id": "CVE-2021-45672"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202112-2467"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0NETGEAR\u00a0 Cross-site scripting vulnerabilities in devices",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-017026"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202112-2467"
}
],
"trust": 0.6
}
}
var-202102-0338
Vulnerability from variot
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6020, R6080, R6120, R6220, R6260, R6700v2, R6800, R6900v2, R7450, JNR3210, WNR2020, Nighthawk AC2100, and Nighthawk AC2400 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the mini_httpd service, which listens on TCP port 80 by default. When parsing the funjsq_access_token parameter, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-11653. plural NETGEAR The product contains a command injection vulnerability. Zero Day Initiative To this vulnerability ZDI-CAN-11653 Was numbered.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "r6230",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.1.0.104"
},
{
"_id": null,
"model": "r6020",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.0.48"
},
{
"_id": null,
"model": "r7450",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.2.0.76"
},
{
"_id": null,
"model": "r6850",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.1.0.78"
},
{
"_id": null,
"model": "ac2600",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.2.0.76"
},
{
"_id": null,
"model": "ac2400",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.2.0.76"
},
{
"_id": null,
"model": "r7200",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.2.0.76"
},
{
"_id": null,
"model": "ac2100",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.2.0.76"
},
{
"_id": null,
"model": "r6080",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.0.48"
},
{
"_id": null,
"model": "r6330",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.1.0.78"
},
{
"_id": null,
"model": "r6700",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.2.0.76"
},
{
"_id": null,
"model": "r7400",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.2.0.76"
},
{
"_id": null,
"model": "r6900",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.2.0.76"
},
{
"_id": null,
"model": "r6220",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.1.0.104"
},
{
"_id": null,
"model": "r6800",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.2.0.76"
},
{
"_id": null,
"model": "r6120",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.0.76"
},
{
"_id": null,
"model": "r6350",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.1.0.78"
},
{
"_id": null,
"model": "r6260",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.1.0.78"
},
{
"_id": null,
"model": "r7350",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.2.0.76"
},
{
"_id": null,
"model": "ac2600",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"_id": null,
"model": "r7400",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"_id": null,
"model": "r7350",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"_id": null,
"model": "r7200",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"_id": null,
"model": "ac2100",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"_id": null,
"model": "r6800",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"_id": null,
"model": "r7450",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"_id": null,
"model": "r6700",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"_id": null,
"model": "ac2400",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"_id": null,
"model": "r6900",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"_id": null,
"model": "multiple routers",
"scope": null,
"trust": 0.7,
"vendor": "netgear",
"version": null
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-1423"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015991"
},
{
"db": "NVD",
"id": "CVE-2020-27867"
}
]
},
"credits": {
"_id": null,
"data": "1sd3d",
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-1423"
}
],
"trust": 0.7
},
"cve": "CVE-2020-27867",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.7,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 5.1,
"id": "CVE-2020-27867",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:A/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "zdi-disclosures@trendmicro.com",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.9,
"id": "CVE-2020-27867",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.9,
"id": "CVE-2020-27867",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.9,
"id": "CVE-2020-27867",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "NONE",
"vectorString": "AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-27867",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "zdi-disclosures@trendmicro.com",
"id": "CVE-2020-27867",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2020-27867",
"trust": 0.8,
"value": "Medium"
},
{
"author": "ZDI",
"id": "CVE-2020-27867",
"trust": 0.7,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202102-1091",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2020-27867",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-1423"
},
{
"db": "VULMON",
"id": "CVE-2020-27867"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015991"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-1091"
},
{
"db": "NVD",
"id": "CVE-2020-27867"
},
{
"db": "NVD",
"id": "CVE-2020-27867"
}
]
},
"description": {
"_id": null,
"data": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6020, R6080, R6120, R6220, R6260, R6700v2, R6800, R6900v2, R7450, JNR3210, WNR2020, Nighthawk AC2100, and Nighthawk AC2400 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the mini_httpd service, which listens on TCP port 80 by default. When parsing the funjsq_access_token parameter, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-11653. plural NETGEAR The product contains a command injection vulnerability. Zero Day Initiative To this vulnerability ZDI-CAN-11653 Was numbered.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-27867"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015991"
},
{
"db": "ZDI",
"id": "ZDI-20-1423"
},
{
"db": "VULMON",
"id": "CVE-2020-27867"
}
],
"trust": 2.34
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2020-27867",
"trust": 3.2
},
{
"db": "ZDI",
"id": "ZDI-20-1423",
"trust": 3.2
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015991",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-11653",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-202102-1091",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2020-27867",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-1423"
},
{
"db": "VULMON",
"id": "CVE-2020-27867"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015991"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-1091"
},
{
"db": "NVD",
"id": "CVE-2020-27867"
}
]
},
"id": "VAR-202102-0338",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.33938984250000004
},
"last_update_date": "2024-11-23T22:47:49.772000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Security\u00a0Advisory\u00a0for\u00a0Password\u00a0Recovery\u00a0Vulnerabilities\u00a0on\u00a0Some\u00a0Routers",
"trust": 1.5,
"url": "https://kb.netgear.com/000062641/Security-Advisory-for-Password-Recovery-Vulnerabilities-on-Some-Routers"
},
{
"title": "Repair measures for command injection vulnerabilities in multiple products",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=142371"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-1423"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015991"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-1091"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-77",
"trust": 1.0
},
{
"problemtype": "Command injection (CWE-77) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-015991"
},
{
"db": "NVD",
"id": "CVE-2020-27867"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 2.5,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-1423/"
},
{
"trust": 2.4,
"url": "https://kb.netgear.com/000062641/security-advisory-for-password-recovery-vulnerabilities-on-some-routers"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-27867"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/77.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-1423"
},
{
"db": "VULMON",
"id": "CVE-2020-27867"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015991"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-1091"
},
{
"db": "NVD",
"id": "CVE-2020-27867"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "ZDI",
"id": "ZDI-20-1423",
"ident": null
},
{
"db": "VULMON",
"id": "CVE-2020-27867",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015991",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-202102-1091",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2020-27867",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2020-12-21T00:00:00",
"db": "ZDI",
"id": "ZDI-20-1423",
"ident": null
},
{
"date": "2021-02-12T00:00:00",
"db": "VULMON",
"id": "CVE-2020-27867",
"ident": null
},
{
"date": "2021-10-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-015991",
"ident": null
},
{
"date": "2021-02-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202102-1091",
"ident": null
},
{
"date": "2021-02-12T00:15:12.970000",
"db": "NVD",
"id": "CVE-2020-27867",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2020-12-21T00:00:00",
"db": "ZDI",
"id": "ZDI-20-1423",
"ident": null
},
{
"date": "2021-03-26T00:00:00",
"db": "VULMON",
"id": "CVE-2020-27867",
"ident": null
},
{
"date": "2021-10-29T09:02:00",
"db": "JVNDB",
"id": "JVNDB-2020-015991",
"ident": null
},
{
"date": "2021-08-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202102-1091",
"ident": null
},
{
"date": "2024-11-21T05:21:57.877000",
"db": "NVD",
"id": "CVE-2020-27867",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202102-1091"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "plural \u00a0NETGEAR\u00a0 Command injection vulnerabilities in the product",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-015991"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "command injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202102-1091"
}
],
"trust": 0.6
}
}
var-202112-2210
Vulnerability from variot
plural NETGEAR There is an unspecified vulnerability in the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Certain NETGEAR devices are affected by authentication bypass. This affects AC2100 prior to 2021-08-27, AC2400 prior to 2021-08-27, AC2600 prior to 2021-08-27, D7000 prior to 2021-08-27, R6220 prior to 2021-08-27, R6230 prior to 2021-08-27, R6260 prior to 2021-08-27, R6330 prior to 2021-08-27, R6350 prior to 2021-08-27, R6700v2 prior to 2021-08-27, R6800 prior to 2021-08-27, R6850 prior to 2021-08-27, R6900v2 prior to 2021-08-27, R7200 prior to 2021-08-27, R7350 prior to 2021-08-27, R7400 prior to 2021-08-27, and R7450 prior to 2021-08-27
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202112-2210",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ac2100",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.2.0.88"
},
{
"model": "r6900v2",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.2.0.88"
},
{
"model": "r6230",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.1.0.110"
},
{
"model": "ac2400",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.2.0.88"
},
{
"model": "r6850",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.1.0.84"
},
{
"model": "r6350",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.1.0.84"
},
{
"model": "r7400",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.2.0.88"
},
{
"model": "r7350",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.2.0.88"
},
{
"model": "ac2600",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.2.0.88"
},
{
"model": "r6220",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.1.0.110"
},
{
"model": "r6800",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.2.0.88"
},
{
"model": "r7450",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.2.0.88"
},
{
"model": "r6330",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.1.0.84"
},
{
"model": "d7000",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.1.80"
},
{
"model": "r6700v2",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.2.0.88"
},
{
"model": "r6260",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.1.0.84"
},
{
"model": "r7200",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.2.0.88"
},
{
"model": "r6230",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "ac2600",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "ac2400",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "r6260",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "ac2100",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "d7000",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "r6350",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "r6220",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "r6700v2",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "r6330",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-017201"
},
{
"db": "NVD",
"id": "CVE-2021-45511"
}
]
},
"cve": "CVE-2021-45511",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2021-45511",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2021-45511",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "cve@mitre.org",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.9,
"id": "CVE-2021-45511",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-45511",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-45511",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "cve@mitre.org",
"id": "CVE-2021-45511",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2021-45511",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-202112-2325",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2021-45511",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-45511"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-017201"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2325"
},
{
"db": "NVD",
"id": "CVE-2021-45511"
},
{
"db": "NVD",
"id": "CVE-2021-45511"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural NETGEAR There is an unspecified vulnerability in the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Certain NETGEAR devices are affected by authentication bypass. This affects AC2100 prior to 2021-08-27, AC2400 prior to 2021-08-27, AC2600 prior to 2021-08-27, D7000 prior to 2021-08-27, R6220 prior to 2021-08-27, R6230 prior to 2021-08-27, R6260 prior to 2021-08-27, R6330 prior to 2021-08-27, R6350 prior to 2021-08-27, R6700v2 prior to 2021-08-27, R6800 prior to 2021-08-27, R6850 prior to 2021-08-27, R6900v2 prior to 2021-08-27, R7200 prior to 2021-08-27, R7350 prior to 2021-08-27, R7400 prior to 2021-08-27, and R7450 prior to 2021-08-27",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-017201"
},
{
"db": "VULMON",
"id": "CVE-2021-45511"
}
],
"trust": 0.81
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-45511",
"trust": 3.3
},
{
"db": "JVNDB",
"id": "JVNDB-2021-017201",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2325",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-45511",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-45511"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-017201"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2325"
},
{
"db": "NVD",
"id": "CVE-2021-45511"
}
]
},
"id": "VAR-202112-2210",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.4818319283333334
},
"last_update_date": "2024-11-23T22:25:01.669000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Security\u00a0Advisory\u00a0for\u00a0Authentication\u00a0Bypass\u00a0Vulnerability\u00a0on\u00a0the\u00a0D7000\u00a0and\u00a0Some\u00a0Routers,\u00a0PSV-2021-0133",
"trust": 0.8,
"url": "https://kb.netgear.com/000063961/Security-Advisory-for-Authentication-Bypass-Vulnerability-on-the-D7000-and-Some-Routers-PSV-2021-0133"
},
{
"title": "Netgear NETGEAR Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=176062"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-017201"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2325"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "Lack of information (CWE-noinfo) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-017201"
},
{
"db": "NVD",
"id": "CVE-2021-45511"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://kb.netgear.com/000063961/security-advisory-for-authentication-bypass-vulnerability-on-the-d7000-and-some-routers-psv-2021-0133"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-45511"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/287.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-45511"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-017201"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2325"
},
{
"db": "NVD",
"id": "CVE-2021-45511"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2021-45511"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-017201"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2325"
},
{
"db": "NVD",
"id": "CVE-2021-45511"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-12-26T00:00:00",
"db": "VULMON",
"id": "CVE-2021-45511"
},
{
"date": "2023-01-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-017201"
},
{
"date": "2021-12-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202112-2325"
},
{
"date": "2021-12-26T01:15:13.437000",
"db": "NVD",
"id": "CVE-2021-45511"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-01-06T00:00:00",
"db": "VULMON",
"id": "CVE-2021-45511"
},
{
"date": "2023-01-10T01:47:00",
"db": "JVNDB",
"id": "JVNDB-2021-017201"
},
{
"date": "2022-07-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202112-2325"
},
{
"date": "2024-11-21T06:32:23.030000",
"db": "NVD",
"id": "CVE-2021-45511"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202112-2325"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0NETGEAR\u00a0 Vulnerabilities in devices",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-017201"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202112-2325"
}
],
"trust": 0.6
}
}
var-202103-1271
Vulnerability from variot
Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. This affects R6700v3 before 1.0.4.98, R6400v2 before 1.0.4.98, R7000 before 1.0.11.106, R6900P before 1.3.2.124, R7000P before 1.3.2.124, R7900 before 1.0.4.26, R7850 before 1.0.5.60, R8000 before 1.0.4.58, RS400 before 1.5.0.48, R6400 before 1.0.1.62, R6700 before 1.0.2.16, R6900 before 1.0.2.16, MK60 before 1.0.5.102, MR60 before 1.0.5.102, MS60 before 1.0.5.102, CBR40 before 2.5.0.10, R8000P before 1.4.1.62, R7960P before 1.4.1.62, R7900P before 1.4.1.62, RAX15 before 1.0.1.64, RAX20 before 1.0.1.64, RAX75 before 1.0.3.102, RAX80 before 1.0.3.102, RAX200 before 1.0.2.102, RAX45 before 1.0.2.64, RAX50 before 1.0.2.64, EX7500 before 1.0.0.68, EAX80 before 1.0.1.62, EAX20 before 1.0.0.36, RBK752 before 3.2.16.6, RBK753 before 3.2.16.6, RBK753S before 3.2.16.6, RBK754 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBK853 before 3.2.16.6, RBK854 before 3.2.16.6, RBR850 before 3.2.16.6, RBS850 before 3.2.16.6, RBR840 before 3.2.16.6, RBS840 before 3.2.16.6, R6120 before 1.0.0.70, R6220 before 1.1.0.100, R6230 before 1.1.0.100, R6260 before 1.1.0.76, R6850 before 1.1.0.76, R6350 before 1.1.0.76, R6330 before 1.1.0.76, D7800 before 1.0.1.58, RBK50 before 2.6.1.40, RBR50 before 2.6.1.40, RBS50 before 2.6.1.40, RBK40 before 2.6.1.36, RBR40 before 2.6.1.36, RBS40 before 2.6.1.38, RBK23 before 2.6.1.36, RBR20 before 2.6.1.38, RBS20 before 2.6.1.38, RBK12 before 2.6.1.44, RBK13 before 2.6.1.44, RBK14 before 2.6.1.44, RBK15 before 2.6.1.44, RBR10 before 2.6.1.44, RBS10 before 2.6.1.44, R6800 before 1.2.0.72, R6900v2 before 1.2.0.72, R6700v2 before 1.2.0.72, R7200 before 1.2.0.72, R7350 before 1.2.0.72, R7400 before 1.2.0.72, R7450 before 1.2.0.72, AC2100 before 1.2.0.72, AC2400 before 1.2.0.72, AC2600 before 1.2.0.72, R7800 before 1.0.2.74, R8900 before 1.0.5.24, R9000 before 1.0.5.24, RAX120 before 1.0.1.136, XR450 before 2.3.2.66, XR500 before 2.3.2.66, XR700 before 1.0.1.34, and XR300 before 1.0.3.50. plural NETGEAR A classic buffer overflow vulnerability exists in the device.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. This affects R6700v3 prior to 1.0.4.98, R6400v2 prior to 1.0.4.98, R7000 prior to 1.0.11.106, R6900P prior to 1.3.2.124, R7000P prior to 1.3.2.124, R7900 prior to 1.0.4.26, R7850 prior to 1.0.5.60, R8000 prior to 1.0.4.58, RS400 prior to 1.5.0.48, R6400 prior to 1.0.1.62, R6700 prior to 1.0.2.16, R6900 prior to 1.0.2.16, MK60 prior to 1.0.5.102, MR60 prior to 1.0.5.102, MS60 prior to 1.0.5.102, CBR40 prior to 2.5.0.10, R8000P prior to 1.4.1.62, R7960P prior to 1.4.1.62, R7900P prior to 1.4.1.62, RAX15 prior to 1.0.1.64, RAX20 prior to 1.0.1.64, RAX75 prior to 1.0.3.102, RAX80 prior to 1.0.3.102, RAX200 prior to 1.0.2.102, RAX45 prior to 1.0.2.64, RAX50 prior to 1.0.2.64, EX7500 prior to 1.0.0.68, EAX80 prior to 1.0.1.62, EAX20 prior to 1.0.0.36, RBK752 prior to 3.2.16.6, RBK753 prior to 3.2.16.6, RBK753S prior to 3.2.16.6, RBK754 prior to 3.2.16.6, RBR750 prior to 3.2.16.6, RBS750 prior to 3.2.16.6, RBK852 prior to 3.2.16.6, RBK853 prior to 3.2.16.6, RBK854 prior to 3.2.16.6, RBR850 prior to 3.2.16.6, RBS850 prior to 3.2.16.6, RBR840 prior to 3.2.16.6, RBS840 prior to 3.2.16.6, R6120 prior to 1.0.0.70, R6220 prior to 1.1.0.100, R6230 prior to 1.1.0.100, R6260 prior to 1.1.0.76, R6850 prior to 1.1.0.76, R6350 prior to 1.1.0.76, R6330 prior to 1.1.0.76, D7800 prior to 1.0.1.58, RBK50 prior to 2.6.1.40, RBR50 prior to 2.6.1.40, RBS50 prior to 2.6.1.40, RBK40 prior to 2.6.1.36, RBR40 prior to 2.6.1.36, RBS40 prior to 2.6.1.38, RBK23 prior to 2.6.1.36, RBR20 prior to 2.6.1.38, RBS20 prior to 2.6.1.38, RBK12 prior to 2.6.1.44, RBK13 prior to 2.6.1.44, RBK14 prior to 2.6.1.44, RBK15 prior to 2.6.1.44, RBR10 prior to 2.6.1.44, RBS10 prior to 2.6.1.44, R6800 prior to 1.2.0.72, R6900v2 prior to 1.2.0.72, R6700v2 prior to 1.2.0.72, R7200 prior to 1.2.0.72, R7350 prior to 1.2.0.72, R7400 prior to 1.2.0.72, R7450 prior to 1.2.0.72, AC2100 prior to 1.2.0.72, AC2400 prior to 1.2.0.72, AC2600 prior to 1.2.0.72, R7800 prior to 1.0.2.74, R8900 prior to 1.0.5.24, R9000 prior to 1.0.5.24, RAX120 prior to 1.0.1.136, XR450 prior to 2.3.2.66, XR500 prior to 2.3.2.66, XR700 prior to 1.0.1.34, and XR300 prior to 1.0.3.50
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202103-1271",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "r6900",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.2.0.72"
},
{
"model": "ms60",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.5.102"
},
{
"model": "rax200",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.2.102"
},
{
"model": "r7400",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.2.0.72"
},
{
"model": "rbr50",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2.6.1.40"
},
{
"model": "r6900",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.2.16"
},
{
"model": "r7350",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.2.0.72"
},
{
"model": "rbs850",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "3.2.16.6"
},
{
"model": "rbk50",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2.6.1.40"
},
{
"model": "rbk12",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2.6.1.44"
},
{
"model": "rbs750",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "3.2.16.6"
},
{
"model": "rbr40",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2.6.1.36"
},
{
"model": "rbs10",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2.6.1.44"
},
{
"model": "rax120",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.1.136"
},
{
"model": "rax75",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.3.102"
},
{
"model": "r9000",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.5.24"
},
{
"model": "rbk854",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "3.2.16.6"
},
{
"model": "eax80",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.1.62"
},
{
"model": "r7800",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.2.74"
},
{
"model": "r7900",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.4.26"
},
{
"model": "ac2100",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.2.0.72"
},
{
"model": "rbk753",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "3.2.16.6"
},
{
"model": "xr300",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.3.50"
},
{
"model": "d7800",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.1.58"
},
{
"model": "rax50",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.2.64"
},
{
"model": "rbr20",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2.6.1.38"
},
{
"model": "r6260",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.1.0.76"
},
{
"model": "r8900",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.5.24"
},
{
"model": "rbk14",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2.6.1.44"
},
{
"model": "r6120",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.0.70"
},
{
"model": "xr700",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.1.34"
},
{
"model": "ex7500",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.0.68"
},
{
"model": "rbk23",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2.6.1.36"
},
{
"model": "xr500",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2.3.2.66"
},
{
"model": "rbr840",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "3.2.16.6"
},
{
"model": "r7960p",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.4.1.62"
},
{
"model": "rbk15",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2.6.1.44"
},
{
"model": "ac2600",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.2.0.72"
},
{
"model": "rbs50",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2.6.1.40"
},
{
"model": "rax20",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.1.64"
},
{
"model": "rbs20",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2.6.1.38"
},
{
"model": "cbr40",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2.5.0.10"
},
{
"model": "ac2400",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.2.0.72"
},
{
"model": "rbr850",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "3.2.16.6"
},
{
"model": "r6220",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.0.70"
},
{
"model": "r6330",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.1.0.76"
},
{
"model": "rbk852",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "3.2.16.6"
},
{
"model": "r8000p",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.4.1.62"
},
{
"model": "rbk853",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "3.2.16.6"
},
{
"model": "r6900p",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.3.2.124"
},
{
"model": "r6800",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.2.0.72"
},
{
"model": "xr450",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2.3.2.66"
},
{
"model": "r6400",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.4.98"
},
{
"model": "rs400",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.5.0.48"
},
{
"model": "r6350",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.1.0.76"
},
{
"model": "r6700",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.4.98"
},
{
"model": "r7000",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.11.106"
},
{
"model": "rbk13",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2.6.1.44"
},
{
"model": "r7850",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.5.60"
},
{
"model": "r6400",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.1.62"
},
{
"model": "mr60",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.5.102"
},
{
"model": "eax20",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.0.36"
},
{
"model": "rbk842",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "3.2.16.6"
},
{
"model": "rbr750",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "3.2.16.6"
},
{
"model": "r7200",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.2.0.72"
},
{
"model": "r6700",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.2.0.72"
},
{
"model": "r8000",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.4.58"
},
{
"model": "rax80",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.3.102"
},
{
"model": "rbk754",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "3.2.16.6"
},
{
"model": "r6700",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.2.16"
},
{
"model": "rax45",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.2.64"
},
{
"model": "rbk753s",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "3.2.16.6"
},
{
"model": "r6230",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.0.70"
},
{
"model": "rbs40",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2.6.1.38"
},
{
"model": "rax15",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.1.64"
},
{
"model": "rbk752",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "3.2.16.6"
},
{
"model": "r6850",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.1.0.76"
},
{
"model": "rbk40",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2.6.1.36"
},
{
"model": "r7450",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.2.0.72"
},
{
"model": "rbs840",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "3.2.16.6"
},
{
"model": "r7900p",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.4.1.62"
},
{
"model": "r7000p",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.3.2.124"
},
{
"model": "mk60",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.5.102"
},
{
"model": "rbr10",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2.6.1.44"
},
{
"model": "r6900p",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "r7000p",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "r7000",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "r7850",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "r6400",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "r7900",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "r8000",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "r6700",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-005326"
},
{
"db": "NVD",
"id": "CVE-2021-29068"
}
]
},
"cve": "CVE-2021-29068",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CVE-2021-29068",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2021-29068",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "cve@mitre.org",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.1,
"id": "CVE-2021-29068",
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-29068",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-29068",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "cve@mitre.org",
"id": "CVE-2021-29068",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2021-29068",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202103-1360",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2021-29068",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-29068"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-005326"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1360"
},
{
"db": "NVD",
"id": "CVE-2021-29068"
},
{
"db": "NVD",
"id": "CVE-2021-29068"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. This affects R6700v3 before 1.0.4.98, R6400v2 before 1.0.4.98, R7000 before 1.0.11.106, R6900P before 1.3.2.124, R7000P before 1.3.2.124, R7900 before 1.0.4.26, R7850 before 1.0.5.60, R8000 before 1.0.4.58, RS400 before 1.5.0.48, R6400 before 1.0.1.62, R6700 before 1.0.2.16, R6900 before 1.0.2.16, MK60 before 1.0.5.102, MR60 before 1.0.5.102, MS60 before 1.0.5.102, CBR40 before 2.5.0.10, R8000P before 1.4.1.62, R7960P before 1.4.1.62, R7900P before 1.4.1.62, RAX15 before 1.0.1.64, RAX20 before 1.0.1.64, RAX75 before 1.0.3.102, RAX80 before 1.0.3.102, RAX200 before 1.0.2.102, RAX45 before 1.0.2.64, RAX50 before 1.0.2.64, EX7500 before 1.0.0.68, EAX80 before 1.0.1.62, EAX20 before 1.0.0.36, RBK752 before 3.2.16.6, RBK753 before 3.2.16.6, RBK753S before 3.2.16.6, RBK754 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBK853 before 3.2.16.6, RBK854 before 3.2.16.6, RBR850 before 3.2.16.6, RBS850 before 3.2.16.6, RBR840 before 3.2.16.6, RBS840 before 3.2.16.6, R6120 before 1.0.0.70, R6220 before 1.1.0.100, R6230 before 1.1.0.100, R6260 before 1.1.0.76, R6850 before 1.1.0.76, R6350 before 1.1.0.76, R6330 before 1.1.0.76, D7800 before 1.0.1.58, RBK50 before 2.6.1.40, RBR50 before 2.6.1.40, RBS50 before 2.6.1.40, RBK40 before 2.6.1.36, RBR40 before 2.6.1.36, RBS40 before 2.6.1.38, RBK23 before 2.6.1.36, RBR20 before 2.6.1.38, RBS20 before 2.6.1.38, RBK12 before 2.6.1.44, RBK13 before 2.6.1.44, RBK14 before 2.6.1.44, RBK15 before 2.6.1.44, RBR10 before 2.6.1.44, RBS10 before 2.6.1.44, R6800 before 1.2.0.72, R6900v2 before 1.2.0.72, R6700v2 before 1.2.0.72, R7200 before 1.2.0.72, R7350 before 1.2.0.72, R7400 before 1.2.0.72, R7450 before 1.2.0.72, AC2100 before 1.2.0.72, AC2400 before 1.2.0.72, AC2600 before 1.2.0.72, R7800 before 1.0.2.74, R8900 before 1.0.5.24, R9000 before 1.0.5.24, RAX120 before 1.0.1.136, XR450 before 2.3.2.66, XR500 before 2.3.2.66, XR700 before 1.0.1.34, and XR300 before 1.0.3.50. plural NETGEAR A classic buffer overflow vulnerability exists in the device.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. This affects R6700v3 prior to 1.0.4.98, R6400v2 prior to 1.0.4.98, R7000 prior to 1.0.11.106, R6900P prior to 1.3.2.124, R7000P prior to 1.3.2.124, R7900 prior to 1.0.4.26, R7850 prior to 1.0.5.60, R8000 prior to 1.0.4.58, RS400 prior to 1.5.0.48, R6400 prior to 1.0.1.62, R6700 prior to 1.0.2.16, R6900 prior to 1.0.2.16, MK60 prior to 1.0.5.102, MR60 prior to 1.0.5.102, MS60 prior to 1.0.5.102, CBR40 prior to 2.5.0.10, R8000P prior to 1.4.1.62, R7960P prior to 1.4.1.62, R7900P prior to 1.4.1.62, RAX15 prior to 1.0.1.64, RAX20 prior to 1.0.1.64, RAX75 prior to 1.0.3.102, RAX80 prior to 1.0.3.102, RAX200 prior to 1.0.2.102, RAX45 prior to 1.0.2.64, RAX50 prior to 1.0.2.64, EX7500 prior to 1.0.0.68, EAX80 prior to 1.0.1.62, EAX20 prior to 1.0.0.36, RBK752 prior to 3.2.16.6, RBK753 prior to 3.2.16.6, RBK753S prior to 3.2.16.6, RBK754 prior to 3.2.16.6, RBR750 prior to 3.2.16.6, RBS750 prior to 3.2.16.6, RBK852 prior to 3.2.16.6, RBK853 prior to 3.2.16.6, RBK854 prior to 3.2.16.6, RBR850 prior to 3.2.16.6, RBS850 prior to 3.2.16.6, RBR840 prior to 3.2.16.6, RBS840 prior to 3.2.16.6, R6120 prior to 1.0.0.70, R6220 prior to 1.1.0.100, R6230 prior to 1.1.0.100, R6260 prior to 1.1.0.76, R6850 prior to 1.1.0.76, R6350 prior to 1.1.0.76, R6330 prior to 1.1.0.76, D7800 prior to 1.0.1.58, RBK50 prior to 2.6.1.40, RBR50 prior to 2.6.1.40, RBS50 prior to 2.6.1.40, RBK40 prior to 2.6.1.36, RBR40 prior to 2.6.1.36, RBS40 prior to 2.6.1.38, RBK23 prior to 2.6.1.36, RBR20 prior to 2.6.1.38, RBS20 prior to 2.6.1.38, RBK12 prior to 2.6.1.44, RBK13 prior to 2.6.1.44, RBK14 prior to 2.6.1.44, RBK15 prior to 2.6.1.44, RBR10 prior to 2.6.1.44, RBS10 prior to 2.6.1.44, R6800 prior to 1.2.0.72, R6900v2 prior to 1.2.0.72, R6700v2 prior to 1.2.0.72, R7200 prior to 1.2.0.72, R7350 prior to 1.2.0.72, R7400 prior to 1.2.0.72, R7450 prior to 1.2.0.72, AC2100 prior to 1.2.0.72, AC2400 prior to 1.2.0.72, AC2600 prior to 1.2.0.72, R7800 prior to 1.0.2.74, R8900 prior to 1.0.5.24, R9000 prior to 1.0.5.24, RAX120 prior to 1.0.1.136, XR450 prior to 2.3.2.66, XR500 prior to 2.3.2.66, XR700 prior to 1.0.1.34, and XR300 prior to 1.0.3.50",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-29068"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-005326"
},
{
"db": "VULMON",
"id": "CVE-2021-29068"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-29068",
"trust": 3.3
},
{
"db": "JVNDB",
"id": "JVNDB-2021-005326",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1360",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-29068",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-29068"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-005326"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1360"
},
{
"db": "NVD",
"id": "CVE-2021-29068"
}
]
},
"id": "VAR-202103-1271",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.3117663121621622
},
"last_update_date": "2024-11-23T23:04:04.570000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Security\u00a0Advisory\u00a0for\u00a0Post-Authentication\u00a0Buffer\u00a0Overflow\u00a0on\u00a0Some\u00a0Routers,\u00a0Extenders,\u00a0and\u00a0WiFi\u00a0Systems\u00a0,\u00a0PSV-2020-0155",
"trust": 0.8,
"url": "https://kb.netgear.com/000063021/Security-Advisory-for-Post-Authentication-Buffer-Overflow-on-Some-Routers-Extenders-and-WiFi-Systems-PSV-2020-0155"
},
{
"title": "Netgear NETGEAR Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=145681"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-005326"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1360"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-120",
"trust": 1.0
},
{
"problemtype": "Classic buffer overflow (CWE-120) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-005326"
},
{
"db": "NVD",
"id": "CVE-2021-29068"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://kb.netgear.com/000063021/security-advisory-for-post-authentication-buffer-overflow-on-some-routers-extenders-and-wifi-systems-psv-2020-0155"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-29068"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/120.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-29068"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-005326"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1360"
},
{
"db": "NVD",
"id": "CVE-2021-29068"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2021-29068"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-005326"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1360"
},
{
"db": "NVD",
"id": "CVE-2021-29068"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-03-23T00:00:00",
"db": "VULMON",
"id": "CVE-2021-29068"
},
{
"date": "2021-12-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-005326"
},
{
"date": "2021-03-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202103-1360"
},
{
"date": "2021-03-23T07:15:13.297000",
"db": "NVD",
"id": "CVE-2021-29068"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-03-27T00:00:00",
"db": "VULMON",
"id": "CVE-2021-29068"
},
{
"date": "2021-12-13T01:53:00",
"db": "JVNDB",
"id": "JVNDB-2021-005326"
},
{
"date": "2021-03-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202103-1360"
},
{
"date": "2024-11-21T06:00:38.353000",
"db": "NVD",
"id": "CVE-2021-29068"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202103-1360"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0NETGEAR\u00a0 Classic buffer overflow vulnerability in device",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-005326"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202103-1360"
}
],
"trust": 0.6
}
}
var-202012-1194
Vulnerability from variot
Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects AC2100 before 1.2.0.72, AC2400 before 1.2.0.72, AC2600 before 1.2.0.72, CBK40 before 2.5.0.10, CBR40 before 2.5.0.10, D7800 before 1.0.1.58, EAX20 before 1.0.0.36, EAX80 before 1.0.1.62, EX7500 before 1.0.0.68, MK62 before 1.0.5.102, MR60 before 1.0.5.102, MS60 before 1.0.5.102, R6120 before 1.0.0.70, R6220 before 1.1.0.100, R6230 before 1.1.0.100, R6260 before 1.1.0.76, R6330 before 1.1.0.76, R6350 before 1.1.0.76, R6400 before 1.0.1.62, R6400v2 before 1.0.4.98, R6700 before 1.0.2.16, R6700v2 before 1.2.0.72, R6700v3 before 1.0.4.98, R6800 before 1.2.0.72, R6850 before 1.1.0.76, R6900P before 1.3.2.124, R6900 before 1.0.2.16, R6900v2 before 1.2.0.72, R7000 before 1.0.11.106, R7000P before 1.3.2.124, R7200 before 1.2.0.72, R7350 before 1.2.0.72, R7400 before 1.2.0.72, R7450 before 1.2.0.72, R7800 before 1.0.2.74, R7850 before 1.0.5.60, R7900 before 1.0.4.26, R7900P before 1.4.1.62, R7960P before 1.4.1.62, R8000 before 1.0.4.58, R8000P before 1.4.1.62, R8900 before 1.0.5.24, R9000 before 1.0.5.24, RAX120 before 1.0.1.136, RAX15 before 1.0.1.64, RAX20 before 1.0.1.64, RAX200 before 1.0.2.102, RAX45 before 1.0.2.64, RAX50 before 1.0.2.64, RAX75 before 1.0.3.102, RAX80 before 1.0.3.102, RBK12 before 2.6.1.44, RBR10 before 2.6.1.44, RBS10 before 2.6.1.44, RBK20 before 2.6.1.38, RBR20 before 2.6.1.36, RBS20 before 2.6.1.38, RBK40 before 2.6.1.38, RBR40 before 2.6.1.36, RBS40 before 2.6.1.38, RBK50 before 2.6.1.40, RBR50 before 2.6.1.40, RBS50 before 2.6.1.40, RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK842 before 3.2.16.6, RBR840 before 3.2.16.6, RBS840 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, RBS850 before 3.2.16.6, RS400 before 1.5.0.48, XR300 before 1.0.3.50, XR450 before 2.3.2.66, XR500 before 2.3.2.66, and XR700 before 1.0.1.34. plural NETGEAR A classic buffer overflow vulnerability exists in the device.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202012-1194",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ms60",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.5.102"
},
{
"model": "r7400",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.2.0.72"
},
{
"model": "rax200",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.2.102"
},
{
"model": "rbr50",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2.6.1.40"
},
{
"model": "r6900",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.2.16"
},
{
"model": "r7350",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.2.0.72"
},
{
"model": "mk62",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.5.102"
},
{
"model": "rbs850",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "3.2.16.6"
},
{
"model": "rbk50",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2.6.1.40"
},
{
"model": "rbk12",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2.6.1.44"
},
{
"model": "rbs10",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2.6.1.44"
},
{
"model": "cbk40",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2.5.0.10"
},
{
"model": "rax120",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.1.136"
},
{
"model": "rbr40",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2.6.1.36"
},
{
"model": "rbs750",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "3.2.16.6"
},
{
"model": "rax75",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.3.102"
},
{
"model": "r6230",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.1.0.100"
},
{
"model": "r9000",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.5.24"
},
{
"model": "eax80",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.1.62"
},
{
"model": "r7800",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.2.74"
},
{
"model": "ac2100",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.2.0.72"
},
{
"model": "r7900",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.4.26"
},
{
"model": "xr300",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.3.50"
},
{
"model": "d7800",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.1.58"
},
{
"model": "rax50",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.2.64"
},
{
"model": "r6260",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.1.0.76"
},
{
"model": "r8900",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.5.24"
},
{
"model": "rbk20",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2.6.1.38"
},
{
"model": "r6120",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.0.70"
},
{
"model": "rbr20",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2.6.1.36"
},
{
"model": "xr700",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.1.34"
},
{
"model": "ex7500",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.0.68"
},
{
"model": "xr500",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2.3.2.66"
},
{
"model": "rbr840",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "3.2.16.6"
},
{
"model": "r7960p",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.4.1.62"
},
{
"model": "rax20",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.1.64"
},
{
"model": "rbr850",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "3.2.16.6"
},
{
"model": "rbs20",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2.6.1.38"
},
{
"model": "r6700v3",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.4.98"
},
{
"model": "ac2600",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.2.0.72"
},
{
"model": "ac2400",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.2.0.72"
},
{
"model": "cbr40",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2.5.0.10"
},
{
"model": "rbs50",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2.6.1.40"
},
{
"model": "r6330",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.1.0.76"
},
{
"model": "rbk852",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "3.2.16.6"
},
{
"model": "r8000p",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.4.1.62"
},
{
"model": "r6800",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.2.0.72"
},
{
"model": "r6900p",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.3.2.124"
},
{
"model": "xr450",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2.3.2.66"
},
{
"model": "rs400",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.5.0.48"
},
{
"model": "r6900v2",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.2.0.72"
},
{
"model": "r6350",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.1.0.76"
},
{
"model": "r7000",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.11.106"
},
{
"model": "r6400v2",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.4.98"
},
{
"model": "r7850",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.5.60"
},
{
"model": "r6400",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.1.62"
},
{
"model": "mr60",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.5.102"
},
{
"model": "eax20",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.0.36"
},
{
"model": "rbk842",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "3.2.16.6"
},
{
"model": "rbr750",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "3.2.16.6"
},
{
"model": "r7200",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.2.0.72"
},
{
"model": "r6700v2",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.2.0.72"
},
{
"model": "r8000",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.4.58"
},
{
"model": "rax80",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.3.102"
},
{
"model": "r6700",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.2.16"
},
{
"model": "rax45",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.2.64"
},
{
"model": "rbk40",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2.6.1.38"
},
{
"model": "rbs40",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2.6.1.38"
},
{
"model": "rax15",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.1.64"
},
{
"model": "rbk752",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "3.2.16.6"
},
{
"model": "r6220",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.1.0.100"
},
{
"model": "r6850",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.1.0.76"
},
{
"model": "r7450",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.2.0.72"
},
{
"model": "rbs840",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "3.2.16.6"
},
{
"model": "r7900p",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.4.1.62"
},
{
"model": "r7000p",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.3.2.124"
},
{
"model": "rbr10",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2.6.1.44"
},
{
"model": "ac2400",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "mk62",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "cbk40",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "d7800",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "ex7500",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "eax20",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "ac2600",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "eax80",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "ac2100",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "cbr40",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-015039"
},
{
"db": "NVD",
"id": "CVE-2020-35795"
}
]
},
"cve": "CVE-2020-35795",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2020-35795",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2020-35795",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "OTHER",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-015039",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-35795",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "cve@mitre.org",
"id": "CVE-2020-35795",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2020-35795",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-202012-1750",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-015039"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-1750"
},
{
"db": "NVD",
"id": "CVE-2020-35795"
},
{
"db": "NVD",
"id": "CVE-2020-35795"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects AC2100 before 1.2.0.72, AC2400 before 1.2.0.72, AC2600 before 1.2.0.72, CBK40 before 2.5.0.10, CBR40 before 2.5.0.10, D7800 before 1.0.1.58, EAX20 before 1.0.0.36, EAX80 before 1.0.1.62, EX7500 before 1.0.0.68, MK62 before 1.0.5.102, MR60 before 1.0.5.102, MS60 before 1.0.5.102, R6120 before 1.0.0.70, R6220 before 1.1.0.100, R6230 before 1.1.0.100, R6260 before 1.1.0.76, R6330 before 1.1.0.76, R6350 before 1.1.0.76, R6400 before 1.0.1.62, R6400v2 before 1.0.4.98, R6700 before 1.0.2.16, R6700v2 before 1.2.0.72, R6700v3 before 1.0.4.98, R6800 before 1.2.0.72, R6850 before 1.1.0.76, R6900P before 1.3.2.124, R6900 before 1.0.2.16, R6900v2 before 1.2.0.72, R7000 before 1.0.11.106, R7000P before 1.3.2.124, R7200 before 1.2.0.72, R7350 before 1.2.0.72, R7400 before 1.2.0.72, R7450 before 1.2.0.72, R7800 before 1.0.2.74, R7850 before 1.0.5.60, R7900 before 1.0.4.26, R7900P before 1.4.1.62, R7960P before 1.4.1.62, R8000 before 1.0.4.58, R8000P before 1.4.1.62, R8900 before 1.0.5.24, R9000 before 1.0.5.24, RAX120 before 1.0.1.136, RAX15 before 1.0.1.64, RAX20 before 1.0.1.64, RAX200 before 1.0.2.102, RAX45 before 1.0.2.64, RAX50 before 1.0.2.64, RAX75 before 1.0.3.102, RAX80 before 1.0.3.102, RBK12 before 2.6.1.44, RBR10 before 2.6.1.44, RBS10 before 2.6.1.44, RBK20 before 2.6.1.38, RBR20 before 2.6.1.36, RBS20 before 2.6.1.38, RBK40 before 2.6.1.38, RBR40 before 2.6.1.36, RBS40 before 2.6.1.38, RBK50 before 2.6.1.40, RBR50 before 2.6.1.40, RBS50 before 2.6.1.40, RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK842 before 3.2.16.6, RBR840 before 3.2.16.6, RBS840 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, RBS850 before 3.2.16.6, RS400 before 1.5.0.48, XR300 before 1.0.3.50, XR450 before 2.3.2.66, XR500 before 2.3.2.66, and XR700 before 1.0.1.34. plural NETGEAR A classic buffer overflow vulnerability exists in the device.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-35795"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015039"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-35795",
"trust": 2.4
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015039",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202012-1750",
"trust": 0.6
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-015039"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-1750"
},
{
"db": "NVD",
"id": "CVE-2020-35795"
}
]
},
"id": "VAR-202012-1194",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.3302461448717948
},
"last_update_date": "2024-11-23T23:01:10.862000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Security\u00a0Advisory\u00a0for\u00a0Pre-Authentication\u00a0Buffer\u00a0Overflow\u00a0on\u00a0Some\u00a0Routers,\u00a0Range\u00a0Extenders,\u00a0and\u00a0Orbi\u00a0WiFi\u00a0Systems,\u00a0PSV-2020-0154",
"trust": 0.8,
"url": "https://kb.netgear.com/000062735/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Routers-Range-Extenders-and-Orbi-WiFi-Systems-PSV-2020-0154"
},
{
"title": "Certain NETGEAR devices Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=138129"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-015039"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-1750"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-120",
"trust": 1.0
},
{
"problemtype": "Classic buffer overflow (CWE-120) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-015039"
},
{
"db": "NVD",
"id": "CVE-2020-35795"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "https://kb.netgear.com/000062735/security-advisory-for-pre-authentication-buffer-overflow-on-some-routers-range-extenders-and-orbi-wifi-systems-psv-2020-0154"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35795"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-015039"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-1750"
},
{
"db": "NVD",
"id": "CVE-2020-35795"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2020-015039"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-1750"
},
{
"db": "NVD",
"id": "CVE-2020-35795"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-09-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-015039"
},
{
"date": "2020-12-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202012-1750"
},
{
"date": "2020-12-30T00:15:14.080000",
"db": "NVD",
"id": "CVE-2020-35795"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-09-08T08:43:00",
"db": "JVNDB",
"id": "JVNDB-2020-015039"
},
{
"date": "2021-01-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202012-1750"
},
{
"date": "2024-11-21T05:28:07.420000",
"db": "NVD",
"id": "CVE-2020-35795"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202012-1750"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0NETGEAR\u00a0 Classic buffer overflow vulnerability in device",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-015039"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202012-1750"
}
],
"trust": 0.6
}
}
var-202102-0344
Vulnerability from variot
This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of NETGEAR R7450 1.2.0.62_1.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SOAP API endpoint, which listens on TCP port 80 by default. The issue results from the lack of proper access control. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-11559. NETGEAR R7450 A router contains a vulnerability related to unauthorized authentication. Zero Day Initiative To this vulnerability ZDI-CAN-11559 Was numbered.Information may be obtained. NETGEAR R7450 is a router from Netgear. A hardware device that connects two or more networks and acts as a gateway between the networks
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "r6230",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.1.0.104"
},
{
"_id": null,
"model": "r6020",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.0.48"
},
{
"_id": null,
"model": "r7450",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.2.0.76"
},
{
"_id": null,
"model": "r6850",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.1.0.78"
},
{
"_id": null,
"model": "ac2600",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.2.0.76"
},
{
"_id": null,
"model": "ac2400",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.2.0.76"
},
{
"_id": null,
"model": "r7200",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.2.0.76"
},
{
"_id": null,
"model": "ac2100",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.2.0.76"
},
{
"_id": null,
"model": "r6080",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.0.48"
},
{
"_id": null,
"model": "r6330",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.1.0.78"
},
{
"_id": null,
"model": "r6700",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.2.0.76"
},
{
"_id": null,
"model": "r7400",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.2.0.76"
},
{
"_id": null,
"model": "r6900",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.2.0.76"
},
{
"_id": null,
"model": "r6220",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.1.0.104"
},
{
"_id": null,
"model": "r6800",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.2.0.76"
},
{
"_id": null,
"model": "r6120",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.0.76"
},
{
"_id": null,
"model": "r6350",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.1.0.78"
},
{
"_id": null,
"model": "r6260",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.1.0.78"
},
{
"_id": null,
"model": "r7350",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.2.0.76"
},
{
"_id": null,
"model": "ac2100",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"_id": null,
"model": "r7400",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"_id": null,
"model": "r7200",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"_id": null,
"model": "r6900",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"_id": null,
"model": "ac2400",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"_id": null,
"model": "ac2600",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"_id": null,
"model": "r7450",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"_id": null,
"model": "r6800",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"_id": null,
"model": "r7350",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"_id": null,
"model": "r6700",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"_id": null,
"model": "r7450",
"scope": null,
"trust": 0.7,
"vendor": "netgear",
"version": null
},
{
"_id": null,
"model": "r7450 1.2.0.62 1.0.1",
"scope": null,
"trust": 0.6,
"vendor": "netgear",
"version": null
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-072"
},
{
"db": "CNVD",
"id": "CNVD-2022-06703"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015835"
},
{
"db": "NVD",
"id": "CVE-2020-27873"
}
]
},
"credits": {
"_id": null,
"data": "1sd3d of Viettel Cyber Security",
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-072"
}
],
"trust": 0.7
},
"cve": "CVE-2020-27873",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"id": "CVE-2020-27873",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 1.8,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"id": "CNVD-2022-06703",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "zdi-disclosures@trendmicro.com",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2020-27873",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2020-27873",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "ZDI",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2020-27873",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "NONE",
"vectorString": "AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-27873",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "zdi-disclosures@trendmicro.com",
"id": "CVE-2020-27873",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2020-27873",
"trust": 0.8,
"value": "Medium"
},
{
"author": "ZDI",
"id": "CVE-2020-27873",
"trust": 0.7,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2022-06703",
"trust": 0.6,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-202102-384",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-072"
},
{
"db": "CNVD",
"id": "CNVD-2022-06703"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015835"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-384"
},
{
"db": "NVD",
"id": "CVE-2020-27873"
},
{
"db": "NVD",
"id": "CVE-2020-27873"
}
]
},
"description": {
"_id": null,
"data": "This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of NETGEAR R7450 1.2.0.62_1.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SOAP API endpoint, which listens on TCP port 80 by default. The issue results from the lack of proper access control. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-11559. NETGEAR R7450 A router contains a vulnerability related to unauthorized authentication. Zero Day Initiative To this vulnerability ZDI-CAN-11559 Was numbered.Information may be obtained. NETGEAR R7450 is a router from Netgear. A hardware device that connects two or more networks and acts as a gateway between the networks",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-27873"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015835"
},
{
"db": "ZDI",
"id": "ZDI-21-072"
},
{
"db": "CNVD",
"id": "CNVD-2022-06703"
},
{
"db": "VULMON",
"id": "CVE-2020-27873"
}
],
"trust": 2.88
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2020-27873",
"trust": 3.8
},
{
"db": "ZDI",
"id": "ZDI-21-072",
"trust": 3.2
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015835",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-11559",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2022-06703",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202102-384",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2020-27873",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-072"
},
{
"db": "CNVD",
"id": "CNVD-2022-06703"
},
{
"db": "VULMON",
"id": "CVE-2020-27873"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015835"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-384"
},
{
"db": "NVD",
"id": "CVE-2020-27873"
}
]
},
"id": "VAR-202102-0344",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-06703"
}
],
"trust": 0.9393898425
},
"iot_taxonomy": {
"_id": null,
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-06703"
}
]
},
"last_update_date": "2024-11-23T23:07:40.003000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Security\u00a0Advisory\u00a0for\u00a0Password\u00a0Recovery\u00a0Vulnerabilities\u00a0on\u00a0Some\u00a0Routers",
"trust": 1.5,
"url": "https://kb.netgear.com/000062641/Security-Advisory-for-Password-Recovery-Vulnerabilities-on-Some-Routers"
},
{
"title": "Patch for NETGEAR R7450 Access Control Error Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/316146"
},
{
"title": "NETGEAR R7450 Fixes for access control error vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=140608"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-072"
},
{
"db": "CNVD",
"id": "CNVD-2022-06703"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015835"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-384"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-284",
"trust": 1.0
},
{
"problemtype": "CWE-863",
"trust": 1.0
},
{
"problemtype": "Bad authentication (CWE-863) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-015835"
},
{
"db": "NVD",
"id": "CVE-2020-27873"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 2.5,
"url": "https://www.zerodayinitiative.com/advisories/zdi-21-072/"
},
{
"trust": 2.4,
"url": "https://kb.netgear.com/000062641/security-advisory-for-password-recovery-vulnerabilities-on-some-routers"
},
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-27873"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/195043"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-072"
},
{
"db": "CNVD",
"id": "CNVD-2022-06703"
},
{
"db": "VULMON",
"id": "CVE-2020-27873"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015835"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-384"
},
{
"db": "NVD",
"id": "CVE-2020-27873"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "ZDI",
"id": "ZDI-21-072",
"ident": null
},
{
"db": "CNVD",
"id": "CNVD-2022-06703",
"ident": null
},
{
"db": "VULMON",
"id": "CVE-2020-27873",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015835",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-202102-384",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2020-27873",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2021-01-18T00:00:00",
"db": "ZDI",
"id": "ZDI-21-072",
"ident": null
},
{
"date": "2022-01-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-06703",
"ident": null
},
{
"date": "2021-02-04T00:00:00",
"db": "VULMON",
"id": "CVE-2020-27873",
"ident": null
},
{
"date": "2021-10-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-015835",
"ident": null
},
{
"date": "2021-02-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202102-384",
"ident": null
},
{
"date": "2021-02-04T17:15:13.480000",
"db": "NVD",
"id": "CVE-2020-27873",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2021-01-18T00:00:00",
"db": "ZDI",
"id": "ZDI-21-072",
"ident": null
},
{
"date": "2022-01-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-06703",
"ident": null
},
{
"date": "2021-02-08T00:00:00",
"db": "VULMON",
"id": "CVE-2020-27873",
"ident": null
},
{
"date": "2021-10-19T07:03:00",
"db": "JVNDB",
"id": "JVNDB-2020-015835",
"ident": null
},
{
"date": "2021-02-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202102-384",
"ident": null
},
{
"date": "2024-11-21T05:21:58.680000",
"db": "NVD",
"id": "CVE-2020-27873",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202102-384"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "NETGEAR R7450 Access Control Error Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-06703"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-384"
}
],
"trust": 1.2
},
"type": {
"_id": null,
"data": "access control error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202102-384"
}
],
"trust": 0.6
}
}
var-202108-1622
Vulnerability from variot
Certain NETGEAR devices are affected by lack of access control at the function level. This affects D6220 before 1.0.0.48, D6400 before 1.0.0.82, D7000v2 before 1.0.0.52, D7800 before 1.0.1.44, D8500 before 1.0.3.43, DC112A before 1.0.0.40, DGN2200v4 before 1.0.0.108, RBK50 before 2.3.0.32, RBR50 before 2.3.0.32, RBS50 before 2.3.0.32, RBK20 before 2.3.0.28, RBR20 before 2.3.0.28, RBS20 before 2.3.0.28, RBK40 before 2.3.0.28, RBR40 before 2.3.0.28, RBS40 before 2.3.0.28, R6020 before 1.0.0.34, R6080 before 1.0.0.34, R6120 before 1.0.0.44, R6220 before 1.1.0.80, R6230 before 1.1.0.80, R6250 before 1.0.4.34, R6260 before 1.1.0.40, R6850 before 1.1.0.40, R6350 before 1.1.0.40, R6400v2 before 1.0.2.62, R6700v3 before 1.0.2.62, R6700v2 before 1.2.0.36, R6800 before 1.2.0.36, R6900v2 before 1.2.0.36, R7000 before 1.0.9.34, R6900P before 1.3.1.44, R7000P before 1.3.1.44, R7100LG before 1.0.0.48, R7200 before 1.2.0.48, R7350 before 1.2.0.48, R7400 before 1.2.0.48, R7450 before 1.2.0.36, AC2100 before 1.2.0.36, AC2400 before 1.2.0.36, AC2600 before 1.2.0.36, R7500v2 before 1.0.3.38, R7800 before 1.0.2.58, R7900 before 1.0.3.8, R7960P before 1.4.1.44, R8000 before 1.0.4.28, R7900P before 1.4.1.30, R8000P before 1.4.1.30, R8900 before 1.0.4.2, R9000 before 1.0.4.2, RAX120 before 1.0.0.74, RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, RBS850 before 3.2.16.6, WNR3500Lv2 before 1.2.0.56, XR450 before 2.3.2.32, and XR500 before 2.3.2.32. This affects D6220 prior to 1.0.0.48, D6400 prior to 1.0.0.82, D7000v2 prior to 1.0.0.52, D7800 prior to 1.0.1.44, D8500 prior to 1.0.3.43, DC112A prior to 1.0.0.40, DGN2200v4 prior to 1.0.0.108, RBK50 prior to 2.3.0.32, RBR50 prior to 2.3.0.32, RBS50 prior to 2.3.0.32, RBK20 prior to 2.3.0.28, RBR20 prior to 2.3.0.28, RBS20 prior to 2.3.0.28, RBK40 prior to 2.3.0.28, RBR40 prior to 2.3.0.28, RBS40 prior to 2.3.0.28, R6020 prior to 1.0.0.34, R6080 prior to 1.0.0.34, R6120 prior to 1.0.0.44, R6220 prior to 1.1.0.80, R6230 prior to 1.1.0.80, R6250 prior to 1.0.4.34, R6260 prior to 1.1.0.40, R6850 prior to 1.1.0.40, R6350 prior to 1.1.0.40, R6400v2 prior to 1.0.2.62, R6700v3 prior to 1.0.2.62, R6700v2 prior to 1.2.0.36, R6800 prior to 1.2.0.36, R6900v2 prior to 1.2.0.36, R7000 prior to 1.0.9.34, R6900P prior to 1.3.1.44, R7000P prior to 1.3.1.44, R7100LG prior to 1.0.0.48, R7200 prior to 1.2.0.48, R7350 prior to 1.2.0.48, R7400 prior to 1.2.0.48, R7450 prior to 1.2.0.36, AC2100 prior to 1.2.0.36, AC2400 prior to 1.2.0.36, AC2600 prior to 1.2.0.36, R7500v2 prior to 1.0.3.38, R7800 prior to 1.0.2.58, R7900 prior to 1.0.3.8, R7960P prior to 1.4.1.44, R8000 prior to 1.0.4.28, R7900P prior to 1.4.1.30, R8000P prior to 1.4.1.30, R8900 prior to 1.0.4.2, R9000 prior to 1.0.4.2, RAX120 prior to 1.0.0.74, RBK752 prior to 3.2.16.6, RBR750 prior to 3.2.16.6, RBS750 prior to 3.2.16.6, RBK852 prior to 3.2.16.6, RBR850 prior to 3.2.16.6, RBS850 prior to 3.2.16.6, WNR3500Lv2 prior to 1.2.0.56, XR450 prior to 2.3.2.32, and XR500 prior to 2.3.2.32
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202108-1622",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "r6080",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.0.34"
},
{
"model": "r8900",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.4.2"
},
{
"model": "d7800",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.1.44"
},
{
"model": "rbk50",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2.3.0.32"
},
{
"model": "rbs40",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2.3.0.28"
},
{
"model": "r6400",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.2.62"
},
{
"model": "rbk852",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "3.2.16.6"
},
{
"model": "ac2600",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.2.0.36"
},
{
"model": "d6220",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.0.48"
},
{
"model": "r7900",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.3.8"
},
{
"model": "r6220",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.1.0.80"
},
{
"model": "r7000",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.9.34"
},
{
"model": "r6900p",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.3.1.44"
},
{
"model": "d6400",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.0.82"
},
{
"model": "d7000",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.0.52"
},
{
"model": "r6800",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.2.0.36"
},
{
"model": "rbr40",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2.3.0.28"
},
{
"model": "rbr50",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2.3.0.32"
},
{
"model": "rax120",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.0.74"
},
{
"model": "dc112a",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.0.40"
},
{
"model": "ac2100",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.2.0.36"
},
{
"model": "rbs750",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "3.2.16.6"
},
{
"model": "rbr850",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "3.2.16.6"
},
{
"model": "r6250",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.4.34"
},
{
"model": "dgn2200",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.0.108"
},
{
"model": "d8500",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.3.43"
},
{
"model": "r6120",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.0.44"
},
{
"model": "r7500",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.3.38"
},
{
"model": "r7200",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.2.0.48"
},
{
"model": "r8000",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.4.28"
},
{
"model": "r6700",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.2.62"
},
{
"model": "rbk20",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2.3.0.28"
},
{
"model": "rbk40",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2.3.0.28"
},
{
"model": "r8000p",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.4.1.30"
},
{
"model": "xr500",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2.3.2.32"
},
{
"model": "rbs50",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2.3.0.32"
},
{
"model": "r6230",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.1.0.80"
},
{
"model": "r6700",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.2.0.36"
},
{
"model": "r7450",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.2.0.36"
},
{
"model": "ac2400",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.2.0.36"
},
{
"model": "r7960p",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.4.1.44"
},
{
"model": "r6350",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.1.0.40"
},
{
"model": "rbk752",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "3.2.16.6"
},
{
"model": "r9000",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.4.2"
},
{
"model": "xr450",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2.3.2.32"
},
{
"model": "r7000p",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.3.1.44"
},
{
"model": "rbr750",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "3.2.16.6"
},
{
"model": "r7400",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.2.0.48"
},
{
"model": "r7100lg",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.0.48"
},
{
"model": "r7900p",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.4.1.30"
},
{
"model": "r7350",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.2.0.48"
},
{
"model": "rbr20",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2.3.0.28"
},
{
"model": "rbs20",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2.3.0.28"
},
{
"model": "r6020",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.0.34"
},
{
"model": "r6260",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.1.0.40"
},
{
"model": "r6850",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.1.0.40"
},
{
"model": "r6900",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.2.0.36"
},
{
"model": "rbs850",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "3.2.16.6"
},
{
"model": "wnr3500l",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.2.0.56"
},
{
"model": "r7800",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.2.58"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-38516"
}
]
},
"cve": "CVE-2021-38516",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2021-38516",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.1,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2021-38516",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "cve@mitre.org",
"availabilityImpact": "HIGH",
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2021-38516",
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-38516",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "cve@mitre.org",
"id": "CVE-2021-38516",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "CNNVD",
"id": "CNNVD-202108-961",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2021-38516",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-38516"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-961"
},
{
"db": "NVD",
"id": "CVE-2021-38516"
},
{
"db": "NVD",
"id": "CVE-2021-38516"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Certain NETGEAR devices are affected by lack of access control at the function level. This affects D6220 before 1.0.0.48, D6400 before 1.0.0.82, D7000v2 before 1.0.0.52, D7800 before 1.0.1.44, D8500 before 1.0.3.43, DC112A before 1.0.0.40, DGN2200v4 before 1.0.0.108, RBK50 before 2.3.0.32, RBR50 before 2.3.0.32, RBS50 before 2.3.0.32, RBK20 before 2.3.0.28, RBR20 before 2.3.0.28, RBS20 before 2.3.0.28, RBK40 before 2.3.0.28, RBR40 before 2.3.0.28, RBS40 before 2.3.0.28, R6020 before 1.0.0.34, R6080 before 1.0.0.34, R6120 before 1.0.0.44, R6220 before 1.1.0.80, R6230 before 1.1.0.80, R6250 before 1.0.4.34, R6260 before 1.1.0.40, R6850 before 1.1.0.40, R6350 before 1.1.0.40, R6400v2 before 1.0.2.62, R6700v3 before 1.0.2.62, R6700v2 before 1.2.0.36, R6800 before 1.2.0.36, R6900v2 before 1.2.0.36, R7000 before 1.0.9.34, R6900P before 1.3.1.44, R7000P before 1.3.1.44, R7100LG before 1.0.0.48, R7200 before 1.2.0.48, R7350 before 1.2.0.48, R7400 before 1.2.0.48, R7450 before 1.2.0.36, AC2100 before 1.2.0.36, AC2400 before 1.2.0.36, AC2600 before 1.2.0.36, R7500v2 before 1.0.3.38, R7800 before 1.0.2.58, R7900 before 1.0.3.8, R7960P before 1.4.1.44, R8000 before 1.0.4.28, R7900P before 1.4.1.30, R8000P before 1.4.1.30, R8900 before 1.0.4.2, R9000 before 1.0.4.2, RAX120 before 1.0.0.74, RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, RBS850 before 3.2.16.6, WNR3500Lv2 before 1.2.0.56, XR450 before 2.3.2.32, and XR500 before 2.3.2.32. This affects D6220 prior to 1.0.0.48, D6400 prior to 1.0.0.82, D7000v2 prior to 1.0.0.52, D7800 prior to 1.0.1.44, D8500 prior to 1.0.3.43, DC112A prior to 1.0.0.40, DGN2200v4 prior to 1.0.0.108, RBK50 prior to 2.3.0.32, RBR50 prior to 2.3.0.32, RBS50 prior to 2.3.0.32, RBK20 prior to 2.3.0.28, RBR20 prior to 2.3.0.28, RBS20 prior to 2.3.0.28, RBK40 prior to 2.3.0.28, RBR40 prior to 2.3.0.28, RBS40 prior to 2.3.0.28, R6020 prior to 1.0.0.34, R6080 prior to 1.0.0.34, R6120 prior to 1.0.0.44, R6220 prior to 1.1.0.80, R6230 prior to 1.1.0.80, R6250 prior to 1.0.4.34, R6260 prior to 1.1.0.40, R6850 prior to 1.1.0.40, R6350 prior to 1.1.0.40, R6400v2 prior to 1.0.2.62, R6700v3 prior to 1.0.2.62, R6700v2 prior to 1.2.0.36, R6800 prior to 1.2.0.36, R6900v2 prior to 1.2.0.36, R7000 prior to 1.0.9.34, R6900P prior to 1.3.1.44, R7000P prior to 1.3.1.44, R7100LG prior to 1.0.0.48, R7200 prior to 1.2.0.48, R7350 prior to 1.2.0.48, R7400 prior to 1.2.0.48, R7450 prior to 1.2.0.36, AC2100 prior to 1.2.0.36, AC2400 prior to 1.2.0.36, AC2600 prior to 1.2.0.36, R7500v2 prior to 1.0.3.38, R7800 prior to 1.0.2.58, R7900 prior to 1.0.3.8, R7960P prior to 1.4.1.44, R8000 prior to 1.0.4.28, R7900P prior to 1.4.1.30, R8000P prior to 1.4.1.30, R8900 prior to 1.0.4.2, R9000 prior to 1.0.4.2, RAX120 prior to 1.0.0.74, RBK752 prior to 3.2.16.6, RBR750 prior to 3.2.16.6, RBS750 prior to 3.2.16.6, RBK852 prior to 3.2.16.6, RBR850 prior to 3.2.16.6, RBS850 prior to 3.2.16.6, WNR3500Lv2 prior to 1.2.0.56, XR450 prior to 2.3.2.32, and XR500 prior to 2.3.2.32",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-38516"
},
{
"db": "VULMON",
"id": "CVE-2021-38516"
}
],
"trust": 0.99
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-38516",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-202108-961",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-38516",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-38516"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-961"
},
{
"db": "NVD",
"id": "CVE-2021-38516"
}
]
},
"id": "VAR-202108-1622",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.31753556325
},
"last_update_date": "2024-08-14T14:03:05.803000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Multiple Netgear Product security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=159355"
},
{
"title": "CVE-2021-38516",
"trust": 0.1,
"url": "https://github.com/AlAIAL90/CVE-2021-38516 "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-38516"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-961"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-38516"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://kb.netgear.com/000063780/security-advisory-for-missing-function-level-access-control-on-some-routers-gateways-and-wifi-systems-psv-2020-0273"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-38516"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/863.html"
},
{
"trust": 0.1,
"url": "https://github.com/alaial90/cve-2021-38516"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-38516"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-961"
},
{
"db": "NVD",
"id": "CVE-2021-38516"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2021-38516"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-961"
},
{
"db": "NVD",
"id": "CVE-2021-38516"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-08-11T00:00:00",
"db": "VULMON",
"id": "CVE-2021-38516"
},
{
"date": "2021-08-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202108-961"
},
{
"date": "2021-08-11T00:15:25.580000",
"db": "NVD",
"id": "CVE-2021-38516"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-08-19T00:00:00",
"db": "VULMON",
"id": "CVE-2021-38516"
},
{
"date": "2022-07-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202108-961"
},
{
"date": "2022-07-12T17:42:04.277000",
"db": "NVD",
"id": "CVE-2021-38516"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202108-961"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple Netgear Product security vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202108-961"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202108-961"
}
],
"trust": 0.6
}
}
var-202010-0411
Vulnerability from variot
This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of NETGEAR R6120, R6080, R6260, R6220, R6020, JNR3210, and WNR2020 routers with firmware 1.0.66. Authentication is not required to exploit this vulnerability. The specific flaw exists within the mini_httpd service, which listens on TCP port 80 by default. The issue results from incorrect string matching logic when accessing protected pages. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-10754. plural NETGEAR The router is vulnerable to authentication bypass using alternate paths or channels. Zero Day Initiative To this vulnerability ZDI-CAN-10754 Was numbered.Information may be obtained
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202010-0411",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "r6220",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.1.0.100"
},
{
"model": "r6120",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.0.70"
},
{
"model": "r6080",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.0.44"
},
{
"model": "r6850",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.1.0.76"
},
{
"model": "r6330",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.1.0.76"
},
{
"model": "jnr3210",
"scope": "eq",
"trust": 1.0,
"vendor": "netgear",
"version": null
},
{
"model": "wnr2020",
"scope": "eq",
"trust": 1.0,
"vendor": "netgear",
"version": null
},
{
"model": "r6020",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.0.44"
},
{
"model": "r6230",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.1.0.100"
},
{
"model": "r6350",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.1.0.76"
},
{
"model": "r6260",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.1.0.76"
},
{
"model": "jnr3210",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "r6020",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "r6080",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "r6120",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "r6220",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "r6230",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "r6260",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "r6330",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "r6350",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "r6850",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "multiple routers",
"scope": null,
"trust": 0.7,
"vendor": "netgear",
"version": null
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-1176"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-012257"
},
{
"db": "NVD",
"id": "CVE-2020-17409"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Anonymous",
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-1176"
}
],
"trust": 0.7
},
"cve": "CVE-2020-17409",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"id": "CVE-2020-17409",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 1.9,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "zdi-disclosures@trendmicro.com",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2020-17409",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2020-17409",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "ZDI",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2020-17409",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "NONE",
"vectorString": "AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-17409",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "zdi-disclosures@trendmicro.com",
"id": "CVE-2020-17409",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2020-17409",
"trust": 0.8,
"value": "Medium"
},
{
"author": "ZDI",
"id": "CVE-2020-17409",
"trust": 0.7,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202010-583",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2020-17409",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-1176"
},
{
"db": "VULMON",
"id": "CVE-2020-17409"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-012257"
},
{
"db": "CNNVD",
"id": "CNNVD-202010-583"
},
{
"db": "NVD",
"id": "CVE-2020-17409"
},
{
"db": "NVD",
"id": "CVE-2020-17409"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of NETGEAR R6120, R6080, R6260, R6220, R6020, JNR3210, and WNR2020 routers with firmware 1.0.66. Authentication is not required to exploit this vulnerability. The specific flaw exists within the mini_httpd service, which listens on TCP port 80 by default. The issue results from incorrect string matching logic when accessing protected pages. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-10754. plural NETGEAR The router is vulnerable to authentication bypass using alternate paths or channels. Zero Day Initiative To this vulnerability ZDI-CAN-10754 Was numbered.Information may be obtained",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-17409"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-012257"
},
{
"db": "ZDI",
"id": "ZDI-20-1176"
},
{
"db": "VULMON",
"id": "CVE-2020-17409"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-17409",
"trust": 3.2
},
{
"db": "ZDI",
"id": "ZDI-20-1176",
"trust": 3.2
},
{
"db": "JVNDB",
"id": "JVNDB-2020-012257",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-10754",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-202010-583",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2020-17409",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-1176"
},
{
"db": "VULMON",
"id": "CVE-2020-17409"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-012257"
},
{
"db": "CNNVD",
"id": "CNNVD-202010-583"
},
{
"db": "NVD",
"id": "CVE-2020-17409"
}
]
},
"id": "VAR-202010-0411",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.30873307
},
"last_update_date": "2024-11-23T22:58:08.413000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Security\u00a0Advisory\u00a0for\u00a0Authentication\u00a0Bypass\u00a0on\u00a0Some\u00a0Routers,\u00a0PSV-2020-0258",
"trust": 1.5,
"url": "https://kb.netgear.com/000062304/Security-Advisory-for-Authentication-Bypass-on-Some-Routers-PSV-2020-0258"
},
{
"title": "mini_httpd service Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=130160"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-1176"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-012257"
},
{
"db": "CNNVD",
"id": "CNNVD-202010-583"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-288",
"trust": 1.0
},
{
"problemtype": "Authentication bypass using alternate path or channel (CWE-288) [ Other ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-012257"
},
{
"db": "NVD",
"id": "CVE-2020-17409"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-1176/"
},
{
"trust": 2.4,
"url": "https://kb.netgear.com/000062304/security-advisory-for-authentication-bypass-on-some-routers-psv-2020-0258"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-17409"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/288.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-1176"
},
{
"db": "VULMON",
"id": "CVE-2020-17409"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-012257"
},
{
"db": "CNNVD",
"id": "CNNVD-202010-583"
},
{
"db": "NVD",
"id": "CVE-2020-17409"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-20-1176"
},
{
"db": "VULMON",
"id": "CVE-2020-17409"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-012257"
},
{
"db": "CNNVD",
"id": "CNNVD-202010-583"
},
{
"db": "NVD",
"id": "CVE-2020-17409"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-09-15T00:00:00",
"db": "ZDI",
"id": "ZDI-20-1176"
},
{
"date": "2020-10-13T00:00:00",
"db": "VULMON",
"id": "CVE-2020-17409"
},
{
"date": "2021-04-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-012257"
},
{
"date": "2020-10-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202010-583"
},
{
"date": "2020-10-13T17:15:13.777000",
"db": "NVD",
"id": "CVE-2020-17409"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-09-15T00:00:00",
"db": "ZDI",
"id": "ZDI-20-1176"
},
{
"date": "2020-12-03T00:00:00",
"db": "VULMON",
"id": "CVE-2020-17409"
},
{
"date": "2021-04-27T09:05:00",
"db": "JVNDB",
"id": "JVNDB-2020-012257"
},
{
"date": "2020-10-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202010-583"
},
{
"date": "2024-11-21T05:08:02.343000",
"db": "NVD",
"id": "CVE-2020-17409"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202010-583"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0NETGEAR\u00a0 Vulnerability in authentication bypass using alternate path or channel in router",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-012257"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202010-583"
}
],
"trust": 0.6
}
}
var-202108-2271
Vulnerability from variot
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of multiple NETGEAR routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the mini_httpd service, which listens on TCP port 80 by default. The issue results from incorrect string matching logic when accessing protected pages. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. Was ZDI-CAN-13313. plural NETGEAR An improper comparison vulnerability exists in routers. Zero Day Initiative To this vulnerability ZDI-CAN-13313 Was numbering.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202108-2271",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ac2400",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.2.0.88"
},
{
"model": "d7000v1",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.1.80"
},
{
"model": "r6220",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.1.0.110"
},
{
"model": "r6230",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.1.0.110"
},
{
"model": "r7450",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.2.0.88"
},
{
"model": "r6330",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.1.0.84"
},
{
"model": "r6700v2",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.2.0.88"
},
{
"model": "r7200",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.2.0.88"
},
{
"model": "r6800",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.2.0.88"
},
{
"model": "r6260",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.1.0.84"
},
{
"model": "r7400",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.2.0.88"
},
{
"model": "r6850",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.1.0.84"
},
{
"model": "r7350",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.2.0.88"
},
{
"model": "ac2100",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.2.0.88"
},
{
"model": "r6900v2",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.2.0.88"
},
{
"model": "ac2600",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.2.0.88"
},
{
"model": "r6350",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.1.0.84"
},
{
"model": "ac2100",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "r6220",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "ac2400",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "r6330",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "r6230",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "r6260",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "r6350",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "r6700v2",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "d7000v1",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "ac2600",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "multiple routers",
"scope": null,
"trust": 0.7,
"vendor": "netgear",
"version": null
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-1051"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-018127"
},
{
"db": "NVD",
"id": "CVE-2021-34865"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "1sd3d of VCS",
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-1051"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-2714"
}
],
"trust": 1.3
},
"cve": "CVE-2021-34865",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.5,
"id": "CVE-2021-34865",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "zdi-disclosures@trendmicro.com",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2021-34865",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2021-34865",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2021-34865",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "NONE",
"vectorString": "AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-34865",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "zdi-disclosures@trendmicro.com",
"id": "CVE-2021-34865",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2021-34865",
"trust": 0.8,
"value": "High"
},
{
"author": "ZDI",
"id": "CVE-2021-34865",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202108-2714",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-1051"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-018127"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-2714"
},
{
"db": "NVD",
"id": "CVE-2021-34865"
},
{
"db": "NVD",
"id": "CVE-2021-34865"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of multiple NETGEAR routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the mini_httpd service, which listens on TCP port 80 by default. The issue results from incorrect string matching logic when accessing protected pages. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. Was ZDI-CAN-13313. plural NETGEAR An improper comparison vulnerability exists in routers. Zero Day Initiative To this vulnerability ZDI-CAN-13313 Was numbering.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-34865"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-018127"
},
{
"db": "ZDI",
"id": "ZDI-21-1051"
},
{
"db": "VULMON",
"id": "CVE-2021-34865"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-34865",
"trust": 4.0
},
{
"db": "ZDI",
"id": "ZDI-21-1051",
"trust": 3.2
},
{
"db": "JVNDB",
"id": "JVNDB-2021-018127",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-13313",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-202108-2714",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-34865",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-1051"
},
{
"db": "VULMON",
"id": "CVE-2021-34865"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-018127"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-2714"
},
{
"db": "NVD",
"id": "CVE-2021-34865"
}
]
},
"id": "VAR-202108-2271",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.51070838
},
"last_update_date": "2024-08-14T15:17:07.475000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Security\u00a0Advisory\u00a0for\u00a0Authentication\u00a0Bypass\u00a0Vulnerability\u00a0on\u00a0Some\u00a0Routers,\u00a0PSV-2021-0083",
"trust": 0.8,
"url": "https://kb.netgear.com/000063955/Security-Advisory-for-Authentication-Bypass-Vulnerability-on-Some-Routers-PSV-2021-0083"
},
{
"title": "NETGEAR has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://kb.netgear.com/000063955/Security-Advisory-for-Authentication-Bypass-Vulnerability-on-Some-Routers-PSV-2021-0083?article=000063955"
},
{
"title": "NETGEAR Repair measures for multiple product authorization issues",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=160968"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-1051"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-018127"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-2714"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-697",
"trust": 1.0
},
{
"problemtype": "CWE-287",
"trust": 1.0
},
{
"problemtype": "Inappropriate comparison (CWE-697) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-018127"
},
{
"db": "NVD",
"id": "CVE-2021-34865"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://www.zerodayinitiative.com/advisories/zdi-21-1051/"
},
{
"trust": 2.3,
"url": "https://kb.netgear.com/000063955/security-advisory-for-authentication-bypass-vulnerability-on-some-routers-psv-2021-0083?article=000063955"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-34865"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-1051"
},
{
"db": "VULMON",
"id": "CVE-2021-34865"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-018127"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-2714"
},
{
"db": "NVD",
"id": "CVE-2021-34865"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-21-1051"
},
{
"db": "VULMON",
"id": "CVE-2021-34865"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-018127"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-2714"
},
{
"db": "NVD",
"id": "CVE-2021-34865"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-08-30T00:00:00",
"db": "ZDI",
"id": "ZDI-21-1051"
},
{
"date": "2023-03-31T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-018127"
},
{
"date": "2021-08-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202108-2714"
},
{
"date": "2022-01-25T16:15:08.383000",
"db": "NVD",
"id": "CVE-2021-34865"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-08-30T00:00:00",
"db": "ZDI",
"id": "ZDI-21-1051"
},
{
"date": "2023-03-31T08:45:00",
"db": "JVNDB",
"id": "JVNDB-2021-018127"
},
{
"date": "2022-10-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202108-2714"
},
{
"date": "2022-10-27T11:53:26.290000",
"db": "NVD",
"id": "CVE-2021-34865"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202108-2714"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0NETGEAR\u00a0 Improper Comparison Vulnerability in Routers",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-018127"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202108-2714"
}
],
"trust": 0.6
}
}
var-202108-1581
Vulnerability from variot
Certain NETGEAR devices are affected by stored XSS. This affects D6200 before 1.1.00.40, D7000 before 1.0.1.78, R6020 before 1.0.0.48, R6080 before 1.0.0.48, R6120 before 1.0.0.66, R6260 before 1.1.0.78, R6700v2 before 1.2.0.76, R6800 before 1.2.0.76, R6900v2 before 1.2.0.76, R6850 before 1.1.0.78, R7200 before 1.2.0.76, R7350 before 1.2.0.76, R7400 before 1.2.0.76, R7450 before 1.2.0.76, AC2100 before 1.2.0.76, AC2400 before 1.2.0.76, AC2600 before 1.2.0.76, RAX35 before 1.0.3.62, and RAX40 before 1.0.3.62. plural NETGEAR A cross-site scripting vulnerability exists in the device.Information may be obtained and information may be tampered with. This affects D6200 prior to 1.1.00.40, D7000 prior to 1.0.1.78, R6020 prior to 1.0.0.48, R6080 prior to 1.0.0.48, R6120 prior to 1.0.0.66, R6260 prior to 1.1.0.78, R6700v2 prior to 1.2.0.76, R6800 prior to 1.2.0.76, R6900v2 prior to 1.2.0.76, R6850 prior to 1.1.0.78, R7200 prior to 1.2.0.76, R7350 prior to 1.2.0.76, R7400 prior to 1.2.0.76, R7450 prior to 1.2.0.76, AC2100 prior to 1.2.0.76, AC2400 prior to 1.2.0.76, AC2600 prior to 1.2.0.76, RAX35 prior to 1.0.3.62, and RAX40 prior to 1.0.3.62
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202108-1581",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "r7200",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.2.0.76"
},
{
"model": "r6120",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.0.66"
},
{
"model": "ac2100",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.2.0.76"
},
{
"model": "r6900",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.2.0.76"
},
{
"model": "d7000",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.1.78"
},
{
"model": "rax40",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.3.62"
},
{
"model": "r7400",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.2.0.76"
},
{
"model": "r7350",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.2.0.76"
},
{
"model": "r6020",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.0.48"
},
{
"model": "r6260",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.1.0.78"
},
{
"model": "r6800",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.2.0.76"
},
{
"model": "r6850",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.1.0.78"
},
{
"model": "r7450",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.2.0.76"
},
{
"model": "d6200",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.1.00.40"
},
{
"model": "ac2600",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.2.0.76"
},
{
"model": "r6700",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.2.0.76"
},
{
"model": "ac2400",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.2.0.76"
},
{
"model": "rax35",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.3.62"
},
{
"model": "r6080",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.0.48"
},
{
"model": "d7000",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "r6020",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "r6850",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "r6700",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "r6080",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "r6800",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "r6120",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "r6900",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "r6260",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "d6200",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-010440"
},
{
"db": "NVD",
"id": "CVE-2021-38536"
}
]
},
"cve": "CVE-2021-38536",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"id": "CVE-2021-38536",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 1.7,
"id": "CVE-2021-38536",
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "cve@mitre.org",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 1.2,
"id": "CVE-2021-38536",
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.8,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2021-38536",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "High",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-38536",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "cve@mitre.org",
"id": "CVE-2021-38536",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2021-38536",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202108-943",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2021-38536",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-38536"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-010440"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-943"
},
{
"db": "NVD",
"id": "CVE-2021-38536"
},
{
"db": "NVD",
"id": "CVE-2021-38536"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Certain NETGEAR devices are affected by stored XSS. This affects D6200 before 1.1.00.40, D7000 before 1.0.1.78, R6020 before 1.0.0.48, R6080 before 1.0.0.48, R6120 before 1.0.0.66, R6260 before 1.1.0.78, R6700v2 before 1.2.0.76, R6800 before 1.2.0.76, R6900v2 before 1.2.0.76, R6850 before 1.1.0.78, R7200 before 1.2.0.76, R7350 before 1.2.0.76, R7400 before 1.2.0.76, R7450 before 1.2.0.76, AC2100 before 1.2.0.76, AC2400 before 1.2.0.76, AC2600 before 1.2.0.76, RAX35 before 1.0.3.62, and RAX40 before 1.0.3.62. plural NETGEAR A cross-site scripting vulnerability exists in the device.Information may be obtained and information may be tampered with. This affects D6200 prior to 1.1.00.40, D7000 prior to 1.0.1.78, R6020 prior to 1.0.0.48, R6080 prior to 1.0.0.48, R6120 prior to 1.0.0.66, R6260 prior to 1.1.0.78, R6700v2 prior to 1.2.0.76, R6800 prior to 1.2.0.76, R6900v2 prior to 1.2.0.76, R6850 prior to 1.1.0.78, R7200 prior to 1.2.0.76, R7350 prior to 1.2.0.76, R7400 prior to 1.2.0.76, R7450 prior to 1.2.0.76, AC2100 prior to 1.2.0.76, AC2400 prior to 1.2.0.76, AC2600 prior to 1.2.0.76, RAX35 prior to 1.0.3.62, and RAX40 prior to 1.0.3.62",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-38536"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-010440"
},
{
"db": "VULMON",
"id": "CVE-2021-38536"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-38536",
"trust": 3.3
},
{
"db": "JVNDB",
"id": "JVNDB-2021-010440",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202108-943",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-38536",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-38536"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-010440"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-943"
},
{
"db": "NVD",
"id": "CVE-2021-38536"
}
]
},
"id": "VAR-202108-1581",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.32696482363636364
},
"last_update_date": "2024-08-14T15:42:46.330000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Security\u00a0Advisory\u00a0for\u00a0Stored\u00a0Cross\u00a0Site\u00a0Scripting\u00a0on\u00a0Some\u00a0Routers\u00a0and\u00a0Gateways,\u00a0PSV-2019-0193",
"trust": 0.8,
"url": "https://kb.netgear.com/000063774/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-and-Gateways-PSV-2019-0193"
},
{
"title": "Netgear NETGEAR Fixes for cross-site scripting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=159337"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-010440"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-943"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.0
},
{
"problemtype": "Cross-site scripting (CWE-79) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-010440"
},
{
"db": "NVD",
"id": "CVE-2021-38536"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://kb.netgear.com/000063774/security-advisory-for-stored-cross-site-scripting-on-some-routers-and-gateways-psv-2019-0193"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-38536"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/79.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-38536"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-010440"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-943"
},
{
"db": "NVD",
"id": "CVE-2021-38536"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2021-38536"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-010440"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-943"
},
{
"db": "NVD",
"id": "CVE-2021-38536"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-08-11T00:00:00",
"db": "VULMON",
"id": "CVE-2021-38536"
},
{
"date": "2022-07-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-010440"
},
{
"date": "2021-08-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202108-943"
},
{
"date": "2021-08-11T00:17:31.773000",
"db": "NVD",
"id": "CVE-2021-38536"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-08-19T00:00:00",
"db": "VULMON",
"id": "CVE-2021-38536"
},
{
"date": "2022-07-01T06:11:00",
"db": "JVNDB",
"id": "JVNDB-2021-010440"
},
{
"date": "2021-08-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202108-943"
},
{
"date": "2021-08-19T16:17:59.127000",
"db": "NVD",
"id": "CVE-2021-38536"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202108-943"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0NETGEAR\u00a0 Cross-site scripting vulnerabilities in devices",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-010440"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202108-943"
}
],
"trust": 0.6
}
}
var-202112-2302
Vulnerability from variot
Certain NETGEAR devices are affected by disclosure of sensitive information. This affects EAX80 before 1.0.1.62, EX7000 before 1.0.1.104, R6120 before 1.0.0.76, R6220 before 1.1.0.110, R6230 before 1.1.0.110, R6260 before 1.1.0.78, R6850 before 1.1.0.78, R6350 before 1.1.0.78, R6330 before 1.1.0.78, R6800 before 1.2.0.76, R6900v2 before 1.2.0.76, R6700v2 before 1.2.0.76, R7000 before 1.0.11.116, R6900P before 1.3.3.140, R7000P before 1.3.3.140, R7200 before 1.2.0.76, R7350 before 1.2.0.76, R7400 before 1.2.0.76, R7450 before 1.2.0.76, AC2100 before 1.2.0.76, AC2400 before 1.2.0.76, AC2600 before 1.2.0.76, R7900 before 1.0.4.38, R7960P before 1.4.1.66, R8000 before 1.0.4.68, R7900P before 1.4.1.66, R8000P before 1.4.1.66, RAX15 before 1.0.2.82, RAX20 before 1.0.2.82, RAX200 before 1.0.3.106, RAX45 before 1.0.2.72, RAX50 before 1.0.2.72, RAX75 before 1.0.3.106, and RAX80 before 1.0.3.106. This affects EAX80 prior to 1.0.1.62, EX7000 prior to 1.0.1.104, R6120 prior to 1.0.0.76, R6220 prior to 1.1.0.110, R6230 prior to 1.1.0.110, R6260 prior to 1.1.0.78, R6850 prior to 1.1.0.78, R6350 prior to 1.1.0.78, R6330 prior to 1.1.0.78, R6800 prior to 1.2.0.76, R6900v2 prior to 1.2.0.76, R6700v2 prior to 1.2.0.76, R7000 prior to 1.0.11.116, R6900P prior to 1.3.3.140, R7000P prior to 1.3.3.140, R7200 prior to 1.2.0.76, R7350 prior to 1.2.0.76, R7400 prior to 1.2.0.76, R7450 prior to 1.2.0.76, AC2100 prior to 1.2.0.76, AC2400 prior to 1.2.0.76, AC2600 prior to 1.2.0.76, R7900 prior to 1.0.4.38, R7960P prior to 1.4.1.66, R8000 prior to 1.0.4.68, R7900P prior to 1.4.1.66, R8000P prior to 1.4.1.66, RAX15 prior to 1.0.2.82, RAX20 prior to 1.0.2.82, RAX200 prior to 1.0.3.106, RAX45 prior to 1.0.2.72, RAX50 prior to 1.0.2.72, RAX75 prior to 1.0.3.106, and RAX80 prior to 1.0.3.106
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202112-2302",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "rax45",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.2.72"
},
{
"model": "r7900",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.4.38"
},
{
"model": "ac2100",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.2.0.76"
},
{
"model": "rax75",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.3.106"
},
{
"model": "r7350",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.2.0.76"
},
{
"model": "r6350",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.1.0.78"
},
{
"model": "ac2400",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.2.0.76"
},
{
"model": "r8000",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.4.68"
},
{
"model": "rax20",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.2.82"
},
{
"model": "ac2600",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.2.0.76"
},
{
"model": "r7450",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.2.0.76"
},
{
"model": "r6900p",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.3.3.140"
},
{
"model": "r6700v2",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.2.0.76"
},
{
"model": "r6330",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.1.0.78"
},
{
"model": "r6800",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.2.0.76"
},
{
"model": "r7960p",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.4.1.66"
},
{
"model": "r7200",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.2.0.76"
},
{
"model": "r7000",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.11.116"
},
{
"model": "r6900v2",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.2.0.76"
},
{
"model": "r6120",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.0.76"
},
{
"model": "r8000p",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.4.1.66"
},
{
"model": "rax15",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.2.82"
},
{
"model": "r6230",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.1.0.110"
},
{
"model": "eax80",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.1.62"
},
{
"model": "r7400",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.2.0.76"
},
{
"model": "ex7000",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.1.104"
},
{
"model": "r7900p",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.4.1.66"
},
{
"model": "r6220",
"scope": "eq",
"trust": 1.0,
"vendor": "netgear",
"version": "1.1.0.110"
},
{
"model": "r7000p",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.3.3.140"
},
{
"model": "rax50",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.2.72"
},
{
"model": "rax200",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.3.106"
},
{
"model": "r6850",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.1.0.78"
},
{
"model": "r6260",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.1.0.78"
},
{
"model": "rax80",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.3.106"
},
{
"model": "r6850",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "ex7000",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "r6120",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "r6350",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "r6260",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "r6220",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "eax80",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "r6330",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "r6800",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "r6230",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-017539"
},
{
"db": "NVD",
"id": "CVE-2021-45647"
}
]
},
"cve": "CVE-2021-45647",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2021-45647",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2021-45647",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "cve@mitre.org",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2021-45647",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-45647",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-45647",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "cve@mitre.org",
"id": "CVE-2021-45647",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2021-45647",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202112-2441",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-017539"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2441"
},
{
"db": "NVD",
"id": "CVE-2021-45647"
},
{
"db": "NVD",
"id": "CVE-2021-45647"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Certain NETGEAR devices are affected by disclosure of sensitive information. This affects EAX80 before 1.0.1.62, EX7000 before 1.0.1.104, R6120 before 1.0.0.76, R6220 before 1.1.0.110, R6230 before 1.1.0.110, R6260 before 1.1.0.78, R6850 before 1.1.0.78, R6350 before 1.1.0.78, R6330 before 1.1.0.78, R6800 before 1.2.0.76, R6900v2 before 1.2.0.76, R6700v2 before 1.2.0.76, R7000 before 1.0.11.116, R6900P before 1.3.3.140, R7000P before 1.3.3.140, R7200 before 1.2.0.76, R7350 before 1.2.0.76, R7400 before 1.2.0.76, R7450 before 1.2.0.76, AC2100 before 1.2.0.76, AC2400 before 1.2.0.76, AC2600 before 1.2.0.76, R7900 before 1.0.4.38, R7960P before 1.4.1.66, R8000 before 1.0.4.68, R7900P before 1.4.1.66, R8000P before 1.4.1.66, RAX15 before 1.0.2.82, RAX20 before 1.0.2.82, RAX200 before 1.0.3.106, RAX45 before 1.0.2.72, RAX50 before 1.0.2.72, RAX75 before 1.0.3.106, and RAX80 before 1.0.3.106. This affects EAX80 prior to 1.0.1.62, EX7000 prior to 1.0.1.104, R6120 prior to 1.0.0.76, R6220 prior to 1.1.0.110, R6230 prior to 1.1.0.110, R6260 prior to 1.1.0.78, R6850 prior to 1.1.0.78, R6350 prior to 1.1.0.78, R6330 prior to 1.1.0.78, R6800 prior to 1.2.0.76, R6900v2 prior to 1.2.0.76, R6700v2 prior to 1.2.0.76, R7000 prior to 1.0.11.116, R6900P prior to 1.3.3.140, R7000P prior to 1.3.3.140, R7200 prior to 1.2.0.76, R7350 prior to 1.2.0.76, R7400 prior to 1.2.0.76, R7450 prior to 1.2.0.76, AC2100 prior to 1.2.0.76, AC2400 prior to 1.2.0.76, AC2600 prior to 1.2.0.76, R7900 prior to 1.0.4.38, R7960P prior to 1.4.1.66, R8000 prior to 1.0.4.68, R7900P prior to 1.4.1.66, R8000P prior to 1.4.1.66, RAX15 prior to 1.0.2.82, RAX20 prior to 1.0.2.82, RAX200 prior to 1.0.3.106, RAX45 prior to 1.0.2.72, RAX50 prior to 1.0.2.72, RAX75 prior to 1.0.3.106, and RAX80 prior to 1.0.3.106",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-45647"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-017539"
},
{
"db": "VULMON",
"id": "CVE-2021-45647"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-45647",
"trust": 3.3
},
{
"db": "JVNDB",
"id": "JVNDB-2021-017539",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2441",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-45647",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-45647"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-017539"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2441"
},
{
"db": "NVD",
"id": "CVE-2021-45647"
}
]
},
"id": "VAR-202112-2302",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.38866162
},
"last_update_date": "2024-11-23T23:03:57.971000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Security\u00a0Advisory\u00a0for\u00a0Sensitive\u00a0Information\u00a0Disclosure\u00a0on\u00a0Some\u00a0Routers\u00a0and\u00a0Extenders,\u00a0PSV-2020-0184",
"trust": 0.8,
"url": "https://kb.netgear.com/000064118/Security-Advisory-for-Sensitive-Information-Disclosure-on-Some-Routers-and-Extenders-PSV-2020-0184"
},
{
"title": "Netgear NETGEAR Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=176203"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-017539"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2441"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.0
},
{
"problemtype": "information leak (CWE-200) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-017539"
},
{
"db": "NVD",
"id": "CVE-2021-45647"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://kb.netgear.com/000064118/security-advisory-for-sensitive-information-disclosure-on-some-routers-and-extenders-psv-2020-0184"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-45647"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-45647"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-017539"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2441"
},
{
"db": "NVD",
"id": "CVE-2021-45647"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2021-45647"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-017539"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2441"
},
{
"db": "NVD",
"id": "CVE-2021-45647"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-12-26T00:00:00",
"db": "VULMON",
"id": "CVE-2021-45647"
},
{
"date": "2023-01-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-017539"
},
{
"date": "2021-12-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202112-2441"
},
{
"date": "2021-12-26T01:15:19.963000",
"db": "NVD",
"id": "CVE-2021-45647"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-12-27T00:00:00",
"db": "VULMON",
"id": "CVE-2021-45647"
},
{
"date": "2023-01-25T01:50:00",
"db": "JVNDB",
"id": "JVNDB-2021-017539"
},
{
"date": "2022-01-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202112-2441"
},
{
"date": "2024-11-21T06:32:46.533000",
"db": "NVD",
"id": "CVE-2021-45647"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202112-2441"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0NETGEAR\u00a0 Device information disclosure vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-017539"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202112-2441"
}
],
"trust": 0.6
}
}
var-202112-2414
Vulnerability from variot
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects AC2100 before 1.2.0.88, AC2400 before 1.2.0.88, AC2600 before 1.2.0.88, D7000 before 1.0.1.82, R6220 before 1.1.0.110, R6230 before 1.1.0.110, R6260 before 1.1.0.84, R6330 before 1.1.0.84, R6350 before 1.1.0.84, R6700v2 before 1.2.0.88, R6800 before 1.2.0.88, R6850 before 1.1.0.84, R6900v2 before 1.2.0.88, R7200 before 1.2.0.88, R7350 before 1.2.0.88, R7400 before 1.2.0.88, and R7450 before 1.2.0.88. plural NETGEAR A command injection vulnerability exists in the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This affects AC2100 prior to 1.2.0.88, AC2400 prior to 1.2.0.88, AC2600 prior to 1.2.0.88, D7000 prior to 1.0.1.82, R6220 prior to 1.1.0.110, R6230 prior to 1.1.0.110, R6260 prior to 1.1.0.84, R6330 prior to 1.1.0.84, R6350 prior to 1.1.0.84, R6700v2 prior to 1.2.0.88, R6800 prior to 1.2.0.88, R6850 prior to 1.1.0.84, R6900v2 prior to 1.2.0.88, R7200 prior to 1.2.0.88, R7350 prior to 1.2.0.88, R7400 prior to 1.2.0.88, and R7450 prior to 1.2.0.88
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202112-2414",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ac2100",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.2.0.88"
},
{
"model": "r6900v2",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.2.0.88"
},
{
"model": "r6230",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.1.0.110"
},
{
"model": "ac2400",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.2.0.88"
},
{
"model": "r6350",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.1.0.84"
},
{
"model": "r7400",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.2.0.88"
},
{
"model": "r7350",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.2.0.88"
},
{
"model": "ac2600",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.2.0.88"
},
{
"model": "r6220",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.1.0.110"
},
{
"model": "r6330",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.1.0.84"
},
{
"model": "r6800",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.2.0.88"
},
{
"model": "d7000",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.1.82"
},
{
"model": "r6850",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.1.0.84"
},
{
"model": "r6700v2",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.2.0.88"
},
{
"model": "r7450",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.2.0.88"
},
{
"model": "r6260",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.1.0.84"
},
{
"model": "r7200",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.2.0.88"
},
{
"model": "d7000",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "r6230",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "r6260",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "r6330",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "ac2600",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "ac2100",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "r6700v2",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "r6220",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "ac2400",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "r6350",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-017287"
},
{
"db": "NVD",
"id": "CVE-2021-45534"
}
]
},
"cve": "CVE-2021-45534",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CVE-2021-45534",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2021-45534",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "OTHER",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2021-017287",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-45534",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "cve@mitre.org",
"id": "CVE-2021-45534",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2021-45534",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202112-2347",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2021-45534",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-45534"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-017287"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2347"
},
{
"db": "NVD",
"id": "CVE-2021-45534"
},
{
"db": "NVD",
"id": "CVE-2021-45534"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Certain NETGEAR devices are affected by command injection by an authenticated user. This affects AC2100 before 1.2.0.88, AC2400 before 1.2.0.88, AC2600 before 1.2.0.88, D7000 before 1.0.1.82, R6220 before 1.1.0.110, R6230 before 1.1.0.110, R6260 before 1.1.0.84, R6330 before 1.1.0.84, R6350 before 1.1.0.84, R6700v2 before 1.2.0.88, R6800 before 1.2.0.88, R6850 before 1.1.0.84, R6900v2 before 1.2.0.88, R7200 before 1.2.0.88, R7350 before 1.2.0.88, R7400 before 1.2.0.88, and R7450 before 1.2.0.88. plural NETGEAR A command injection vulnerability exists in the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This affects AC2100 prior to 1.2.0.88, AC2400 prior to 1.2.0.88, AC2600 prior to 1.2.0.88, D7000 prior to 1.0.1.82, R6220 prior to 1.1.0.110, R6230 prior to 1.1.0.110, R6260 prior to 1.1.0.84, R6330 prior to 1.1.0.84, R6350 prior to 1.1.0.84, R6700v2 prior to 1.2.0.88, R6800 prior to 1.2.0.88, R6850 prior to 1.1.0.84, R6900v2 prior to 1.2.0.88, R7200 prior to 1.2.0.88, R7350 prior to 1.2.0.88, R7400 prior to 1.2.0.88, and R7450 prior to 1.2.0.88",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-45534"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-017287"
},
{
"db": "VULMON",
"id": "CVE-2021-45534"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-45534",
"trust": 3.3
},
{
"db": "JVNDB",
"id": "JVNDB-2021-017287",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2347",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-45534",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-45534"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-017287"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2347"
},
{
"db": "NVD",
"id": "CVE-2021-45534"
}
]
},
"id": "VAR-202112-2414",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.4818319283333334
},
"last_update_date": "2024-11-23T23:00:59.581000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Security\u00a0Advisory\u00a0for\u00a0Post-Authentication\u00a0Command\u00a0Injection\u00a0on\u00a0Some\u00a0Routers\u00a0and\u00a0DSL\u00a0Modem\u00a0Routers,\u00a0PSV-2021-0172",
"trust": 0.8,
"url": "https://kb.netgear.com/000064406/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Routers-and-DSL-Modem-Routers-PSV-2021-0172"
},
{
"title": "Netgear NETGEAR Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=176381"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-017287"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2347"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-77",
"trust": 1.0
},
{
"problemtype": "Command injection (CWE-77) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-017287"
},
{
"db": "NVD",
"id": "CVE-2021-45534"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://immersivelabs.com/resources/blog/netgear-vulnerabilities-could-put-small-business-routers-at-risk/"
},
{
"trust": 1.7,
"url": "https://kb.netgear.com/000064406/security-advisory-for-post-authentication-command-injection-on-some-routers-and-dsl-modem-routers-psv-2021-0172"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-45534"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/77.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-45534"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-017287"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2347"
},
{
"db": "NVD",
"id": "CVE-2021-45534"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2021-45534"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-017287"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2347"
},
{
"db": "NVD",
"id": "CVE-2021-45534"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-12-26T00:00:00",
"db": "VULMON",
"id": "CVE-2021-45534"
},
{
"date": "2023-01-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-017287"
},
{
"date": "2021-12-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202112-2347"
},
{
"date": "2021-12-26T01:15:14.600000",
"db": "NVD",
"id": "CVE-2021-45534"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-01-07T00:00:00",
"db": "VULMON",
"id": "CVE-2021-45534"
},
{
"date": "2023-01-13T05:03:00",
"db": "JVNDB",
"id": "JVNDB-2021-017287"
},
{
"date": "2022-01-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202112-2347"
},
{
"date": "2024-11-21T06:32:26.777000",
"db": "NVD",
"id": "CVE-2021-45534"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202112-2347"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0NETGEAR\u00a0 Command injection vulnerability in device",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-017287"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "command injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202112-2347"
}
],
"trust": 0.6
}
}
var-202012-1175
Vulnerability from variot
plural NETGEAR An unspecified vulnerability exists in the device.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state.
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202012-1175",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "rax40",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.3.80"
},
{
"model": "d6220",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.0.60"
},
{
"model": "ex3920",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.0.84"
},
{
"model": "ex7000",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.1.90"
},
{
"model": "ms60",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.5.102"
},
{
"model": "d6000",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.0.80"
},
{
"model": "ex6100v2",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.1.94"
},
{
"model": "r6250",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.4.42"
},
{
"model": "r7400",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.2.0.72"
},
{
"model": "rbr50",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2.6.1.40"
},
{
"model": "r6900",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.2.16"
},
{
"model": "ex6920",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.0.54"
},
{
"model": "rbr40",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2.6.1.38"
},
{
"model": "r7350",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.2.0.72"
},
{
"model": "mk62",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.5.102"
},
{
"model": "rbs850",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "3.2.16.6"
},
{
"model": "rbk50",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2.6.1.40"
},
{
"model": "rbk12",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2.6.1.44"
},
{
"model": "ex6000",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.0.44"
},
{
"model": "cbk40",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2.5.0.10"
},
{
"model": "ex7300",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.2.152"
},
{
"model": "rax120",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.1.136"
},
{
"model": "rbs10",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2.6.1.44"
},
{
"model": "ex6410",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.0.128"
},
{
"model": "rbs750",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "3.2.16.6"
},
{
"model": "rbs50y",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2.6.1.40"
},
{
"model": "wnr1000v3",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.2.78"
},
{
"model": "rax200",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.5.24"
},
{
"model": "rax75",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.3.102"
},
{
"model": "rbr850",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "3.2.16.6"
},
{
"model": "ex6150v1",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.0.46"
},
{
"model": "r6230",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.1.0.100"
},
{
"model": "r8500",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.2.134"
},
{
"model": "r9000",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.5.24"
},
{
"model": "eax80",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.1.62"
},
{
"model": "r6400v1",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.1.62"
},
{
"model": "dm200",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.0.66"
},
{
"model": "r7800",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.2.74"
},
{
"model": "d7800",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.3.48"
},
{
"model": "ac2100",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.2.0.72"
},
{
"model": "ex2700",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.1.58"
},
{
"model": "r7900",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.4.26"
},
{
"model": "r6300v2",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.4.42"
},
{
"model": "xr300",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.3.50"
},
{
"model": "ex7700",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.0.210"
},
{
"model": "wnr2000v2",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.2.0.12"
},
{
"model": "rax50",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.2.64"
},
{
"model": "r6260",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.1.0.76"
},
{
"model": "r8900",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.5.24"
},
{
"model": "rbk20",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2.6.1.38"
},
{
"model": "wndr3400v3",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.1.32"
},
{
"model": "ex6110",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.1.68"
},
{
"model": "ex6200v1",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.3.94"
},
{
"model": "r6120",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.0.70"
},
{
"model": "rbr20",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2.6.1.36"
},
{
"model": "xr700",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.1.34"
},
{
"model": "ex3110",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.1.68"
},
{
"model": "ex7500",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.0.68"
},
{
"model": "d7000v2",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.0.62"
},
{
"model": "xr500",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2.3.2.66"
},
{
"model": "rbr840",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "3.2.16.6"
},
{
"model": "r7960p",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.4.1.62"
},
{
"model": "r6700v3",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.4.98"
},
{
"model": "ex3800",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.0.84"
},
{
"model": "ac2600",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.2.0.72"
},
{
"model": "ex6250",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.0.128"
},
{
"model": "ex8000",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.1.224"
},
{
"model": "ac2400",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.2.0.72"
},
{
"model": "cbr40",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2.5.0.10"
},
{
"model": "rax20",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.1.64"
},
{
"model": "rbs20",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2.6.1.38"
},
{
"model": "rbs50",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2.6.1.40"
},
{
"model": "r6330",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.1.0.76"
},
{
"model": "rbk852",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "3.2.16.6"
},
{
"model": "r8000p",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.4.1.62"
},
{
"model": "r7500v2",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.3.48"
},
{
"model": "r6800",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.2.0.72"
},
{
"model": "r6900p",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.3.2.124"
},
{
"model": "xr450",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2.3.2.66"
},
{
"model": "rs400",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.5.0.48"
},
{
"model": "r6900v2",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.2.0.72"
},
{
"model": "r6350",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.1.0.76"
},
{
"model": "dc112a",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.0.48"
},
{
"model": "ex3700",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.0.84"
},
{
"model": "ex6400v2",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.0.128"
},
{
"model": "ex6130",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.0.36"
},
{
"model": "ex7320",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.0.128"
},
{
"model": "r8300",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.2.134"
},
{
"model": "ex6400",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.2.152"
},
{
"model": "r7000",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.11.106"
},
{
"model": "r6400v2",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.4.98"
},
{
"model": "rbs40v-200",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.0.46"
},
{
"model": "ex6120",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.0.54"
},
{
"model": "r7850",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.5.60"
},
{
"model": "wn2500rpv2",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.1.56"
},
{
"model": "mr60",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.5.102"
},
{
"model": "eax20",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.0.36"
},
{
"model": "r6700v1",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.2.16"
},
{
"model": "rbk842",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "3.2.16.6"
},
{
"model": "wn3000rpv3",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.2.86"
},
{
"model": "rbr750",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "3.2.16.6"
},
{
"model": "r7200",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.2.0.72"
},
{
"model": "r6700v2",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.2.0.72"
},
{
"model": "rbw30",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2.5.0.4"
},
{
"model": "d6400",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.0.94"
},
{
"model": "ex7300v2",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.0.128"
},
{
"model": "rbs40v",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2.5.1.6"
},
{
"model": "r8000",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.4.58"
},
{
"model": "r7100lg",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.0.56"
},
{
"model": "rax80",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.3.102"
},
{
"model": "wn3500rpv1",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.0.28"
},
{
"model": "rax45",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.2.64"
},
{
"model": "rbk40",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2.6.1.38"
},
{
"model": "ex6150v2",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.1.94"
},
{
"model": "dgn2200v4",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.0.114"
},
{
"model": "rbs40",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2.6.1.38"
},
{
"model": "rax15",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.1.64"
},
{
"model": "rbk752",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "3.2.16.6"
},
{
"model": "r6220",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.1.0.100"
},
{
"model": "rax35",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.3.80"
},
{
"model": "r6850",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.1.0.76"
},
{
"model": "r7450",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.2.0.72"
},
{
"model": "rbs840",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "3.2.16.6"
},
{
"model": "r7900p",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.4.1.62"
},
{
"model": "d8500",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.3.50"
},
{
"model": "r7000p",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.3.2.124"
},
{
"model": "rbr10",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2.6.1.44"
},
{
"model": "d6000",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "ac2600",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "d7000v2",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "ac2400",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "d6220",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "d7800",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "ac2100",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "cbk40",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "d6400",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "cbr40",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-015016"
},
{
"db": "NVD",
"id": "CVE-2020-35800"
}
]
},
"cve": "CVE-2020-35800",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 9.7,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2020-35800",
"impactScore": 9.5,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "LOW",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2020-35800",
"impactScore": 5.5,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "OTHER",
"availabilityImpact": "Low",
"baseScore": 9.4,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-015016",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-35800",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "cve@mitre.org",
"id": "CVE-2020-35800",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2020-35800",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-202012-1740",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-015016"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-1740"
},
{
"db": "NVD",
"id": "CVE-2020-35800"
},
{
"db": "NVD",
"id": "CVE-2020-35800"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural NETGEAR An unspecified vulnerability exists in the device.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state.",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-015016"
}
],
"trust": 0.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-35800",
"trust": 2.4
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015016",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202012-1740",
"trust": 0.6
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-015016"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-1740"
},
{
"db": "NVD",
"id": "CVE-2020-35800"
}
]
},
"id": "VAR-202012-1175",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.4047866293478262
},
"last_update_date": "2024-11-23T22:51:09.418000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Security\u00a0Advisory\u00a0for\u00a0Security\u00a0Misconfiguration\u00a0on\u00a0Some\u00a0Routers,\u00a0Range\u00a0Extenders,\u00a0and\u00a0Orbi\u00a0WiFi\u00a0Systems,\u00a0PSV-2020-0112",
"trust": 0.8,
"url": "https://kb.netgear.com/000062733/Security-Advisory-for-Security-Misconfiguration-on-Some-Routers-Range-Extenders-and-Orbi-WiFi-Systems-PSV-2020-0112"
},
{
"title": "Certain NETGEAR devices Repair measures for default configuration problems",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=138265"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-015016"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-1740"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "Lack of information (CWE-noinfo) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-015016"
},
{
"db": "NVD",
"id": "CVE-2020-35800"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "https://kb.netgear.com/000062733/security-advisory-for-security-misconfiguration-on-some-routers-range-extenders-and-orbi-wifi-systems-psv-2020-0112"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35800"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-015016"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-1740"
},
{
"db": "NVD",
"id": "CVE-2020-35800"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2020-015016"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-1740"
},
{
"db": "NVD",
"id": "CVE-2020-35800"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-09-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-015016"
},
{
"date": "2020-12-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202012-1740"
},
{
"date": "2020-12-30T00:15:14.410000",
"db": "NVD",
"id": "CVE-2020-35800"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-09-07T09:06:00",
"db": "JVNDB",
"id": "JVNDB-2020-015016"
},
{
"date": "2021-01-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202012-1740"
},
{
"date": "2024-11-21T05:28:08.620000",
"db": "NVD",
"id": "CVE-2020-35800"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202012-1740"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0NETGEAR\u00a0 Vulnerabilities in devices",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-015016"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Default configuration problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202012-1740"
}
],
"trust": 0.6
}
}
var-202108-1662
Vulnerability from variot
Certain NETGEAR devices are affected by stored XSS. This affects D6200 before 1.1.00.40, D7000 before 1.0.1.78, R6020 before 1.0.0.48, R6080 before 1.0.0.48, R6120 before 1.0.0.76, R6260 before 1.1.0.78, R6700v2 before 1.2.0.76, R6800 before 1.2.0.76, R6900v2 before 1.2.0.76, R6850 before 1.1.0.78, R7200 before 1.2.0.76, R7350 before 1.2.0.76, R7400 before 1.2.0.76, R7450 before 1.2.0.76, AC2100 before 1.2.0.76, AC2400 before 1.2.0.76, AC2600 before 1.2.0.76, RAX35 before 1.0.3.62, and RAX40 before 1.0.3.62. plural NETGEAR A cross-site scripting vulnerability exists in the device.Information may be obtained and information may be tampered with. This affects D6200 prior to 1.1.00.40, D7000 prior to 1.0.1.78, R6020 prior to 1.0.0.48, R6080 prior to 1.0.0.48, R6120 prior to 1.0.0.76, R6260 prior to 1.1.0.78, R6700v2 prior to 1.2.0.76, R6800 prior to 1.2.0.76, R6900v2 prior to 1.2.0.76, R6850 prior to 1.1.0.78, R7200 prior to 1.2.0.76, R7350 prior to 1.2.0.76, R7400 prior to 1.2.0.76, R7450 prior to 1.2.0.76, AC2100 prior to 1.2.0.76, AC2400 prior to 1.2.0.76, AC2600 prior to 1.2.0.76, RAX35 prior to 1.0.3.62, and RAX40 prior to 1.0.3.62
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202108-1662",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "r7200",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.2.0.76"
},
{
"model": "ac2100",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.2.0.76"
},
{
"model": "r6900",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.2.0.76"
},
{
"model": "d7000",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.1.78"
},
{
"model": "rax40",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.3.62"
},
{
"model": "r7400",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.2.0.76"
},
{
"model": "r7350",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.2.0.76"
},
{
"model": "r6020",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.0.48"
},
{
"model": "r6260",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.1.0.78"
},
{
"model": "r6800",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.2.0.76"
},
{
"model": "r6850",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.1.0.78"
},
{
"model": "r6120",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.0.76"
},
{
"model": "r7450",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.2.0.76"
},
{
"model": "d6200",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.1.00.40"
},
{
"model": "ac2600",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.2.0.76"
},
{
"model": "r6700",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.2.0.76"
},
{
"model": "ac2400",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.2.0.76"
},
{
"model": "rax35",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.3.62"
},
{
"model": "r6080",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.0.48"
},
{
"model": "d7000",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "r6020",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "r6850",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "r6700",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "r6080",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "r6800",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "r6120",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "r6900",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "r6260",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "d6200",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-010451"
},
{
"db": "NVD",
"id": "CVE-2021-38535"
}
]
},
"cve": "CVE-2021-38535",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"id": "CVE-2021-38535",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 1.7,
"id": "CVE-2021-38535",
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "cve@mitre.org",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 1.2,
"id": "CVE-2021-38535",
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.8,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2021-38535",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "High",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-38535",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "cve@mitre.org",
"id": "CVE-2021-38535",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2021-38535",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202108-944",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2021-38535",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-38535"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-010451"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-944"
},
{
"db": "NVD",
"id": "CVE-2021-38535"
},
{
"db": "NVD",
"id": "CVE-2021-38535"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Certain NETGEAR devices are affected by stored XSS. This affects D6200 before 1.1.00.40, D7000 before 1.0.1.78, R6020 before 1.0.0.48, R6080 before 1.0.0.48, R6120 before 1.0.0.76, R6260 before 1.1.0.78, R6700v2 before 1.2.0.76, R6800 before 1.2.0.76, R6900v2 before 1.2.0.76, R6850 before 1.1.0.78, R7200 before 1.2.0.76, R7350 before 1.2.0.76, R7400 before 1.2.0.76, R7450 before 1.2.0.76, AC2100 before 1.2.0.76, AC2400 before 1.2.0.76, AC2600 before 1.2.0.76, RAX35 before 1.0.3.62, and RAX40 before 1.0.3.62. plural NETGEAR A cross-site scripting vulnerability exists in the device.Information may be obtained and information may be tampered with. This affects D6200 prior to 1.1.00.40, D7000 prior to 1.0.1.78, R6020 prior to 1.0.0.48, R6080 prior to 1.0.0.48, R6120 prior to 1.0.0.76, R6260 prior to 1.1.0.78, R6700v2 prior to 1.2.0.76, R6800 prior to 1.2.0.76, R6900v2 prior to 1.2.0.76, R6850 prior to 1.1.0.78, R7200 prior to 1.2.0.76, R7350 prior to 1.2.0.76, R7400 prior to 1.2.0.76, R7450 prior to 1.2.0.76, AC2100 prior to 1.2.0.76, AC2400 prior to 1.2.0.76, AC2600 prior to 1.2.0.76, RAX35 prior to 1.0.3.62, and RAX40 prior to 1.0.3.62",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-38535"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-010451"
},
{
"db": "VULMON",
"id": "CVE-2021-38535"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-38535",
"trust": 3.3
},
{
"db": "JVNDB",
"id": "JVNDB-2021-010451",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202108-944",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-38535",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-38535"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-010451"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-944"
},
{
"db": "NVD",
"id": "CVE-2021-38535"
}
]
},
"id": "VAR-202108-1662",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.32696482363636364
},
"last_update_date": "2024-08-14T15:17:07.779000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Security\u00a0Advisory\u00a0for\u00a0Stored\u00a0Cross\u00a0Site\u00a0Scripting\u00a0on\u00a0Some\u00a0Routers\u00a0and\u00a0Gateways,\u00a0PSV-2019-0192",
"trust": 0.8,
"url": "https://kb.netgear.com/000063773/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-and-Gateways-PSV-2019-0192"
},
{
"title": "Netgear NETGEAR Fixes for cross-site scripting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=159338"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-010451"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-944"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.0
},
{
"problemtype": "Cross-site scripting (CWE-79) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-010451"
},
{
"db": "NVD",
"id": "CVE-2021-38535"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://kb.netgear.com/000063773/security-advisory-for-stored-cross-site-scripting-on-some-routers-and-gateways-psv-2019-0192"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-38535"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/79.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-38535"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-010451"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-944"
},
{
"db": "NVD",
"id": "CVE-2021-38535"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2021-38535"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-010451"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-944"
},
{
"db": "NVD",
"id": "CVE-2021-38535"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-08-11T00:00:00",
"db": "VULMON",
"id": "CVE-2021-38535"
},
{
"date": "2022-07-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-010451"
},
{
"date": "2021-08-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202108-944"
},
{
"date": "2021-08-11T00:17:26.993000",
"db": "NVD",
"id": "CVE-2021-38535"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-08-19T00:00:00",
"db": "VULMON",
"id": "CVE-2021-38535"
},
{
"date": "2022-07-01T06:13:00",
"db": "JVNDB",
"id": "JVNDB-2021-010451"
},
{
"date": "2021-08-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202108-944"
},
{
"date": "2021-08-19T16:42:59.740000",
"db": "NVD",
"id": "CVE-2021-38535"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202108-944"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0NETGEAR\u00a0 Cross-site scripting vulnerabilities in devices",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-010451"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202108-944"
}
],
"trust": 0.6
}
}
var-202112-2274
Vulnerability from variot
Certain NETGEAR devices are affected by stored XSS. This affects R6120 before 1.0.0.76, R6260 before 1.1.0.78, R6850 before 1.1.0.78, R6350 before 1.1.0.78, R6330 before 1.1.0.78, R6800 before 1.2.0.76, R6700v2 before 1.2.0.76, R6900v2 before 1.2.0.76, R7200 before 1.2.0.76, R7350 before 1.2.0.76, R7400 before 1.2.0.76, R7450 before 1.2.0.76, AC2100 before 1.2.0.76, AC2400 before 1.2.0.76, and AC2600 before 1.2.0.76. plural NETGEAR A cross-site scripting vulnerability exists in the device.Information may be obtained and information may be tampered with. This affects R6120 prior to 1.0.0.76, R6260 prior to 1.1.0.78, R6850 prior to 1.1.0.78, R6350 prior to 1.1.0.78, R6330 prior to 1.1.0.78, R6800 prior to 1.2.0.76, R6700v2 prior to 1.2.0.76, R6900v2 prior to 1.2.0.76, R7200 prior to 1.2.0.76, R7350 prior to 1.2.0.76, R7400 prior to 1.2.0.76, R7450 prior to 1.2.0.76, AC2100 prior to 1.2.0.76, AC2400 prior to 1.2.0.76, and AC2600 prior to 1.2.0.76
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202112-2274",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "r6900v2",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.2.0.76"
},
{
"model": "r6120",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.0.76"
},
{
"model": "ac2400",
"scope": "eq",
"trust": 1.0,
"vendor": "netgear",
"version": "1.2.0.76"
},
{
"model": "ac2100",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.2.0.76"
},
{
"model": "r7400",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.2.0.76"
},
{
"model": "r6330",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.1.0.78"
},
{
"model": "r7350",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.2.0.76"
},
{
"model": "r6350",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.1.0.78"
},
{
"model": "ac2600",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.2.0.76"
},
{
"model": "r7450",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.2.0.76"
},
{
"model": "r6700v2",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.2.0.76"
},
{
"model": "r6850",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.1.0.78"
},
{
"model": "r6800",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.2.0.76"
},
{
"model": "r7200",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.2.0.76"
},
{
"model": "r6260",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.1.0.78"
},
{
"model": "r6350",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "r6700v2",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "r6900v2",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "r7350",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "r6260",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "r6800",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "r6120",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "r7200",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "r6850",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "r6330",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-017019"
},
{
"db": "NVD",
"id": "CVE-2021-45675"
}
]
},
"cve": "CVE-2021-45675",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"id": "CVE-2021-45675",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 1.7,
"id": "CVE-2021-45675",
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"author": "cve@mitre.org",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.6,
"id": "CVE-2021-45675",
"impactScore": 4.7,
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.8,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2021-45675",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "High",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-45675",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "cve@mitre.org",
"id": "CVE-2021-45675",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2021-45675",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202112-2471",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2021-45675",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-45675"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-017019"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2471"
},
{
"db": "NVD",
"id": "CVE-2021-45675"
},
{
"db": "NVD",
"id": "CVE-2021-45675"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Certain NETGEAR devices are affected by stored XSS. This affects R6120 before 1.0.0.76, R6260 before 1.1.0.78, R6850 before 1.1.0.78, R6350 before 1.1.0.78, R6330 before 1.1.0.78, R6800 before 1.2.0.76, R6700v2 before 1.2.0.76, R6900v2 before 1.2.0.76, R7200 before 1.2.0.76, R7350 before 1.2.0.76, R7400 before 1.2.0.76, R7450 before 1.2.0.76, AC2100 before 1.2.0.76, AC2400 before 1.2.0.76, and AC2600 before 1.2.0.76. plural NETGEAR A cross-site scripting vulnerability exists in the device.Information may be obtained and information may be tampered with. This affects R6120 prior to 1.0.0.76, R6260 prior to 1.1.0.78, R6850 prior to 1.1.0.78, R6350 prior to 1.1.0.78, R6330 prior to 1.1.0.78, R6800 prior to 1.2.0.76, R6700v2 prior to 1.2.0.76, R6900v2 prior to 1.2.0.76, R7200 prior to 1.2.0.76, R7350 prior to 1.2.0.76, R7400 prior to 1.2.0.76, R7450 prior to 1.2.0.76, AC2100 prior to 1.2.0.76, AC2400 prior to 1.2.0.76, and AC2600 prior to 1.2.0.76",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-45675"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-017019"
},
{
"db": "VULMON",
"id": "CVE-2021-45675"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-45675",
"trust": 3.3
},
{
"db": "JVNDB",
"id": "JVNDB-2021-017019",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2471",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-45675",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-45675"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-017019"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2471"
},
{
"db": "NVD",
"id": "CVE-2021-45675"
}
]
},
"id": "VAR-202112-2274",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.49744941000000004
},
"last_update_date": "2024-11-23T22:15:58.722000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Security\u00a0Advisory\u00a0for\u00a0Stored\u00a0Cross\u00a0Site\u00a0Scripting\u00a0on\u00a0Some\u00a0Routers,\u00a0PSV-2020-0128",
"trust": 0.8,
"url": "https://kb.netgear.com/000064116/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-PSV-2020-0128"
},
{
"title": "Netgear NETGEAR Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=177028"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-017019"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2471"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.0
},
{
"problemtype": "Cross-site scripting (CWE-79) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-017019"
},
{
"db": "NVD",
"id": "CVE-2021-45675"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://kb.netgear.com/000064116/security-advisory-for-stored-cross-site-scripting-on-some-routers-psv-2020-0128"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-45675"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/79.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-45675"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-017019"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2471"
},
{
"db": "NVD",
"id": "CVE-2021-45675"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2021-45675"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-017019"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2471"
},
{
"db": "NVD",
"id": "CVE-2021-45675"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-12-26T00:00:00",
"db": "VULMON",
"id": "CVE-2021-45675"
},
{
"date": "2022-12-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-017019"
},
{
"date": "2021-12-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202112-2471"
},
{
"date": "2021-12-26T01:15:21.240000",
"db": "NVD",
"id": "CVE-2021-45675"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-01-05T00:00:00",
"db": "VULMON",
"id": "CVE-2021-45675"
},
{
"date": "2022-12-27T08:48:00",
"db": "JVNDB",
"id": "JVNDB-2021-017019"
},
{
"date": "2022-01-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202112-2471"
},
{
"date": "2024-11-21T06:32:51.277000",
"db": "NVD",
"id": "CVE-2021-45675"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202112-2471"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0NETGEAR\u00a0 Cross-site scripting vulnerabilities in devices",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-017019"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202112-2471"
}
],
"trust": 0.6
}
}
var-202102-0337
Vulnerability from variot
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6020, R6080, R6120, R6220, R6260, R6700v2, R6800, R6900v2, R7450, JNR3210, WNR2020, Nighthawk AC2100, and Nighthawk AC2400 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the mini_httpd service, which listens on TCP port 80 by default. The issue results from incorrect string matching logic when accessing protected pages. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-11355. Zero Day Initiative To this vulnerability ZDI-CAN-11355 Was numbered.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "r6230",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.1.0.104"
},
{
"_id": null,
"model": "r6020",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.0.48"
},
{
"_id": null,
"model": "r7450",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.2.0.76"
},
{
"_id": null,
"model": "r6850",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.1.0.78"
},
{
"_id": null,
"model": "ac2600",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.2.0.76"
},
{
"_id": null,
"model": "ac2400",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.2.0.76"
},
{
"_id": null,
"model": "r7200",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.2.0.76"
},
{
"_id": null,
"model": "ac2100",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.2.0.76"
},
{
"_id": null,
"model": "r6080",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.0.48"
},
{
"_id": null,
"model": "r6330",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.1.0.78"
},
{
"_id": null,
"model": "r6700",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.2.0.76"
},
{
"_id": null,
"model": "r7400",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.2.0.76"
},
{
"_id": null,
"model": "r6900",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.2.0.76"
},
{
"_id": null,
"model": "r6220",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.1.0.104"
},
{
"_id": null,
"model": "r6800",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.2.0.76"
},
{
"_id": null,
"model": "r6120",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.0.76"
},
{
"_id": null,
"model": "r6350",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.1.0.78"
},
{
"_id": null,
"model": "r6260",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.1.0.78"
},
{
"_id": null,
"model": "r7350",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.2.0.76"
},
{
"_id": null,
"model": "ac2600",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"_id": null,
"model": "r7400",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"_id": null,
"model": "r7350",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"_id": null,
"model": "r7200",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"_id": null,
"model": "ac2100",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"_id": null,
"model": "r6800",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"_id": null,
"model": "r7450",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"_id": null,
"model": "r6700",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"_id": null,
"model": "ac2400",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"_id": null,
"model": "r6900",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"_id": null,
"model": "multiple routers",
"scope": null,
"trust": 0.7,
"vendor": "netgear",
"version": null
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-1451"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015990"
},
{
"db": "NVD",
"id": "CVE-2020-27866"
}
]
},
"credits": {
"_id": null,
"data": "1sd3d of Viettel Cyber Security",
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-1451"
}
],
"trust": 0.7
},
"cve": "CVE-2020-27866",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.5,
"id": "CVE-2020-27866",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "zdi-disclosures@trendmicro.com",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2020-27866",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2020-27866",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2020-27866",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "NONE",
"vectorString": "AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-27866",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "zdi-disclosures@trendmicro.com",
"id": "CVE-2020-27866",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2020-27866",
"trust": 0.8,
"value": "High"
},
{
"author": "ZDI",
"id": "CVE-2020-27866",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202102-1092",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2020-27866",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-1451"
},
{
"db": "VULMON",
"id": "CVE-2020-27866"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015990"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-1092"
},
{
"db": "NVD",
"id": "CVE-2020-27866"
},
{
"db": "NVD",
"id": "CVE-2020-27866"
}
]
},
"description": {
"_id": null,
"data": "This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6020, R6080, R6120, R6220, R6260, R6700v2, R6800, R6900v2, R7450, JNR3210, WNR2020, Nighthawk AC2100, and Nighthawk AC2400 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the mini_httpd service, which listens on TCP port 80 by default. The issue results from incorrect string matching logic when accessing protected pages. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-11355. Zero Day Initiative To this vulnerability ZDI-CAN-11355 Was numbered.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-27866"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015990"
},
{
"db": "ZDI",
"id": "ZDI-20-1451"
},
{
"db": "VULMON",
"id": "CVE-2020-27866"
}
],
"trust": 2.34
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2020-27866",
"trust": 3.2
},
{
"db": "ZDI",
"id": "ZDI-20-1451",
"trust": 3.2
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015990",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-11355",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-202102-1092",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2020-27866",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-1451"
},
{
"db": "VULMON",
"id": "CVE-2020-27866"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015990"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-1092"
},
{
"db": "NVD",
"id": "CVE-2020-27866"
}
]
},
"id": "VAR-202102-0337",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.33938984250000004
},
"last_update_date": "2024-11-23T23:01:08.941000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Security\u00a0Advisory\u00a0for\u00a0Password\u00a0Recovery\u00a0Vulnerabilities\u00a0on\u00a0Some\u00a0Routers",
"trust": 1.5,
"url": "https://kb.netgear.com/000062641/Security-Advisory-for-Password-Recovery-Vulnerabilities-on-Some-Routers"
},
{
"title": "Repair measures for multiple product authorization issues",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=142372"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-1451"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015990"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-1092"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-288",
"trust": 1.0
},
{
"problemtype": "CWE-287",
"trust": 1.0
},
{
"problemtype": "Improper authentication (CWE-287) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-015990"
},
{
"db": "NVD",
"id": "CVE-2020-27866"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 2.5,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-1451/"
},
{
"trust": 2.4,
"url": "https://kb.netgear.com/000062641/security-advisory-for-password-recovery-vulnerabilities-on-some-routers"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-27866"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/288.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-1451"
},
{
"db": "VULMON",
"id": "CVE-2020-27866"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015990"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-1092"
},
{
"db": "NVD",
"id": "CVE-2020-27866"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "ZDI",
"id": "ZDI-20-1451",
"ident": null
},
{
"db": "VULMON",
"id": "CVE-2020-27866",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015990",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-202102-1092",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2020-27866",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2020-12-18T00:00:00",
"db": "ZDI",
"id": "ZDI-20-1451",
"ident": null
},
{
"date": "2021-02-12T00:00:00",
"db": "VULMON",
"id": "CVE-2020-27866",
"ident": null
},
{
"date": "2021-10-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-015990",
"ident": null
},
{
"date": "2021-02-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202102-1092",
"ident": null
},
{
"date": "2021-02-12T00:15:12.877000",
"db": "NVD",
"id": "CVE-2020-27866",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2020-12-18T00:00:00",
"db": "ZDI",
"id": "ZDI-20-1451",
"ident": null
},
{
"date": "2021-03-26T00:00:00",
"db": "VULMON",
"id": "CVE-2020-27866",
"ident": null
},
{
"date": "2021-10-29T09:02:00",
"db": "JVNDB",
"id": "JVNDB-2020-015990",
"ident": null
},
{
"date": "2021-08-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202102-1092",
"ident": null
},
{
"date": "2024-11-21T05:21:57.740000",
"db": "NVD",
"id": "CVE-2020-27866",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202102-1092"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "plural \u00a0NETGEAR\u00a0 Product authentication vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-015990"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202102-1092"
}
],
"trust": 0.6
}
}
var-202102-0343
Vulnerability from variot
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R7450 1.2.0.62_1.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the mini_httpd service, which listens on TCP port 80 by default. The issue results from improper state tracking in the password recovery process. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-11365. NETGEAR R7450 A router contains a vulnerability related to the leakage of resources to the wrong area. Zero Day Initiative To this vulnerability ZDI-CAN-11365 Was numbered.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. NETGEAR R7450 is a router from Netgear. A hardware device that connects two or more networks and acts as a gateway between the networks
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "r6260",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "1.1.0.78"
},
{
"_id": null,
"model": "r7450",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "1.2.0.76"
},
{
"_id": null,
"model": "ac2100",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "1.2.0.76"
},
{
"_id": null,
"model": "ac2400",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "1.2.0.76"
},
{
"_id": null,
"model": "r6020",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "1.0.0.48"
},
{
"_id": null,
"model": "r6080",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "1.0.0.48"
},
{
"_id": null,
"model": "r6800",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "1.2.0.76"
},
{
"_id": null,
"model": "r6850",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "1.1.0.78"
},
{
"_id": null,
"model": "r7200",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "1.2.0.76"
},
{
"_id": null,
"model": "r7350",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "1.2.0.76"
},
{
"_id": null,
"model": "r7400",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "1.2.0.76"
},
{
"_id": null,
"model": "ac2600",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "1.2.0.76"
},
{
"_id": null,
"model": "r6350",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "1.1.0.78"
},
{
"_id": null,
"model": "r6330",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "1.1.0.78"
},
{
"_id": null,
"model": "r6700",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "1.2.0.76"
},
{
"_id": null,
"model": "r6900",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "1.2.0.76"
},
{
"_id": null,
"model": "r6220",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "1.1.0.104"
},
{
"_id": null,
"model": "r6230",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "1.1.0.104"
},
{
"_id": null,
"model": "r6120",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.0.76"
},
{
"_id": null,
"model": "ac2100",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"_id": null,
"model": "r7400",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"_id": null,
"model": "r7200",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"_id": null,
"model": "r6900",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"_id": null,
"model": "ac2400",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"_id": null,
"model": "ac2600",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"_id": null,
"model": "r7450",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"_id": null,
"model": "r6800",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"_id": null,
"model": "r7350",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"_id": null,
"model": "r6700",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"_id": null,
"model": "r7450",
"scope": null,
"trust": 0.7,
"vendor": "netgear",
"version": null
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-071"
},
{
"db": "CNVD",
"id": "CNVD-2022-06704"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015834"
},
{
"db": "NVD",
"id": "CVE-2020-27872"
}
]
},
"credits": {
"_id": null,
"data": "1sd3d of Viettel Cyber Security",
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-071"
}
],
"trust": 0.7
},
"cve": "CVE-2020-27872",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"id": "CVE-2020-27872",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"id": "CNVD-2022-06704",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "zdi-disclosures@trendmicro.com",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2020-27872",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2020-27872",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2020-27872",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "NONE",
"vectorString": "AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-27872",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "zdi-disclosures@trendmicro.com",
"id": "CVE-2020-27872",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2020-27872",
"trust": 0.8,
"value": "High"
},
{
"author": "ZDI",
"id": "CVE-2020-27872",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2022-06704",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202102-385",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2020-27872",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-071"
},
{
"db": "CNVD",
"id": "CNVD-2022-06704"
},
{
"db": "VULMON",
"id": "CVE-2020-27872"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015834"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-385"
},
{
"db": "NVD",
"id": "CVE-2020-27872"
},
{
"db": "NVD",
"id": "CVE-2020-27872"
}
]
},
"description": {
"_id": null,
"data": "This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R7450 1.2.0.62_1.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the mini_httpd service, which listens on TCP port 80 by default. The issue results from improper state tracking in the password recovery process. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-11365. NETGEAR R7450 A router contains a vulnerability related to the leakage of resources to the wrong area. Zero Day Initiative To this vulnerability ZDI-CAN-11365 Was numbered.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. NETGEAR R7450 is a router from Netgear. A hardware device that connects two or more networks and acts as a gateway between the networks",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-27872"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015834"
},
{
"db": "ZDI",
"id": "ZDI-21-071"
},
{
"db": "CNVD",
"id": "CNVD-2022-06704"
},
{
"db": "VULMON",
"id": "CVE-2020-27872"
}
],
"trust": 2.88
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2020-27872",
"trust": 3.8
},
{
"db": "ZDI",
"id": "ZDI-21-071",
"trust": 3.2
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015834",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-11365",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2022-06704",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202102-385",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2020-27872",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-071"
},
{
"db": "CNVD",
"id": "CNVD-2022-06704"
},
{
"db": "VULMON",
"id": "CVE-2020-27872"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015834"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-385"
},
{
"db": "NVD",
"id": "CVE-2020-27872"
}
]
},
"id": "VAR-202102-0343",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-06704"
}
],
"trust": 0.9393898425
},
"iot_taxonomy": {
"_id": null,
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-06704"
}
]
},
"last_update_date": "2024-11-23T22:37:05.259000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Security\u00a0Advisory\u00a0for\u00a0Password\u00a0Recovery\u00a0Vulnerabilities\u00a0on\u00a0Some\u00a0Routers",
"trust": 1.5,
"url": "https://kb.netgear.com/000062641/Security-Advisory-for-Password-Recovery-Vulnerabilities-on-Some-Routers"
},
{
"title": "Patch for NETGEAR R7450 Authentication Bypass Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/316191"
},
{
"title": "NETGEAR R7450 Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=140609"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-071"
},
{
"db": "CNVD",
"id": "CNVD-2022-06704"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015834"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-385"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-642",
"trust": 1.0
},
{
"problemtype": "CWE-668",
"trust": 1.0
},
{
"problemtype": "Leakage of resources to the wrong area (CWE-668) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-015834"
},
{
"db": "NVD",
"id": "CVE-2020-27872"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 2.4,
"url": "https://kb.netgear.com/000062641/security-advisory-for-password-recovery-vulnerabilities-on-some-routers"
},
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-27872"
},
{
"trust": 1.8,
"url": "https://www.zerodayinitiative.com/advisories/zdi-21-071/"
},
{
"trust": 0.8,
"url": "https://www.zerodayinitiative.com/advisories/zdi-21-071//"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/668.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-071"
},
{
"db": "CNVD",
"id": "CNVD-2022-06704"
},
{
"db": "VULMON",
"id": "CVE-2020-27872"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015834"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-385"
},
{
"db": "NVD",
"id": "CVE-2020-27872"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "ZDI",
"id": "ZDI-21-071",
"ident": null
},
{
"db": "CNVD",
"id": "CNVD-2022-06704",
"ident": null
},
{
"db": "VULMON",
"id": "CVE-2020-27872",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015834",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-202102-385",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2020-27872",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2021-01-18T00:00:00",
"db": "ZDI",
"id": "ZDI-21-071",
"ident": null
},
{
"date": "2022-01-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-06704",
"ident": null
},
{
"date": "2021-02-04T00:00:00",
"db": "VULMON",
"id": "CVE-2020-27872",
"ident": null
},
{
"date": "2021-10-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-015834",
"ident": null
},
{
"date": "2021-02-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202102-385",
"ident": null
},
{
"date": "2021-02-04T17:15:13.293000",
"db": "NVD",
"id": "CVE-2020-27872",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2021-01-18T00:00:00",
"db": "ZDI",
"id": "ZDI-21-071",
"ident": null
},
{
"date": "2022-01-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-06704",
"ident": null
},
{
"date": "2021-02-08T00:00:00",
"db": "VULMON",
"id": "CVE-2020-27872",
"ident": null
},
{
"date": "2021-10-19T07:03:00",
"db": "JVNDB",
"id": "JVNDB-2020-015834",
"ident": null
},
{
"date": "2021-02-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202102-385",
"ident": null
},
{
"date": "2024-11-21T05:21:58.533000",
"db": "NVD",
"id": "CVE-2020-27872",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202102-385"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "NETGEAR\u00a0R7450\u00a0 Vulnerability in leaking resources to incorrect area in router",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-015834"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202102-385"
}
],
"trust": 0.6
}
}
var-202108-1582
Vulnerability from variot
Certain NETGEAR devices are affected by stored XSS. This affects D6200 before 1.1.00.40, D7000 before 1.0.1.78, R6020 before 1.0.0.48, R6080 before 1.0.0.48, R6120 before 1.0.0.66, R6260 before 1.1.0.78, R6700v2 before 1.2.0.76, R6800 before 1.2.0.76, R6900v2 before 1.2.0.76, R6850 before 1.1.0.78, R7200 before 1.2.0.76, R7350 before 1.2.0.76, R7400 before 1.2.0.76, R7450 before 1.2.0.76, AC2100 before 1.2.0.76, AC2400 before 1.2.0.76, AC2600 before 1.2.0.76, and RAX40 before 1.0.3.62. plural NETGEAR A cross-site scripting vulnerability exists in the device.Information may be obtained and information may be tampered with. This affects D6200 prior to 1.1.00.40, D7000 prior to 1.0.1.78, R6020 prior to 1.0.0.48, R6080 prior to 1.0.0.48, R6120 prior to 1.0.0.66, R6260 prior to 1.1.0.78, R6700v2 prior to 1.2.0.76, R6800 prior to 1.2.0.76, R6900v2 prior to 1.2.0.76, R6850 prior to 1.1.0.78, R7200 prior to 1.2.0.76, R7350 prior to 1.2.0.76, R7400 prior to 1.2.0.76, R7450 prior to 1.2.0.76, AC2100 prior to 1.2.0.76, AC2400 prior to 1.2.0.76, AC2600 prior to 1.2.0.76, and RAX40 prior to 1.0.3.62
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202108-1582",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "r7200",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.2.0.76"
},
{
"model": "r7400",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.2.0.76"
},
{
"model": "r6120",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.0.66"
},
{
"model": "r7350",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.2.0.76"
},
{
"model": "r6020",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.0.48"
},
{
"model": "r6260",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.1.0.78"
},
{
"model": "ac2100",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.2.0.76"
},
{
"model": "r6850",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.1.0.78"
},
{
"model": "r6900",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.2.0.76"
},
{
"model": "d7000",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.1.78"
},
{
"model": "r7450",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.2.0.76"
},
{
"model": "d6200",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.1.00.40"
},
{
"model": "ac2600",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.2.0.76"
},
{
"model": "r6080",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.0.48"
},
{
"model": "r6700",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.2.0.76"
},
{
"model": "ac2400",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.2.0.76"
},
{
"model": "rax40",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.3.62"
},
{
"model": "r6800",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.2.0.76"
},
{
"model": "d7000",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "r6020",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "r6850",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "r6700",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "r6080",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "r6800",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "r6120",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "r6900",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "r6260",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "d6200",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-010441"
},
{
"db": "NVD",
"id": "CVE-2021-38537"
}
]
},
"cve": "CVE-2021-38537",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"id": "CVE-2021-38537",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 1.7,
"id": "CVE-2021-38537",
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "cve@mitre.org",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 1.1,
"id": "CVE-2021-38537",
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.8,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2021-38537",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "High",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-38537",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "cve@mitre.org",
"id": "CVE-2021-38537",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2021-38537",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202108-948",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2021-38537",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-38537"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-010441"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-948"
},
{
"db": "NVD",
"id": "CVE-2021-38537"
},
{
"db": "NVD",
"id": "CVE-2021-38537"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Certain NETGEAR devices are affected by stored XSS. This affects D6200 before 1.1.00.40, D7000 before 1.0.1.78, R6020 before 1.0.0.48, R6080 before 1.0.0.48, R6120 before 1.0.0.66, R6260 before 1.1.0.78, R6700v2 before 1.2.0.76, R6800 before 1.2.0.76, R6900v2 before 1.2.0.76, R6850 before 1.1.0.78, R7200 before 1.2.0.76, R7350 before 1.2.0.76, R7400 before 1.2.0.76, R7450 before 1.2.0.76, AC2100 before 1.2.0.76, AC2400 before 1.2.0.76, AC2600 before 1.2.0.76, and RAX40 before 1.0.3.62. plural NETGEAR A cross-site scripting vulnerability exists in the device.Information may be obtained and information may be tampered with. This affects D6200 prior to 1.1.00.40, D7000 prior to 1.0.1.78, R6020 prior to 1.0.0.48, R6080 prior to 1.0.0.48, R6120 prior to 1.0.0.66, R6260 prior to 1.1.0.78, R6700v2 prior to 1.2.0.76, R6800 prior to 1.2.0.76, R6900v2 prior to 1.2.0.76, R6850 prior to 1.1.0.78, R7200 prior to 1.2.0.76, R7350 prior to 1.2.0.76, R7400 prior to 1.2.0.76, R7450 prior to 1.2.0.76, AC2100 prior to 1.2.0.76, AC2400 prior to 1.2.0.76, AC2600 prior to 1.2.0.76, and RAX40 prior to 1.0.3.62",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-38537"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-010441"
},
{
"db": "VULMON",
"id": "CVE-2021-38537"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-38537",
"trust": 3.3
},
{
"db": "JVNDB",
"id": "JVNDB-2021-010441",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202108-948",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-38537",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-38537"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-010441"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-948"
},
{
"db": "NVD",
"id": "CVE-2021-38537"
}
]
},
"id": "VAR-202108-1582",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.3448261410000001
},
"last_update_date": "2024-08-14T14:25:15.667000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Security\u00a0Advisory\u00a0for\u00a0Stored\u00a0Cross\u00a0Site\u00a0Scripting\u00a0on\u00a0Some\u00a0Routers\u00a0and\u00a0Gateways,\u00a0PSV-2019-0245",
"trust": 0.8,
"url": "https://kb.netgear.com/000063775/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-and-Gateways-PSV-2019-0245"
},
{
"title": "Netgear NETGEAR Fixes for cross-site scripting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=159342"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-010441"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-948"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.0
},
{
"problemtype": "Cross-site scripting (CWE-79) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-010441"
},
{
"db": "NVD",
"id": "CVE-2021-38537"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://kb.netgear.com/000063775/security-advisory-for-stored-cross-site-scripting-on-some-routers-and-gateways-psv-2019-0245"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-38537"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/79.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-38537"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-010441"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-948"
},
{
"db": "NVD",
"id": "CVE-2021-38537"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2021-38537"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-010441"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-948"
},
{
"db": "NVD",
"id": "CVE-2021-38537"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-08-11T00:00:00",
"db": "VULMON",
"id": "CVE-2021-38537"
},
{
"date": "2022-07-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-010441"
},
{
"date": "2021-08-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202108-948"
},
{
"date": "2021-08-11T00:17:48.797000",
"db": "NVD",
"id": "CVE-2021-38537"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-08-19T00:00:00",
"db": "VULMON",
"id": "CVE-2021-38537"
},
{
"date": "2022-07-01T06:11:00",
"db": "JVNDB",
"id": "JVNDB-2021-010441"
},
{
"date": "2021-08-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202108-948"
},
{
"date": "2021-08-19T16:11:30.870000",
"db": "NVD",
"id": "CVE-2021-38537"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202108-948"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0NETGEAR\u00a0 Cross-site scripting vulnerabilities in devices",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-010441"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202108-948"
}
],
"trust": 0.6
}
}
var-202112-2220
Vulnerability from variot
plural NETGEAR There is an unspecified vulnerability in the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state.
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202112-2220",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "r6080",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.0.52"
},
{
"model": "r6020",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.0.52"
},
{
"model": "ac2400",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.1.0.84"
},
{
"model": "r7350",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.1.0.84"
},
{
"model": "r6120",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.0.80"
},
{
"model": "d7000",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.1.82"
},
{
"model": "r6850",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.1.0.84"
},
{
"model": "r6260",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.1.0.84"
},
{
"model": "r6700v2",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.1.0.84"
},
{
"model": "ac2600",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.1.0.84"
},
{
"model": "r7450",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.1.0.84"
},
{
"model": "r7200",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.1.0.84"
},
{
"model": "r6800",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.1.0.84"
},
{
"model": "r6230",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.1.0.110"
},
{
"model": "r6350",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.1.0.84"
},
{
"model": "r6900v2",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.1.0.84"
},
{
"model": "r6220",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.1.0.110"
},
{
"model": "r7400",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.1.0.84"
},
{
"model": "r6330",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.1.0.84"
},
{
"model": "r6230",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "ac2600",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "ac2400",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "r6260",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "d7000",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "r6080",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "r6120",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "r6220",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "r6020",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "r6330",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-017200"
},
{
"db": "NVD",
"id": "CVE-2021-45501"
}
]
},
"cve": "CVE-2021-45501",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2021-45501",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2021-45501",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "cve@mitre.org",
"availabilityImpact": "LOW",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2021-45501",
"impactScore": 5.5,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-45501",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-45501",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "cve@mitre.org",
"id": "CVE-2021-45501",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2021-45501",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-202112-2318",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2021-45501",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-45501"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-017200"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2318"
},
{
"db": "NVD",
"id": "CVE-2021-45501"
},
{
"db": "NVD",
"id": "CVE-2021-45501"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural NETGEAR There is an unspecified vulnerability in the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state.",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-017200"
}
],
"trust": 0.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-45501",
"trust": 3.3
},
{
"db": "JVNDB",
"id": "JVNDB-2021-017200",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2318",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-45501",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-45501"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-017200"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2318"
},
{
"db": "NVD",
"id": "CVE-2021-45501"
}
]
},
"id": "VAR-202112-2220",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.4191066944444444
},
"last_update_date": "2024-11-23T23:03:57.999000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Security\u00a0Advisory\u00a0for\u00a0Authentication\u00a0Bypass\u00a0on\u00a0Some\u00a0Routers,\u00a0PSV-2021-0154",
"trust": 0.8,
"url": "https://kb.netgear.com/000064532/Security-Advisory-for-Authentication-Bypass-on-Some-Routers-PSV-2021-0154"
},
{
"title": "Netgear NETGEAR Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=176034"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-017200"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2318"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "Lack of information (CWE-noinfo) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-017200"
},
{
"db": "NVD",
"id": "CVE-2021-45501"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://kb.netgear.com/000064532/security-advisory-for-authentication-bypass-on-some-routers-psv-2021-0154"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-45501"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/287.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-45501"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-017200"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2318"
},
{
"db": "NVD",
"id": "CVE-2021-45501"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2021-45501"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-017200"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2318"
},
{
"db": "NVD",
"id": "CVE-2021-45501"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-12-26T00:00:00",
"db": "VULMON",
"id": "CVE-2021-45501"
},
{
"date": "2023-01-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-017200"
},
{
"date": "2021-12-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202112-2318"
},
{
"date": "2021-12-26T01:15:12.930000",
"db": "NVD",
"id": "CVE-2021-45501"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-01-06T00:00:00",
"db": "VULMON",
"id": "CVE-2021-45501"
},
{
"date": "2023-01-10T01:16:00",
"db": "JVNDB",
"id": "JVNDB-2021-017200"
},
{
"date": "2022-07-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202112-2318"
},
{
"date": "2024-11-21T06:32:21.403000",
"db": "NVD",
"id": "CVE-2021-45501"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202112-2318"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0NETGEAR\u00a0 Vulnerabilities in devices",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-017200"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202112-2318"
}
],
"trust": 0.6
}
}
var-202005-0487
Vulnerability from variot
Certain NETGEAR devices are affected by Missing SSL Certificate Validation. This affects R7000 1.0.9.6_1.2.19 through 1.0.11.100_10.2.10, and possibly R6120, R7800, R6220, R8000, R6350, R9000, R6400, RAX120, R6400v2, RBR20, R6800, XR300, R6850, XR500, and R7000P. NETGEAR R7000 is a wireless router of NETGEAR. Attackers can use this vulnerability to send malicious firmware updates to routers by implementing man-in-the-middle attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202005-0487",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "r6800",
"scope": "lte",
"trust": 1.0,
"vendor": "netgear",
"version": "v1.0.11.100_10.2.100"
},
{
"model": "r6220",
"scope": "lte",
"trust": 1.0,
"vendor": "netgear",
"version": "v1.0.11.100_10.2.100"
},
{
"model": "r7800",
"scope": "gte",
"trust": 1.0,
"vendor": "netgear",
"version": "v1.0.9.6_1.2.19"
},
{
"model": "xr300",
"scope": "lte",
"trust": 1.0,
"vendor": "netgear",
"version": "v1.0.11.100_10.2.100"
},
{
"model": "rax120",
"scope": "lte",
"trust": 1.0,
"vendor": "netgear",
"version": "v1.0.11.100_10.2.100"
},
{
"model": "r6120",
"scope": "gte",
"trust": 1.0,
"vendor": "netgear",
"version": "v1.0.9.6_1.2.19"
},
{
"model": "rax120",
"scope": "gte",
"trust": 1.0,
"vendor": "netgear",
"version": "v1.0.9.6_1.2.19"
},
{
"model": "rbr20",
"scope": "gte",
"trust": 1.0,
"vendor": "netgear",
"version": "v1.0.9.6_1.2.19"
},
{
"model": "rbr20",
"scope": "lte",
"trust": 1.0,
"vendor": "netgear",
"version": "v1.0.11.100_10.2.100"
},
{
"model": "r9000",
"scope": "gte",
"trust": 1.0,
"vendor": "netgear",
"version": "v1.0.9.6_1.2.19"
},
{
"model": "r7800",
"scope": "lte",
"trust": 1.0,
"vendor": "netgear",
"version": "v1.0.11.100_10.2.100"
},
{
"model": "xr500",
"scope": "gte",
"trust": 1.0,
"vendor": "netgear",
"version": "v1.0.9.6_1.2.19"
},
{
"model": "r7000p",
"scope": "gte",
"trust": 1.0,
"vendor": "netgear",
"version": "v1.0.9.6_1.2.19"
},
{
"model": "r8000",
"scope": "gte",
"trust": 1.0,
"vendor": "netgear",
"version": "v1.0.9.6_1.2.19"
},
{
"model": "r6120",
"scope": "lte",
"trust": 1.0,
"vendor": "netgear",
"version": "v1.0.11.100_10.2.100"
},
{
"model": "r6400",
"scope": "gte",
"trust": 1.0,
"vendor": "netgear",
"version": "v1.0.9.6_1.2.19"
},
{
"model": "r7000p",
"scope": "lte",
"trust": 1.0,
"vendor": "netgear",
"version": "v1.0.11.100_10.2.100"
},
{
"model": "r8000",
"scope": "lte",
"trust": 1.0,
"vendor": "netgear",
"version": "v1.0.11.100_10.2.100"
},
{
"model": "xr300",
"scope": "gte",
"trust": 1.0,
"vendor": "netgear",
"version": "v1.0.9.6_1.2.19"
},
{
"model": "r9000",
"scope": "lte",
"trust": 1.0,
"vendor": "netgear",
"version": "v1.0.11.100_10.2.100"
},
{
"model": "r6400",
"scope": "lte",
"trust": 1.0,
"vendor": "netgear",
"version": "v1.0.11.100_10.2.100"
},
{
"model": "r6850",
"scope": "gte",
"trust": 1.0,
"vendor": "netgear",
"version": "v1.0.9.6_1.2.19"
},
{
"model": "r6350",
"scope": "gte",
"trust": 1.0,
"vendor": "netgear",
"version": "v1.0.9.6_1.2.19"
},
{
"model": "r6800",
"scope": "gte",
"trust": 1.0,
"vendor": "netgear",
"version": "v1.0.9.6_1.2.19"
},
{
"model": "xr500",
"scope": "lte",
"trust": 1.0,
"vendor": "netgear",
"version": "v1.0.11.100_10.2.100"
},
{
"model": "r6850",
"scope": "lte",
"trust": 1.0,
"vendor": "netgear",
"version": "v1.0.11.100_10.2.100"
},
{
"model": "r6350",
"scope": "lte",
"trust": 1.0,
"vendor": "netgear",
"version": "v1.0.11.100_10.2.100"
},
{
"model": "r6220",
"scope": "gte",
"trust": 1.0,
"vendor": "netgear",
"version": "v1.0.9.6_1.2.19"
},
{
"model": "r6120",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "1.0.9.6_1.2.19 \u304b\u3089 1.0.11.100_10.2.10"
},
{
"model": "r6220",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "1.0.9.6_1.2.19 \u304b\u3089 1.0.11.100_10.2.10"
},
{
"model": "r6350",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "1.0.9.6_1.2.19 \u304b\u3089 1.0.11.100_10.2.10"
},
{
"model": "r6400",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "1.0.9.6_1.2.19 \u304b\u3089 1.0.11.100_10.2.10"
},
{
"model": "r6800",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "1.0.9.6_1.2.19 \u304b\u3089 1.0.11.100_10.2.10"
},
{
"model": "r6850",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "1.0.9.6_1.2.19 \u304b\u3089 1.0.11.100_10.2.10"
},
{
"model": "r7000p",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "1.0.9.6_1.2.19 \u304b\u3089 1.0.11.100_10.2.10"
},
{
"model": "r7800",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "1.0.9.6_1.2.19 \u304b\u3089 1.0.11.100_10.2.10"
},
{
"model": "r8000",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "1.0.9.6_1.2.19 \u304b\u3089 1.0.11.100_10.2.10"
},
{
"model": "r9000",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "1.0.9.6_1.2.19 \u304b\u3089 1.0.11.100_10.2.10"
},
{
"model": "r6400",
"scope": null,
"trust": 0.6,
"vendor": "netgear",
"version": null
},
{
"model": "r7000p",
"scope": null,
"trust": 0.6,
"vendor": "netgear",
"version": null
},
{
"model": "r8000",
"scope": null,
"trust": 0.6,
"vendor": "netgear",
"version": null
},
{
"model": "r6350",
"scope": null,
"trust": 0.6,
"vendor": "netgear",
"version": null
},
{
"model": "xr300",
"scope": null,
"trust": 0.6,
"vendor": "netgear",
"version": null
},
{
"model": "r6850",
"scope": null,
"trust": 0.6,
"vendor": "netgear",
"version": null
},
{
"model": "xr500",
"scope": null,
"trust": 0.6,
"vendor": "netgear",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-30829"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005897"
},
{
"db": "NVD",
"id": "CVE-2020-13245"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:netgear:r6120_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:netgear:r6220_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:netgear:r6350_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:netgear:r6400_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:netgear:r6800_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:netgear:r6850_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:netgear:r7000p_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:netgear:r7800_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:netgear:r8000_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:netgear:r9000_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-005897"
}
]
},
"cve": "CVE-2020-13245",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2020-13245",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-005897",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"confidentialityImpact": "NONE",
"exploitabilityScore": 4.9,
"id": "CNVD-2020-30829",
"impactScore": 6.9,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:H/Au:N/C:N/I:C/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.2,
"id": "CVE-2020-13245",
"impactScore": 3.6,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.9,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-005897",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-13245",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "JVNDB-2020-005897",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2020-30829",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202005-1394",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-30829"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005897"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-1394"
},
{
"db": "NVD",
"id": "CVE-2020-13245"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Certain NETGEAR devices are affected by Missing SSL Certificate Validation. This affects R7000 1.0.9.6_1.2.19 through 1.0.11.100_10.2.10, and possibly R6120, R7800, R6220, R8000, R6350, R9000, R6400, RAX120, R6400v2, RBR20, R6800, XR300, R6850, XR500, and R7000P. NETGEAR R7000 is a wireless router of NETGEAR. Attackers can use this vulnerability to send malicious firmware updates to routers by implementing man-in-the-middle attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-13245"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005897"
},
{
"db": "CNVD",
"id": "CNVD-2020-30829"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-13245",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005897",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-30829",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202005-1394",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-30829"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005897"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-1394"
},
{
"db": "NVD",
"id": "CVE-2020-13245"
}
]
},
"id": "VAR-202005-0487",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-30829"
}
],
"trust": 0.9236892400000001
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-30829"
}
]
},
"last_update_date": "2024-11-23T22:21:11.577000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.netgear.com/"
},
{
"title": "Patch for NETGEAR man-in-the-middle vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/219613"
},
{
"title": "Multiple NETGEAR Repair measures for product trust management problem vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=123121"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-30829"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005897"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-1394"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-295",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-005897"
},
{
"db": "NVD",
"id": "CVE-2020-13245"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://iot-lab-fh-ooe.github.io/netgear_update_vulnerability/"
},
{
"trust": 1.6,
"url": "https://www.netgear.com/about/security/"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13245"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-13245"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-005897"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-1394"
},
{
"db": "NVD",
"id": "CVE-2020-13245"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-30829"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005897"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-1394"
},
{
"db": "NVD",
"id": "CVE-2020-13245"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-06-01T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-30829"
},
{
"date": "2020-06-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-005897"
},
{
"date": "2020-05-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202005-1394"
},
{
"date": "2020-05-28T19:15:10.830000",
"db": "NVD",
"id": "CVE-2020-13245"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-06-01T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-30829"
},
{
"date": "2020-06-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-005897"
},
{
"date": "2020-07-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202005-1394"
},
{
"date": "2024-11-21T05:00:51.973000",
"db": "NVD",
"id": "CVE-2020-13245"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202005-1394"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural NETGEAR Certificate validation vulnerabilities in devices",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-005897"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202005-1394"
}
],
"trust": 0.6
}
}
var-202112-2305
Vulnerability from variot
Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects AC2100 before 1.2.0.88, AC2400 before 1.2.0.88, AC2600 before 1.2.0.88, R6220 before 1.1.0.110, R6230 before 1.1.0.110, R6260 before 1.1.0.84, R6330 before 1.1.0.84, R6350 before 1.1.0.84, R6700v2 before 1.2.0.88, R6800 before 1.2.0.88, R6850 before 1.1.0.84, R6900v2 before 1.2.0.88, R7200 before 1.2.0.88, R7350 before 1.2.0.88, R7400 before 1.2.0.88, and R7450 before 1.2.0.88. plural NETGEAR There is an unspecified vulnerability in the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This affects AC2100 prior to 1.2.0.88, AC2400 prior to 1.2.0.88, AC2600 prior to 1.2.0.88, R6220 prior to 1.1.0.110, R6230 prior to 1.1.0.110, R6260 prior to 1.1.0.84, R6330 prior to 1.1.0.84, R6350 prior to 1.1.0.84, R6700v2 prior to 1.2.0.88, R6800 prior to 1.2.0.88, R6850 prior to 1.1.0.84, R6900v2 prior to 1.2.0.88, R7200 prior to 1.2.0.88, R7350 prior to 1.2.0.88, R7400 prior to 1.2.0.88, and R7450 prior to 1.2.0.88
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202112-2305",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ac2100",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.2.0.88"
},
{
"model": "r6900v2",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.2.0.88"
},
{
"model": "r6230",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.1.0.110"
},
{
"model": "ac2400",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.2.0.88"
},
{
"model": "r6350",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.1.0.84"
},
{
"model": "r7400",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.2.0.88"
},
{
"model": "r7350",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.2.0.88"
},
{
"model": "ac2600",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.2.0.88"
},
{
"model": "r6220",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.1.0.110"
},
{
"model": "r6800",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.2.0.88"
},
{
"model": "r7450",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.2.0.88"
},
{
"model": "r6330",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.1.0.84"
},
{
"model": "r6850",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.1.0.84"
},
{
"model": "r6700v2",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.2.0.88"
},
{
"model": "r6260",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.1.0.84"
},
{
"model": "r7200",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.2.0.88"
},
{
"model": "ac2100",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "r6350",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "r6260",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "r6220",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "r6800",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "r6330",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "r6700v2",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "ac2400",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "r6230",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "ac2600",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-017544"
},
{
"db": "NVD",
"id": "CVE-2021-45644"
}
]
},
"cve": "CVE-2021-45644",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2021-45644",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2021-45644",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "cve@mitre.org",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.9,
"id": "CVE-2021-45644",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-45644",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-45644",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "cve@mitre.org",
"id": "CVE-2021-45644",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2021-45644",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-202112-2438",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-017544"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2438"
},
{
"db": "NVD",
"id": "CVE-2021-45644"
},
{
"db": "NVD",
"id": "CVE-2021-45644"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects AC2100 before 1.2.0.88, AC2400 before 1.2.0.88, AC2600 before 1.2.0.88, R6220 before 1.1.0.110, R6230 before 1.1.0.110, R6260 before 1.1.0.84, R6330 before 1.1.0.84, R6350 before 1.1.0.84, R6700v2 before 1.2.0.88, R6800 before 1.2.0.88, R6850 before 1.1.0.84, R6900v2 before 1.2.0.88, R7200 before 1.2.0.88, R7350 before 1.2.0.88, R7400 before 1.2.0.88, and R7450 before 1.2.0.88. plural NETGEAR There is an unspecified vulnerability in the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This affects AC2100 prior to 1.2.0.88, AC2400 prior to 1.2.0.88, AC2600 prior to 1.2.0.88, R6220 prior to 1.1.0.110, R6230 prior to 1.1.0.110, R6260 prior to 1.1.0.84, R6330 prior to 1.1.0.84, R6350 prior to 1.1.0.84, R6700v2 prior to 1.2.0.88, R6800 prior to 1.2.0.88, R6850 prior to 1.1.0.84, R6900v2 prior to 1.2.0.88, R7200 prior to 1.2.0.88, R7350 prior to 1.2.0.88, R7400 prior to 1.2.0.88, and R7450 prior to 1.2.0.88",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-45644"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-017544"
},
{
"db": "VULMON",
"id": "CVE-2021-45644"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-45644",
"trust": 3.3
},
{
"db": "JVNDB",
"id": "JVNDB-2021-017544",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2438",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-45644",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-45644"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-017544"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2438"
},
{
"db": "NVD",
"id": "CVE-2021-45644"
}
]
},
"id": "VAR-202112-2305",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.51070838
},
"last_update_date": "2024-11-23T22:50:58.459000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Security\u00a0Advisory\u00a0for\u00a0Security\u00a0Misconfiguration\u00a0on\u00a0Some\u00a0Routers,\u00a0PSV-2021-0046",
"trust": 0.8,
"url": "https://kb.netgear.com/000064162/Security-Advisory-for-Security-Misconfiguration-on-Some-Routers-PSV-2021-0046"
},
{
"title": "Netgear NETGEAR Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=176676"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-017544"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2438"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "Lack of information (CWE-noinfo) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-017544"
},
{
"db": "NVD",
"id": "CVE-2021-45644"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://kb.netgear.com/000064162/security-advisory-for-security-misconfiguration-on-some-routers-psv-2021-0046"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-45644"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-45644"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-017544"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2438"
},
{
"db": "NVD",
"id": "CVE-2021-45644"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2021-45644"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-017544"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2438"
},
{
"db": "NVD",
"id": "CVE-2021-45644"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-12-26T00:00:00",
"db": "VULMON",
"id": "CVE-2021-45644"
},
{
"date": "2023-01-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-017544"
},
{
"date": "2021-12-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202112-2438"
},
{
"date": "2021-12-26T01:15:19.827000",
"db": "NVD",
"id": "CVE-2021-45644"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-12-27T00:00:00",
"db": "VULMON",
"id": "CVE-2021-45644"
},
{
"date": "2023-01-25T02:01:00",
"db": "JVNDB",
"id": "JVNDB-2021-017544"
},
{
"date": "2022-01-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202112-2438"
},
{
"date": "2024-11-21T06:32:45.947000",
"db": "NVD",
"id": "CVE-2021-45644"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202112-2438"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0NETGEAR\u00a0 Vulnerabilities in devices",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-017544"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202112-2438"
}
],
"trust": 0.6
}
}
Vulnerability from fkie_nvd
Published
2020-12-30 00:15
Modified
2024-11-21 05:28
Severity ?
9.4 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
9.4 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
9.4 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
Summary
Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects AC2100 before 1.2.0.72, AC2400 before 1.2.0.72, AC2600 before 1.2.0.72, CBK40 before 2.5.0.10, CBR40 before 2.5.0.10, D6000 before 1.0.0.80, D6220 before 1.0.0.60, D6400 before 1.0.0.94, D7000v2 before 1.0.0.62, D7800 before 1.0.3.48, D8500 before 1.0.3.50, DC112A before 1.0.0.48, DGN2200v4 before 1.0.0.114, DM200 before 1.0.0.66, EAX20 before 1.0.0.36, EAX80 before 1.0.1.62, EX2700 before 1.0.1.58, EX3110 before 1.0.1.68, EX3700 before 1.0.0.84, EX3800 before 1.0.0.84, EX3920 before 1.0.0.84, EX6000 before 1.0.0.44, EX6100v2 before 1.0.1.94, EX6110 before 1.0.1.68, EX6120 before 1.0.0.54, EX6130 before 1.0.0.36, EX6150v1 before 1.0.0.46, EX6150v2 before 1.0.1.94, EX6200v1 before 1.0.3.94, EX6250 before 1.0.0.128, EX6400 before 1.0.2.152, EX6400v2 before 1.0.0.128, EX6410 before 1.0.0.128, EX6920 before 1.0.0.54, EX7000 before 1.0.1.90, EX7300 before 1.0.2.152, EX7300v2 before 1.0.0.128, EX7320 before 1.0.0.128, EX7500 before 1.0.0.68, EX7700 before 1.0.0.210, EX8000 before 1.0.1.224, MK62 before 1.0.5.102, MR60 before 1.0.5.102, MS60 before 1.0.5.102, R6120 before 1.0.0.70, R6220 before 1.1.0.100, R6230 before 1.1.0.100, R6250 before 1.0.4.42, R6260 before 1.1.0.76, R6300v2 before 1.0.4.42, R6330 before 1.1.0.76, R6350 before 1.1.0.76, R6400v1 before 1.0.1.62, R6400v2 before 1.0.4.98, R6700v1 before 1.0.2.16, R6700v2 before 1.2.0.72, R6700v3 before 1.0.4.98, R6800 before 1.2.0.72, R6800 before 1.2.0.72, R6850 before 1.1.0.76, R6900 before 1.0.2.16, R6900P before 1.3.2.124, R6900v2 before 1.2.0.72, R7000 before 1.0.11.106, R7000P before 1.3.2.124, R7100LG before 1.0.0.56, R7200 before 1.2.0.72, R7350 before 1.2.0.72, R7400 before 1.2.0.72, R7450 before 1.2.0.72, R7500v2 before 1.0.3.48, R7800 before 1.0.2.74, R7850 before 1.0.5.60, R7900 before 1.0.4.26, R7900P before 1.4.1.62, R7960P before 1.4.1.62, R8000 before 1.0.4.58, R8000P before 1.4.1.62, R8300 before 1.0.2.134, R8500 before 1.0.2.134, R8900 before 1.0.5.24, R9000 before 1.0.5.24, RAX120 before 1.0.1.136, RAX15 before 1.0.1.64, RAX20 before 1.0.1.64, RAX200 before 1.0.5.24, RAX35 before 1.0.3.80, RAX40 before 1.0.3.80, RAX45 before 1.0.2.64, RAX50 before 1.0.2.64, RAX75 before 1.0.3.102, RAX80 before 1.0.3.102, RBK12 before 2.6.1.44, RBR10 before 2.6.1.44, RBS10 before 2.6.1.44, RBK20 before 2.6.1.38, RBR20 before 2.6.1.36, RBS20 before 2.6.1.38, RBK40 before 2.6.1.38, RBR40 before 2.6.1.38, RBS40 before 2.6.1.38, RBK50 before 2.6.1.40, RBR50 before 2.6.1.40, RBS50 before 2.6.1.40, RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK842 before 3.2.16.6, RBR840 before 3.2.16.6, RBS840 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, RBS850 before 3.2.16.6, RBS40V before 2.5.1.6, RBS40V-200 before 1.0.0.46, RBS50Y before 2.6.1.40, RBW30 before 2.5.0.4, RS400 before 1.5.0.48, WN2500RPv2 before 1.0.1.56, WN3000RPv3 before 1.0.2.86, WN3500RPv1 before 1.0.0.28, WNDR3400v3 before 1.0.1.32, WNR1000v3 before 1.0.2.78, WNR2000v2 before 1.2.0.12, XR300 before 1.0.3.50, XR450 before 2.3.2.66, XR500 before 2.3.2.66, and XR700 before 1.0.1.34.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:ac2100_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4C1280B1-A2DF-4CAB-AB19-6B463206AA3D",
"versionEndExcluding": "1.2.0.72",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:ac2100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A80B06A1-81B5-4C33-89F6-EC3F6E3068B5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:ac2400_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "76C658A4-BF82-40CE-A5E1-C9F3DA1A9B0B",
"versionEndExcluding": "1.2.0.72",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:ac2400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6B25A18F-DD96-45FE-B098-71E60CB0FFFE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:ac2600_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4A3A6655-B468-46FB-84D7-2294D4243C91",
"versionEndExcluding": "1.2.0.72",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:ac2600:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2BFCD9A8-1846-48C4-9F14-3866E983FB74",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:cbk40_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7C3B3284-B11F-4752-9C6A-0B5BECA3DB2B",
"versionEndExcluding": "2.5.0.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:cbk40:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E526746E-1ED6-492E-B28C-A1CA8235D9FD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:cbr40_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2B05686E-7206-4E3B-BDBD-05C8EA6CABB5",
"versionEndExcluding": "2.5.0.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:cbr40:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AE0F7E9E-196C-4106-B1C9-C16FA5910A0F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:d6000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "762CAE87-3C98-4DB8-9B3D-5CCC3D555004",
"versionEndExcluding": "1.0.0.80",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:d6000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6F6EA344-FF99-4F27-9860-3C5BE07345A7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:d6220_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F2A04BB9-E816-49B5-B539-4B36A5CFFA22",
"versionEndExcluding": "1.0.0.60",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:d6220:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F3EEA190-2E9C-4586-BF81-B115532FBA23",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:d6400_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8F4BC21D-8354-4C71-BE68-9D1A14A9471F",
"versionEndExcluding": "1.0.0.94",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:d6400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7D30939B-86E3-4C78-9B05-686B4994C8B9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:d7000v2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B3DCFE88-1262-43BF-88BB-B26658EDEDF1",
"versionEndExcluding": "1.0.0.62",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:d7000v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6DC6BD34-1A2C-4247-A20C-0B44C0F56E0F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:d7800_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "93A32171-41B3-43DF-9027-51382D83158A",
"versionEndExcluding": "1.0.3.48",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:d7800:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DA2D4987-3726-4A72-8D32-592F59FAC46D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:d8500_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8F3F88DD-CE38-45A8-990A-4770A480D1BF",
"versionEndExcluding": "1.0.3.50",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:d8500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "814A0114-9A1D-4EA0-9AF4-6968514E4F01",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:dc112a_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0D989E9B-5626-4238-877A-FFB0FC1C6352",
"versionEndExcluding": "1.0.0.48",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:dc112a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F87FFC46-137D-45B8-B437-F15565FB33D0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:dgn2200v4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AE1AC249-D64C-4E61-A22A-1498712D2758",
"versionEndExcluding": "1.0.0.114",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:dgn2200v4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0BE59214-C8A1-4337-A54C-E4E8C149B241",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:dm200_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CFD91F26-5253-4A05-AB69-94CB2C416F83",
"versionEndExcluding": "1.0.0.66",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:dm200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1B048F71-70F1-4D9F-84E2-9F7340F6ADAB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:eax20_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "62EFA314-85C0-48CC-938E-E2BF42B16746",
"versionEndExcluding": "1.0.0.36",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:eax20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A9D3B54B-33C0-4E50-AD2B-2097C612F288",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:eax80_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C7EE6BC6-DEDA-4005-9E29-D66D0BC7E5C2",
"versionEndExcluding": "1.0.1.62",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:eax80:-:*:*:*:*:*:*:*",
"matchCriteriaId": "97740F5D-063E-424F-A0FE-09EBE1100975",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:ex2700_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F81FC1BC-5186-4642-AD43-459C707B18CB",
"versionEndExcluding": "1.0.1.58",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:ex2700:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5341B659-DE7D-43F1-954D-82049CBE18AD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:ex3110_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "16871358-4EF4-4517-BA05-6ED135691566",
"versionEndExcluding": "1.0.1.68",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:ex3110:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3C254694-4C37-4C5E-BF1C-06EC09BDCA1B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:ex3700_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "953A4436-6F98-494C-B184-354E577F8E59",
"versionEndExcluding": "1.0.0.84",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:ex3700:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CDAA5899-B73C-4690-853E-B5400F034BE1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:ex3800_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CF7B1DD1-E197-461C-9537-C6D1DF2F6D7D",
"versionEndExcluding": "1.0.0.84",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:ex3800:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CC5488D9-651C-4BAB-A141-06B816690D42",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:ex3920_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "33BDAF99-3E64-427E-ACAF-AEFB75401C72",
"versionEndExcluding": "1.0.0.84",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:ex3920:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E576341B-2426-4F4D-8DF4-0A6D462656A3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:ex6000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EDB99B74-2E41-4986-96BB-B728ED32405B",
"versionEndExcluding": "1.0.0.44",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:ex6000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "02E7CA7E-E6CA-4BAB-8F40-4731EA523D91",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:ex6100v2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "93543159-8F91-471D-BBE8-2956520DBD71",
"versionEndExcluding": "1.0.1.94",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:ex6100v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4DCFF79A-8ACE-455B-90F3-FFC745E8BAD4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:ex6110_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7E7EBD31-5A65-442D-B7BD-B8A20BE37C20",
"versionEndExcluding": "1.0.1.68",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:ex6110:-:*:*:*:*:*:*:*",
"matchCriteriaId": "04329A16-D96D-4E1D-8AC9-EA3882F1DC41",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:ex6120_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D1AA1E29-118C-4299-91FA-2C8584EC6F6C",
"versionEndExcluding": "1.0.0.54",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:ex6120:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8C6DFDB6-1D7A-459A-8D30-FD4900ED718B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:ex6130_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B845CEBF-A8A2-474B-9094-43AA53560150",
"versionEndExcluding": "1.0.0.36",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:ex6130:-:*:*:*:*:*:*:*",
"matchCriteriaId": "305E295C-9C73-4798-A0BE-7973E1EE5EAB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:ex6150v1_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3141B266-38D7-43DB-B3CD-750D491F0AEA",
"versionEndExcluding": "1.0.0.46",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:ex6150v1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8FD610F2-64B7-4141-A387-69A2A97C20CB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:ex6150v2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B9B1AB33-CF18-4774-81F9-7ADA5819F8E8",
"versionEndExcluding": "1.0.1.94",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:ex6150v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5828F04B-E373-4E4F-942D-08CCA038418C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:ex6200v1_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "34961F45-369E-4344-A498-CF822A1503F9",
"versionEndExcluding": "1.0.3.94",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:ex6200v1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AA1A7496-E8F3-48CA-965B-367B3C33F962",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:ex6250_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DB1C84E8-B947-4850-9D66-E306557DC316",
"versionEndExcluding": "1.0.0.128",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:ex6250:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B7694D0C-2CC6-4A6E-A251-5CBFC67D2AA9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:ex6400_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6CFA90DB-6949-4743-9B63-F1E73B28C7D0",
"versionEndExcluding": "1.0.2.152",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:ex6400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1289BBB4-1955-46A4-B5FE-BF11153C24F5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:ex6400v2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "22C5E2C9-E8DA-478A-B3B1-2C0038B5D560",
"versionEndExcluding": "1.0.0.128",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:ex6400v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5882095F-B22A-4937-BA08-6640140F10AE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:ex6410_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0DD3A7D2-75CE-4C67-AAE2-75F09653DFA7",
"versionEndExcluding": "1.0.0.128",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:ex6410:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C63267D8-4632-4D14-B39C-BEEC62AD8F87",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:ex6920_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6FF964D1-1FCE-467B-8B7F-8189CDF728D4",
"versionEndExcluding": "1.0.0.54",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:ex6920:-:*:*:*:*:*:*:*",
"matchCriteriaId": "65914D7F-39EA-489B-8DE7-8547AFC05F64",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:ex7000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6A096742-1FFA-4C19-B697-EC5154411CF2",
"versionEndExcluding": "1.0.1.90",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:ex7000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9F45B620-60B8-40F3-A055-181ADD71EFFF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:ex7300_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "79610A3C-B1B8-4E1A-B46B-25F58670A759",
"versionEndExcluding": "1.0.2.152",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:ex7300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F285D60D-A5DA-4467-8F79-15EF8135D007",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:ex7300v2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E3B1295F-3207-4DF4-BA5B-0DE7AB289636",
"versionEndExcluding": "1.0.0.128",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:ex7300v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0A88D2A3-3B22-4639-94E9-69CE80F37392",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:ex7320_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0EE4BFF4-42DA-4A09-892E-6FBBE72B28A6",
"versionEndExcluding": "1.0.0.128",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:ex7320:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A1D4DF51-84EA-4296-9E06-CE5E1F4A53D1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:ex7500_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B59B0C17-2714-48E8-8911-E72488CE32E3",
"versionEndExcluding": "1.0.0.68",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:ex7500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "44336289-F9DA-4779-8C1A-0221E29E2E2F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:ex7700_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6566C37A-252E-4301-952E-5C6F19F42326",
"versionEndExcluding": "1.0.0.210",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:ex7700:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0D140E3B-9AE5-473A-82DE-9B9DBAE4C34A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:ex8000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "456DA66C-6B99-4D0D-8F32-952905F9C752",
"versionEndExcluding": "1.0.1.224",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:ex8000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8D9781C9-799A-4BDA-A027-987627A01633",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:mk62_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D7658849-0743-487B-803F-D49680EDF185",
"versionEndExcluding": "1.0.5.102",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:mk62:-:*:*:*:*:*:*:*",
"matchCriteriaId": "69A79475-37BE-47BD-A629-DCEF22500B0B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:mr60_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3E18CCBB-46CD-423D-AA66-36F223EFD6E6",
"versionEndExcluding": "1.0.5.102",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:mr60:-:*:*:*:*:*:*:*",
"matchCriteriaId": "65BB3ECD-2F0B-4625-A1DB-F6CEFC46E277",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:ms60_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "07A1D7A9-29E9-4B1D-90DB-24E0967C9BC7",
"versionEndExcluding": "1.0.5.102",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:ms60:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F003F064-591C-4D7C-9EC4-D0E553BC6683",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6120_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7F898DC9-9250-47DF-844C-F7308365135B",
"versionEndExcluding": "1.0.0.70",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6120:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D18D2CCD-424F-41D5-919B-E22B9FA68D36",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6220_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "79B24229-6AC2-489D-B542-4DAA7E630180",
"versionEndExcluding": "1.1.0.100",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6220:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B131B5C8-CB7F-433B-BA32-F05CE0E92A66",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6230_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2B5B842D-2275-4968-997B-A70A67CBDBEC",
"versionEndExcluding": "1.1.0.100",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6230:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C91CADFA-59DB-4B6C-A914-848884F4A4BD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6250_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CE369F2-053B-4F67-B295-54EE41C6C4DA",
"versionEndExcluding": "1.0.4.42",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6250:-:*:*:*:*:*:*:*",
"matchCriteriaId": "321BE843-52C4-4638-A321-439CA7B3A6F2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6260_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "23D4F7E6-C042-434E-87B8-55DB18B08B0A",
"versionEndExcluding": "1.1.0.76",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6260:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3C395D49-57F9-4BC1-8619-57127355B86B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6300v2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BD8455EE-AFAD-445D-910B-E8D9F02E8B1B",
"versionEndExcluding": "1.0.4.42",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6300v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7909744D-FE9B-49D1-ADB3-029CCC432A47",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6330_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6524B85E-23AC-4983-8331-96E12899B773",
"versionEndExcluding": "1.1.0.76",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6330:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D621D26D-B144-424A-A9CB-19488399ACC1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6350_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9F105F6F-ECD3-411D-924E-94BCF036C1EA",
"versionEndExcluding": "1.1.0.76",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6350:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4B302909-29CF-4E53-9CCB-8664D3FCB03A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6400v1_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C48E07DA-A6D2-4035-BC2B-DC257148A259",
"versionEndExcluding": "1.0.1.62",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6400v1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "39608E61-7E2C-49AA-9719-A40095B1C8A6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6400v2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6E32C097-6EDF-4C81-A375-028DB67B6231",
"versionEndExcluding": "1.0.4.98",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6400v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AFE6B3A8-0601-44EA-AD9B-3BDDE6654FDF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6700v1_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "715A8158-B6A6-43FF-A0C0-0871EAB07667",
"versionEndExcluding": "1.0.2.16",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6700v1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A4187FD4-8045-4C00-A8F2-D37B5549E716",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6700v2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9C5AB644-B80D-48A3-B794-C483FEFAFDED",
"versionEndExcluding": "1.2.0.72",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6700v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C9793286-86D2-43BF-B9B8-823C05BCAE4B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6700v3_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DCCFD041-9413-4E37-8C4D-F50D1B10582B",
"versionEndExcluding": "1.0.4.98",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6700v3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C88DA385-5FAE-49EC-80D6-78F81E7EEC16",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6800_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B8956A99-1071-42A7-8984-D7134E755CBF",
"versionEndExcluding": "1.2.0.72",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6800:-:*:*:*:*:*:*:*",
"matchCriteriaId": "09404083-B00B-4C1F-8085-BC242E625CA3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6800_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B8956A99-1071-42A7-8984-D7134E755CBF",
"versionEndExcluding": "1.2.0.72",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6800:-:*:*:*:*:*:*:*",
"matchCriteriaId": "09404083-B00B-4C1F-8085-BC242E625CA3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6850_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3408536D-FC77-48C5-AD15-C5A170D7417C",
"versionEndExcluding": "1.1.0.76",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6850:-:*:*:*:*:*:*:*",
"matchCriteriaId": "598B48C5-4706-4431-8C5A-DA496DD1052F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6900_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B1D59AC0-2859-46C0-B050-3BB8E3E9CB06",
"versionEndExcluding": "1.0.2.16",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6900:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0794BB7C-1BCF-4F08-8EB2-9C3B150C105A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6900p_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "61DE3850-1661-43D1-9E52-31E2E01979EE",
"versionEndExcluding": "1.3.2.124",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6900p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C41908FF-AE64-4949-80E3-BEE061B2DA8A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6900v2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "02672757-31FD-4338-AF2C-63FD1D7C1A19",
"versionEndExcluding": "1.2.0.72",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6900v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A9FC6398-60A5-4003-A294-C96AE6DBCED5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r7000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D208F2CA-DB20-4C82-8FFF-B99EBFE29713",
"versionEndExcluding": "1.0.11.106",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r7000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C9F86FF6-AB32-4E51-856A-DDE790C0A9A6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r7000p_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5C6F506A-464D-4BDE-8F9B-D537D3C7E137",
"versionEndExcluding": "1.3.2.124",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r7000p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DFE55F4D-E98B-46D3-B870-041141934CD1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r7100lg_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8841DA90-D1B1-40EB-809D-14C014337AAB",
"versionEndExcluding": "1.0.0.56",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r7100lg:-:*:*:*:*:*:*:*",
"matchCriteriaId": "366FA778-3C2A-42AF-9141-DAD7043B406C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r7200_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "02279B20-D951-46CE-B339-452BC585A4F3",
"versionEndExcluding": "1.2.0.72",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r7200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FECB83F9-D417-4FD3-B293-87BC177E3AEB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r7350_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B452611A-43C5-401B-95BD-189020B5C65C",
"versionEndExcluding": "1.2.0.72",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r7350:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AFD1A65C-F10F-4C52-8B6D-69992E512EB5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r7400_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "237C68C0-C2A9-4F71-9E08-547F2A317CBC",
"versionEndExcluding": "1.2.0.72",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r7400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1F68AC3B-A31F-4AB0-89E9-BFFDE427AD3B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r7450_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "63697E3A-AAA3-42E7-8116-93C6548D3AB7",
"versionEndExcluding": "1.2.0.72",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r7450:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6DA5420D-DD64-4A9C-9B5F-784F0ED2B464",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r7500v2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C745B393-CC8D-4F88-A6EB-2788E1A4BAF9",
"versionEndExcluding": "1.0.3.48",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r7500v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2BCA6487-57EC-4630-884F-820BBFE25843",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r7800_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C393DBF4-8281-4611-B591-CDB9DF0AA958",
"versionEndExcluding": "1.0.2.74",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r7800:-:*:*:*:*:*:*:*",
"matchCriteriaId": "17CF7445-6950-45FE-9D1A-E23F63316329",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r7850_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4171EB00-3664-43D5-9B62-A3538C358142",
"versionEndExcluding": "1.0.5.60",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r7850:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DAF94D73-B6D0-4334-9A41-83AA92B7C6DF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r7900_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D9800CB2-C14A-406B-B1FF-B1B62862EBDB",
"versionEndExcluding": "1.0.4.26",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r7900:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C484840F-AF30-4B5C-821A-4DB9BE407BDB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r7900p_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "44537647-E0B2-477D-98A5-7EA850BF3321",
"versionEndExcluding": "1.4.1.62",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r7900p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F3D6A70D-66AF-4064-9F1B-4358D4B1F016",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r7960p_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EA8D0327-0A72-44EC-9CC2-6CAF6A0C08B2",
"versionEndExcluding": "1.4.1.62",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r7960p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "091CEDB5-0069-4253-86D8-B9FE17CB9F24",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r8000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F030129E-95C6-4C31-92A6-DABCDC1B534B",
"versionEndExcluding": "1.0.4.58",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r8000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5B39F095-8FE8-43FD-A866-7B613B495984",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r8000p_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3B377E02-0228-4A2F-90F3-A82E7E964B37",
"versionEndExcluding": "1.4.1.62",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r8000p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F7EF872D-2537-4FEB-8799-499FC9D44339",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r8300_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F6324787-AE71-423A-B853-8B22CA3A5294",
"versionEndExcluding": "1.0.2.134",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r8300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7A9B77E7-7439-48C6-989F-5E22CB4D3044",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r8500_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "72C4B203-565A-43BC-9800-274060CE23F2",
"versionEndExcluding": "1.0.2.134",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r8500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "63500DE4-BDBD-4F86-AB99-7DB084D0B912",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r8900_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "57314D03-64B1-4973-9D36-5D22A71DBCBB",
"versionEndExcluding": "1.0.5.24",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r8900:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0F859165-8D89-4CDD-9D48-9C7923D2261F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r9000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0DCE56F2-5A45-4B31-99EF-1D8455C71E5C",
"versionEndExcluding": "1.0.5.24",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r9000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D74F1BFC-562E-4E7D-BBAB-2F8B593B5A57",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rax120_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B697A877-214C-4701-AA9B-FE9C23FDBCEB",
"versionEndExcluding": "1.0.1.136",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rax120:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1742BD56-84E4-40E1-8C04-098B3715161E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rax15_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CC5225D5-96AD-43EE-BAA3-37B7FEF97E86",
"versionEndExcluding": "1.0.1.64",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rax15:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B624B4D3-BCF4-4F95-B401-A88BEC3145A5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rax20_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "33505A97-35DB-4EFD-9D47-EA03057C8FFD",
"versionEndExcluding": "1.0.1.64",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rax20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7038703C-C79D-4DD4-8B16-E1A5FC6694C0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rax200_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "29FB835A-73C6-4F5D-A0F0-C37914B706E7",
"versionEndExcluding": "1.0.5.24",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rax200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "58EB0F2F-FB5C-47D9-9AE6-087AE517B3F9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rax35_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CD0FE36F-5D34-4872-8A2F-DC5B4710E807",
"versionEndExcluding": "1.0.3.80",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rax35:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4201E4D6-4DDF-4EF3-902A-960DFFF7C9A4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rax40_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "785CFF3A-013C-4068-B98E-9B0FAA02BB33",
"versionEndExcluding": "1.0.3.80",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rax40:-:*:*:*:*:*:*:*",
"matchCriteriaId": "13D54346-4B03-4296-B050-04EB8CFCA732",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rax45_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5A3B894E-E712-477A-9960-30AFAB2C35CF",
"versionEndExcluding": "1.0.2.64",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rax45:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4B08BD69-CDCC-4CEB-B887-4E47D2B45D26",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rax50_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A71AE85C-74C4-42C1-BF54-89B6EC38C707",
"versionEndExcluding": "1.0.2.64",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rax50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C430976E-24C0-4EA7-BF54-F9C188AB9C01",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rax75_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ADDF0077-E02C-4DDA-A84E-DF3A0237FC66",
"versionEndExcluding": "1.0.3.102",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rax75:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1BAA74D7-36A1-4494-96A2-BD0D2D6BF22F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rax80_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "81DF924F-FDA4-4588-B8A3-6F18ABBD4976",
"versionEndExcluding": "1.0.3.102",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rax80:-:*:*:*:*:*:*:*",
"matchCriteriaId": "06B5A85C-3588-4263-B9AD-4E56D3F6CB16",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rbk12_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9EC30751-F447-45A7-8C57-B73042869EA5",
"versionEndExcluding": "2.6.1.44",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rbk12:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D5465A78-4826-4F72-9CBE-528CBF286A79",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rbr10_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8246B8D3-8455-43B1-B0FA-F677B8FF84F5",
"versionEndExcluding": "2.6.1.44",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rbr10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5DADAA79-9A5C-4B6F-A58D-704ACD1C3334",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rbs10_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "28DA498C-B466-422E-BAD2-A1F9A15B157F",
"versionEndExcluding": "2.6.1.44",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rbs10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "32BAB5C0-F645-4A90-833F-6345335FA1AF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rbk20_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E72FDDB4-0802-467B-A255-06C8CE1A0B92",
"versionEndExcluding": "2.6.1.38",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rbk20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E6C9F31C-3E12-4787-9C9B-14883D9D152A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rbr20_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C80BEFF8-7094-4F21-B9E7-EE5C8B9DF3B3",
"versionEndExcluding": "2.6.1.36",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rbr20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AE5DBD66-9C2A-4EFF-87AB-03E791D584B5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rbs20_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "04F03BE5-1440-4BC4-B902-97E702ED0ADF",
"versionEndExcluding": "2.6.1.38",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rbs20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "14FC7F5B-7E4F-4A68-8427-D1F553EBE8CA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rbk40_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "09631703-25CD-40CB-80A8-AADD43939507",
"versionEndExcluding": "2.6.1.38",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rbk40:-:*:*:*:*:*:*:*",
"matchCriteriaId": "12DDD83C-6FF1-433F-ACA1-7B4B147F9A8C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rbr40_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "01A3914A-ABAC-4227-BCA1-DB0AAD559494",
"versionEndExcluding": "2.6.1.38",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rbr40:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A9E20E59-2B1E-4E43-A494-2C20FD716D4F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rbs40_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A32769CF-7D0A-4A3F-AF20-6202CA0C6870",
"versionEndExcluding": "2.6.1.38",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rbs40:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6FDCDE39-0355-43B9-BF57-F3718DA2988D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rbk50_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A0E3BFCB-BFF8-4722-BE48-5FA93CACD3AD",
"versionEndExcluding": "2.6.1.40",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rbk50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8BA66D07-D017-49D6-8E72-5C48E940DE1B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rbr50_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "39D6318D-F5A2-4469-B508-075F2825F0FA",
"versionEndExcluding": "2.6.1.40",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rbr50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B2CAEA32-6934-4743-9E6B-22D52AC5E7F8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rbs50_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1F44708A-C946-4E0F-9D6C-A91AFB4C9EF3",
"versionEndExcluding": "2.6.1.40",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rbs50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3BCFD959-D522-4FA0-AD01-2937DAEE1EDF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rbk752_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FDD03FFF-ECAF-4527-A195-559DF479A0F2",
"versionEndExcluding": "3.2.16.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rbk752:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A45832BD-114D-42F1-B9F1-7532496D30A6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rbr750_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "05A46FA9-5DC8-4408-B4C2-AD5F1CABE7C1",
"versionEndExcluding": "3.2.16.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rbr750:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C13F5C69-FA9B-472A-9036-0C2967BDCDE9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rbs750_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2C144D71-6C10-44CD-BFF9-907A92F0432C",
"versionEndExcluding": "3.2.16.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rbs750:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B529194C-C440-4BC3-850F-0613FC548F86",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rbk842_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F5C6DF5F-FEFB-4A30-87CC-379E726AE181",
"versionEndExcluding": "3.2.16.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rbk842:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0E9B19B2-5FF1-4C85-8504-C33C34F072B1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rbr840_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "451C5603-927A-4EB9-BF9D-150FE16A48F8",
"versionEndExcluding": "3.2.16.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rbr840:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4489CB05-A1C0-408C-8D8C-56EE98CA20E8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rbs840_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4B22B149-BD16-42A0-BB1D-DEF483F6B5E1",
"versionEndExcluding": "3.2.16.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rbs840:-:*:*:*:*:*:*:*",
"matchCriteriaId": "84AEA27B-8BEA-4E83-819A-FDAC1881928F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rbk852_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B66A716A-7EC5-4F9B-853A-36C0D1AA3BFE",
"versionEndExcluding": "3.2.16.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rbk852:-:*:*:*:*:*:*:*",
"matchCriteriaId": "14F257FE-31CE-4F74-829D-29407D74ADF7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rbr850_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FE13548D-0A26-45C1-8424-D4705EB105EA",
"versionEndExcluding": "3.2.16.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rbr850:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D92E4C8E-222A-476C-8273-F7171FC61F0B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rbs850_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "041D94DE-78C9-475C-9FAE-0B081C69B55F",
"versionEndExcluding": "3.2.16.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rbs850:-:*:*:*:*:*:*:*",
"matchCriteriaId": "221CA950-E984-44CD-9E1B-3AADE3CEBE52",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rbs40v_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4187AE9D-C676-4C41-8DFF-8FDC65D2475C",
"versionEndExcluding": "2.5.1.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rbs40v:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F0D05F28-47A2-46AE-992E-132B34F6194B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rbs40v-200_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FCFCED24-A687-4C5E-BE2E-60C2189254CF",
"versionEndExcluding": "1.0.0.46",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rbs40v-200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "935C7519-678D-4C40-BD35-3F281890C7C0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rbs50y_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E9E75105-CB35-4983-8CC0-98699AAA63BE",
"versionEndExcluding": "2.6.1.40",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rbs50y:-:*:*:*:*:*:*:*",
"matchCriteriaId": "27F93A76-6EFF-4DA6-9129-4792E2C125D4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rbw30_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "993FD563-493C-460C-B379-E02A90295434",
"versionEndExcluding": "2.5.0.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rbw30:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FEA73D22-970D-45F2-81F3-9576C04CCC94",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rs400_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "921A8CFC-D86E-4674-998E-31F4F956B5DC",
"versionEndExcluding": "1.5.0.48",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rs400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2700644E-0940-4D05-B3CA-904D91739E58",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:wn2500rpv2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C9FCAF1C-DB77-402B-98D2-8C3FE7DBA8FF",
"versionEndExcluding": "1.0.1.56",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:wn2500rpv2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "65FACC9E-3E0E-4416-9280-706F4FCE436A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:wn3000rpv3_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E605C33E-0339-4248-9010-D1728C47861A",
"versionEndExcluding": "1.0.2.86",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:wn3000rpv3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "958243A2-6829-464F-80EA-7DD5B6F0DD7A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:wn3500rpv1_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6F357E3F-EDEB-4110-80AD-2061BB9CA066",
"versionEndExcluding": "1.0.0.28",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:wn3500rpv1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F68F9615-B36A-45BA-8296-390321C050C0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:wndr3400v3_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6803A2E5-5BCE-4DE6-A0EB-3463C81FAD0C",
"versionEndExcluding": "1.0.1.32",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:wndr3400v3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "37F227D8-332F-4D24-BAEA-AA5DB3E3EC95",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:wnr1000v3_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5464DA45-2B33-430F-A16E-B1FE072B1376",
"versionEndExcluding": "1.0.2.78",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:wnr1000v3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "252E5C7B-EF02-4374-A43E-02FAA9E697D0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:wnr2000v2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "01374C4A-4D12-4E77-AF7C-459C32C3579B",
"versionEndExcluding": "1.2.0.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:wnr2000v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "31247E55-E754-46D0-9A46-B0D319C21221",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:xr300_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D71EDB94-370B-46C3-A14E-3F3FB130DD49",
"versionEndExcluding": "1.0.3.50",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:xr300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5590CF28-B88A-4755-904B-1BC1778FBEDD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:xr450_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "051E8D2A-0EB0-43A7-9AAA-8519B8CC7FE0",
"versionEndExcluding": "2.3.2.66",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:xr450:-:*:*:*:*:*:*:*",
"matchCriteriaId": "66B9CE4D-D1EC-4F55-8226-D159CF5F3AB6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:xr500_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0BCFB551-95C6-4EEF-83F0-4246F67E6668",
"versionEndExcluding": "2.3.2.66",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:xr500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9E203D92-F97B-4F5B-B395-3A5DEDBF1C1C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:xr700_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "89AB672D-DD24-483E-B69D-7E46AF199483",
"versionEndExcluding": "1.0.1.34",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:xr700:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E12892C8-5E01-49A6-BF47-09D630377093",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects AC2100 before 1.2.0.72, AC2400 before 1.2.0.72, AC2600 before 1.2.0.72, CBK40 before 2.5.0.10, CBR40 before 2.5.0.10, D6000 before 1.0.0.80, D6220 before 1.0.0.60, D6400 before 1.0.0.94, D7000v2 before 1.0.0.62, D7800 before 1.0.3.48, D8500 before 1.0.3.50, DC112A before 1.0.0.48, DGN2200v4 before 1.0.0.114, DM200 before 1.0.0.66, EAX20 before 1.0.0.36, EAX80 before 1.0.1.62, EX2700 before 1.0.1.58, EX3110 before 1.0.1.68, EX3700 before 1.0.0.84, EX3800 before 1.0.0.84, EX3920 before 1.0.0.84, EX6000 before 1.0.0.44, EX6100v2 before 1.0.1.94, EX6110 before 1.0.1.68, EX6120 before 1.0.0.54, EX6130 before 1.0.0.36, EX6150v1 before 1.0.0.46, EX6150v2 before 1.0.1.94, EX6200v1 before 1.0.3.94, EX6250 before 1.0.0.128, EX6400 before 1.0.2.152, EX6400v2 before 1.0.0.128, EX6410 before 1.0.0.128, EX6920 before 1.0.0.54, EX7000 before 1.0.1.90, EX7300 before 1.0.2.152, EX7300v2 before 1.0.0.128, EX7320 before 1.0.0.128, EX7500 before 1.0.0.68, EX7700 before 1.0.0.210, EX8000 before 1.0.1.224, MK62 before 1.0.5.102, MR60 before 1.0.5.102, MS60 before 1.0.5.102, R6120 before 1.0.0.70, R6220 before 1.1.0.100, R6230 before 1.1.0.100, R6250 before 1.0.4.42, R6260 before 1.1.0.76, R6300v2 before 1.0.4.42, R6330 before 1.1.0.76, R6350 before 1.1.0.76, R6400v1 before 1.0.1.62, R6400v2 before 1.0.4.98, R6700v1 before 1.0.2.16, R6700v2 before 1.2.0.72, R6700v3 before 1.0.4.98, R6800 before 1.2.0.72, R6800 before 1.2.0.72, R6850 before 1.1.0.76, R6900 before 1.0.2.16, R6900P before 1.3.2.124, R6900v2 before 1.2.0.72, R7000 before 1.0.11.106, R7000P before 1.3.2.124, R7100LG before 1.0.0.56, R7200 before 1.2.0.72, R7350 before 1.2.0.72, R7400 before 1.2.0.72, R7450 before 1.2.0.72, R7500v2 before 1.0.3.48, R7800 before 1.0.2.74, R7850 before 1.0.5.60, R7900 before 1.0.4.26, R7900P before 1.4.1.62, R7960P before 1.4.1.62, R8000 before 1.0.4.58, R8000P before 1.4.1.62, R8300 before 1.0.2.134, R8500 before 1.0.2.134, R8900 before 1.0.5.24, R9000 before 1.0.5.24, RAX120 before 1.0.1.136, RAX15 before 1.0.1.64, RAX20 before 1.0.1.64, RAX200 before 1.0.5.24, RAX35 before 1.0.3.80, RAX40 before 1.0.3.80, RAX45 before 1.0.2.64, RAX50 before 1.0.2.64, RAX75 before 1.0.3.102, RAX80 before 1.0.3.102, RBK12 before 2.6.1.44, RBR10 before 2.6.1.44, RBS10 before 2.6.1.44, RBK20 before 2.6.1.38, RBR20 before 2.6.1.36, RBS20 before 2.6.1.38, RBK40 before 2.6.1.38, RBR40 before 2.6.1.38, RBS40 before 2.6.1.38, RBK50 before 2.6.1.40, RBR50 before 2.6.1.40, RBS50 before 2.6.1.40, RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK842 before 3.2.16.6, RBR840 before 3.2.16.6, RBS840 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, RBS850 before 3.2.16.6, RBS40V before 2.5.1.6, RBS40V-200 before 1.0.0.46, RBS50Y before 2.6.1.40, RBW30 before 2.5.0.4, RS400 before 1.5.0.48, WN2500RPv2 before 1.0.1.56, WN3000RPv3 before 1.0.2.86, WN3500RPv1 before 1.0.0.28, WNDR3400v3 before 1.0.1.32, WNR1000v3 before 1.0.2.78, WNR2000v2 before 1.2.0.12, XR300 before 1.0.3.50, XR450 before 2.3.2.66, XR500 before 2.3.2.66, and XR700 before 1.0.1.34."
},
{
"lang": "es",
"value": "Determinados dispositivos NETGEAR est\u00e1n afectados por una configuraci\u00f3n incorrecta de los ajustes de seguridad.\u0026#xa0;Esto afecta a AC2100 versiones \u0026lt; 1.2.0.72, AC2400 versiones \u0026lt; 1.2.0.72, AC2600 versiones \u0026lt; 1.2.0.72, CBK40 versiones \u0026lt; 2.5.0.10, CBR40 versiones \u0026lt; 2.5.0.10, D6000 versiones \u0026lt; 1.0.0.80, D6220 versiones \u0026lt; 1.0.0.60, D6400 versiones \u0026lt; 1.0.0.94, D7000v2 versiones \u0026lt; 1.0.0.62, D7800 versiones \u0026lt; 1.0.3.48, D8500 versiones \u0026lt; 1.0.3.50, DC112A versiones \u0026lt; 1.0.0.48, DGN2200v4 versiones \u0026lt; 1.0.0.114, DM200 versiones \u0026lt; 1.0.0.66, EAX20 versiones \u0026lt; 1.0.0.36, EAX80 versiones \u0026lt; 1.0.1.62, EX2700 versiones \u0026lt; 1.0.1.58, EX3110 versiones \u0026lt; 1.0.1.68, EX3700 versiones \u0026lt; 1.0.0.84, EX3800 versiones \u0026lt; 1.0.0.84, EX3920 versiones \u0026lt; 1.0.0.84, EX6000 versiones \u0026lt; 1.0.0.44, EX6100v2 versiones \u0026lt; 1.0.1.94, EX6110 versiones \u0026lt; 1.0.1.68, EX6120 versiones \u0026lt; 1.0. 0.54, EX6130 versiones \u0026lt; 1.0.0.36, EX6150v1 versiones \u0026lt; 1.0.0.46, EX6150v2 versiones \u0026lt; 1.0.1.94, EX6200v1 versiones \u0026lt; 1.0.3.94, EX6250 versiones \u0026lt; 1.0.0.128, EX6400 versiones \u0026lt; 1.0.2.152, EX6400v2 versiones \u0026lt; 1.0.0.128, EX6410 versiones \u0026lt; 1.0.0.128, EX6920 versiones \u0026lt; 1.0.0.54, EX7000 versiones \u0026lt; 1.0.1.90, EX7300 versiones \u0026lt; 1.0.2.152, EX7300v2 versiones \u0026lt; 1.0.0.128, EX7320 versiones \u0026lt; 1.0.0.128, EX7500 versiones \u0026lt; 1.0.0.68, EX7700 versiones \u0026lt; 1.0.0.210, EX8000 antes e 1.0.1.224, MK62 versiones \u0026lt; 1.0.5.102, MR60 versiones \u0026lt; 1.0.5.102, MS60 versiones \u0026lt; 1.0.5.102, R6120 versiones \u0026lt; 1.0.0.70, R6220 versiones \u0026lt; 1.1.0.100, R6230 versiones \u0026lt; 1.1.0.100, R6250 versiones \u0026lt; 1.0.4.42, R6260 versiones \u0026lt; 1.1 .0.76, R6300v2 versiones \u0026lt; 1.0.4.42, R6330 versiones \u0026lt; 1.1.0.76, R6350 versiones \u0026lt; 1.1.0.76, R6400v1 versiones \u0026lt; 1.0.1.62, R6400v2 versiones \u0026lt; 1.0.4.98, R6700v1 versiones \u0026lt; 1.0.2.16, R6700v2 versiones \u0026lt; 1.2.0.72, R6700v3 versiones \u0026lt; 1.0.4.98, R6800 versiones \u0026lt; 1.2.0.72, R6800 antes 1.2.0.72, R6850 versiones \u0026lt; 1.1.0.76, R6900 versiones \u0026lt; 1.0.2.16, R6900P versiones \u0026lt; 1.3.2.124, R6900v2 versiones \u0026lt; 1.2.0.72, R7000 versiones \u0026lt; 1.0.11.106, R7000P versiones \u0026lt; 1.3.2.124, R7100LG versiones \u0026lt; 1.0.0.56, R7200 versiones \u0026lt; 1.2. 0.72, R7350 versiones \u0026lt; 1.2.0.72, R7400 versiones \u0026lt; 1.2.0.72, R7450 versiones \u0026lt; 1.2.0.72, R7500v2 versiones \u0026lt; 1.0.3.48, R7800 versiones \u0026lt; 1.0.2.74, R7850 versiones \u0026lt; 1.0.5.60, R7900 versiones \u0026lt; 1.0.4.26, R7900P versiones \u0026lt; 1.4.1.62, R7960P versiones \u0026lt; 1.4.1.62, R8000 versiones \u0026lt; 1.0.4.58, R8000P versiones \u0026lt; 1.4.1.62, R8300 versiones \u0026lt; 1.0.2.134, R8500 versiones \u0026lt; 1.0.2.134, R8900 versiones \u0026lt; 1.0.5.24, R9000 versiones \u0026lt; 1.0.5.24, RAX120 versiones \u0026lt; 1.0.1.136, RAX15 versiones \u0026lt; 1.0.1.64, RAX20 versiones \u0026lt; 1.0.1.64, RAX200 versiones \u0026lt; 1.0.5.24, RAX35 versiones \u0026lt; 1.0.3.80, RAX40 versiones \u0026lt; 1.0.3.80, RAX45 versiones \u0026lt; 1.0.2.64, RAX50 versiones \u0026lt; 1.0.2.64, RAX75 versiones \u0026lt; 1.0.3.102, RAX80 versiones \u0026lt; 1.0. 3.102, RB K12 versiones \u0026lt; 2.6.1.44, RBR10 versiones \u0026lt; 2.6.1.44, RBS10 versiones \u0026lt; 2.6.1.44, RBK20 versiones \u0026lt; 2.6.1.38, RBR20 versiones \u0026lt; 2.6.1.36, RBS20 versiones \u0026lt; 2.6.1.38, RBK40 versiones \u0026lt; 2.6.1.38, RBR40 versiones \u0026lt; 2.6.1.38, RBS40 antes 2.6.1.38, RBK50 versiones \u0026lt; 2.6.1.40, RBR50 versiones \u0026lt; 2.6.1.40, RBS50 versiones \u0026lt; 2.6.1.40, RBK752 versiones \u0026lt; 3.2.16.6, RBR750 versiones \u0026lt; 3.2.16.6, RBS750 versiones \u0026lt; 3.2.16.6, RBK842 versiones \u0026lt; 3.2.16.6, RBR840 versiones \u0026lt; 3.2. 16.6, RBS840 versiones \u0026lt; 3.2.16.6, RBK852 versiones \u0026lt; 3.2.16.6, RBR850 versiones \u0026lt; 3.2.16.6, RBS850 versiones \u0026lt; 3.2.16.6, RBS40V versiones \u0026lt; 2.5.1.6, RBS40V-200 versiones \u0026lt; 1.0.0.46, RBS50Y versiones \u0026lt; 2.6.1.40, RBW30 versiones \u0026lt; 2.5. 0.4, RS400 versiones \u0026lt; 1.5.0.48, WN2500RPv2 versiones \u0026lt; 1.0.1.56, WN3000RPv3 versiones \u0026lt; 1.0.2.86, WN3500RPv1 versiones \u0026lt; 1.0.0.28, WNDR3400v3 versiones \u0026lt; 1.0.1.32, WNR1000v3 versiones \u0026lt; 1.0.2.78, WNR2000v2 versiones \u0026lt; 1.2.0.12, XR30"
}
],
"id": "CVE-2020-35800",
"lastModified": "2024-11-21T05:28:08.620",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 9.7,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 9.5,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.5,
"source": "cve@mitre.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-12-30T00:15:14.410",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.netgear.com/000062733/Security-Advisory-for-Security-Misconfiguration-on-Some-Routers-Range-Extenders-and-Orbi-WiFi-Systems-PSV-2020-0112"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.netgear.com/000062733/Security-Advisory-for-Security-Misconfiguration-on-Some-Routers-Range-Extenders-and-Orbi-WiFi-Systems-PSV-2020-0112"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-05-28 19:15
Modified
2024-11-21 05:00
Severity ?
Summary
Certain NETGEAR devices are affected by Missing SSL Certificate Validation. This affects R7000 1.0.9.6_1.2.19 through 1.0.11.100_10.2.10, and possibly R6120, R7800, R6220, R8000, R6350, R9000, R6400, RAX120, R6400v2, RBR20, R6800, XR300, R6850, XR500, and R7000P.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://iot-lab-fh-ooe.github.io/netgear_update_vulnerability/ | Exploit, Third Party Advisory | |
| cve@mitre.org | https://www.netgear.com/about/security/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://iot-lab-fh-ooe.github.io/netgear_update_vulnerability/ | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.netgear.com/about/security/ | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netgear | r6120_firmware | * | |
| netgear | r6120 | - | |
| netgear | r6220_firmware | * | |
| netgear | r6220 | - | |
| netgear | r6350_firmware | * | |
| netgear | r6350 | - | |
| netgear | r6400_firmware | * | |
| netgear | r6400 | - | |
| netgear | r6400_firmware | * | |
| netgear | r6400 | v2 | |
| netgear | r6800_firmware | * | |
| netgear | r6800 | - | |
| netgear | r6850_firmware | * | |
| netgear | r6850 | - | |
| netgear | r7000p_firmware | * | |
| netgear | r7000p | - | |
| netgear | r7800_firmware | * | |
| netgear | r7800 | - | |
| netgear | r8000_firmware | * | |
| netgear | r8000 | - | |
| netgear | r9000_firmware | * | |
| netgear | r9000 | - | |
| netgear | rax120_firmware | * | |
| netgear | rax120 | - | |
| netgear | rbr20_firmware | * | |
| netgear | rbr20 | - | |
| netgear | xr300_firmware | * | |
| netgear | xr300 | - | |
| netgear | xr500_firmware | * | |
| netgear | xr500 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6120_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "564A93D7-7E58-49AB-8C3C-6DD889CC55F6",
"versionEndIncluding": "v1.0.11.100_10.2.100",
"versionStartIncluding": "v1.0.9.6_1.2.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6120:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D18D2CCD-424F-41D5-919B-E22B9FA68D36",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6220_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2FB936E4-0C1E-4030-B01A-5995DEC7CC69",
"versionEndIncluding": "v1.0.11.100_10.2.100",
"versionStartIncluding": "v1.0.9.6_1.2.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6220:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B131B5C8-CB7F-433B-BA32-F05CE0E92A66",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6350_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EA36C0FA-64FA-4D7D-8E05-5C9DB444FD75",
"versionEndIncluding": "v1.0.11.100_10.2.100",
"versionStartIncluding": "v1.0.9.6_1.2.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6350:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4B302909-29CF-4E53-9CCB-8664D3FCB03A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6400_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "046FEBD8-BFA0-42EC-8549-629A87F812AD",
"versionEndIncluding": "v1.0.11.100_10.2.100",
"versionStartIncluding": "v1.0.9.6_1.2.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3E4CDF6B-3829-44D0-9675-71D7BE83CAA2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6400_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "046FEBD8-BFA0-42EC-8549-629A87F812AD",
"versionEndIncluding": "v1.0.11.100_10.2.100",
"versionStartIncluding": "v1.0.9.6_1.2.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6400:v2:*:*:*:*:*:*:*",
"matchCriteriaId": "52AE9AD2-BC8D-477D-A3D3-891AE52FA5F3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6800_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "83EAF917-6EAC-4812-9A73-33171F0FCA9B",
"versionEndIncluding": "v1.0.11.100_10.2.100",
"versionStartIncluding": "v1.0.9.6_1.2.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6800:-:*:*:*:*:*:*:*",
"matchCriteriaId": "09404083-B00B-4C1F-8085-BC242E625CA3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6850_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C1C062A3-4586-488F-A297-2F4A35E79414",
"versionEndIncluding": "v1.0.11.100_10.2.100",
"versionStartIncluding": "v1.0.9.6_1.2.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6850:-:*:*:*:*:*:*:*",
"matchCriteriaId": "598B48C5-4706-4431-8C5A-DA496DD1052F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r7000p_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "25BF9DB3-8F6E-474D-A41E-654FEE84F46A",
"versionEndIncluding": "v1.0.11.100_10.2.100",
"versionStartIncluding": "v1.0.9.6_1.2.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r7000p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DFE55F4D-E98B-46D3-B870-041141934CD1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r7800_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BBAC8B95-4753-4D4B-91E1-A45E74F854D5",
"versionEndIncluding": "v1.0.11.100_10.2.100",
"versionStartIncluding": "v1.0.9.6_1.2.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r7800:-:*:*:*:*:*:*:*",
"matchCriteriaId": "17CF7445-6950-45FE-9D1A-E23F63316329",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r8000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "06D5473F-42E2-498A-ACD9-A0541FCC6E78",
"versionEndIncluding": "v1.0.11.100_10.2.100",
"versionStartIncluding": "v1.0.9.6_1.2.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r8000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5B39F095-8FE8-43FD-A866-7B613B495984",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r9000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4EE4FF13-CB32-424F-AAB3-D244E774C5C2",
"versionEndIncluding": "v1.0.11.100_10.2.100",
"versionStartIncluding": "v1.0.9.6_1.2.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r9000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D74F1BFC-562E-4E7D-BBAB-2F8B593B5A57",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rax120_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7AFF41D3-8423-40A5-8C74-EA8342543F65",
"versionEndIncluding": "v1.0.11.100_10.2.100",
"versionStartIncluding": "v1.0.9.6_1.2.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rax120:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1742BD56-84E4-40E1-8C04-098B3715161E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rbr20_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7B52D987-0770-437B-BADD-B848CEC9BB31",
"versionEndIncluding": "v1.0.11.100_10.2.100",
"versionStartIncluding": "v1.0.9.6_1.2.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rbr20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AE5DBD66-9C2A-4EFF-87AB-03E791D584B5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:xr300_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E20F0919-D53E-4E78-B826-A58F46023FD2",
"versionEndIncluding": "v1.0.11.100_10.2.100",
"versionStartIncluding": "v1.0.9.6_1.2.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:xr300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5590CF28-B88A-4755-904B-1BC1778FBEDD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:xr500_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9A6EFE8E-B700-4367-A1D9-5301B22F94DE",
"versionEndIncluding": "v1.0.11.100_10.2.100",
"versionStartIncluding": "v1.0.9.6_1.2.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:xr500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9E203D92-F97B-4F5B-B395-3A5DEDBF1C1C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Certain NETGEAR devices are affected by Missing SSL Certificate Validation. This affects R7000 1.0.9.6_1.2.19 through 1.0.11.100_10.2.10, and possibly R6120, R7800, R6220, R8000, R6350, R9000, R6400, RAX120, R6400v2, RBR20, R6800, XR300, R6850, XR500, and R7000P."
},
{
"lang": "es",
"value": "Determinados dispositivos NETGEAR est\u00e1n afectados por una falta de comprobaci\u00f3n del certificado SSL. Esto afecta a R7000 versiones 1.0.9.6_1.2.19 hasta 1.0.11.100_10.2.10, y posiblemente a R6120, R7800, R6220, R8000, R6350, R9000, R6400, RAX120, R6400v2, RBR20, R6800, XR300, R6850, XR500 y R7000P."
}
],
"id": "CVE-2020-13245",
"lastModified": "2024-11-21T05:00:51.973",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-05-28T19:15:10.830",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://iot-lab-fh-ooe.github.io/netgear_update_vulnerability/"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.netgear.com/about/security/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://iot-lab-fh-ooe.github.io/netgear_update_vulnerability/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.netgear.com/about/security/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-295"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-12-30 00:15
Modified
2024-11-21 05:28
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects AC2100 before 1.2.0.72, AC2400 before 1.2.0.72, AC2600 before 1.2.0.72, CBK40 before 2.5.0.10, CBR40 before 2.5.0.10, D7800 before 1.0.1.58, EAX20 before 1.0.0.36, EAX80 before 1.0.1.62, EX7500 before 1.0.0.68, MK62 before 1.0.5.102, MR60 before 1.0.5.102, MS60 before 1.0.5.102, R6120 before 1.0.0.70, R6220 before 1.1.0.100, R6230 before 1.1.0.100, R6260 before 1.1.0.76, R6330 before 1.1.0.76, R6350 before 1.1.0.76, R6400 before 1.0.1.62, R6400v2 before 1.0.4.98, R6700 before 1.0.2.16, R6700v2 before 1.2.0.72, R6700v3 before 1.0.4.98, R6800 before 1.2.0.72, R6850 before 1.1.0.76, R6900P before 1.3.2.124, R6900 before 1.0.2.16, R6900v2 before 1.2.0.72, R7000 before 1.0.11.106, R7000P before 1.3.2.124, R7200 before 1.2.0.72, R7350 before 1.2.0.72, R7400 before 1.2.0.72, R7450 before 1.2.0.72, R7800 before 1.0.2.74, R7850 before 1.0.5.60, R7900 before 1.0.4.26, R7900P before 1.4.1.62, R7960P before 1.4.1.62, R8000 before 1.0.4.58, R8000P before 1.4.1.62, R8900 before 1.0.5.24, R9000 before 1.0.5.24, RAX120 before 1.0.1.136, RAX15 before 1.0.1.64, RAX20 before 1.0.1.64, RAX200 before 1.0.2.102, RAX45 before 1.0.2.64, RAX50 before 1.0.2.64, RAX75 before 1.0.3.102, RAX80 before 1.0.3.102, RBK12 before 2.6.1.44, RBR10 before 2.6.1.44, RBS10 before 2.6.1.44, RBK20 before 2.6.1.38, RBR20 before 2.6.1.36, RBS20 before 2.6.1.38, RBK40 before 2.6.1.38, RBR40 before 2.6.1.36, RBS40 before 2.6.1.38, RBK50 before 2.6.1.40, RBR50 before 2.6.1.40, RBS50 before 2.6.1.40, RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK842 before 3.2.16.6, RBR840 before 3.2.16.6, RBS840 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, RBS850 before 3.2.16.6, RS400 before 1.5.0.48, XR300 before 1.0.3.50, XR450 before 2.3.2.66, XR500 before 2.3.2.66, and XR700 before 1.0.1.34.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:ac2100_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4C1280B1-A2DF-4CAB-AB19-6B463206AA3D",
"versionEndExcluding": "1.2.0.72",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:ac2100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A80B06A1-81B5-4C33-89F6-EC3F6E3068B5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:ac2400_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "76C658A4-BF82-40CE-A5E1-C9F3DA1A9B0B",
"versionEndExcluding": "1.2.0.72",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:ac2400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6B25A18F-DD96-45FE-B098-71E60CB0FFFE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:ac2600_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4A3A6655-B468-46FB-84D7-2294D4243C91",
"versionEndExcluding": "1.2.0.72",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:ac2600:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2BFCD9A8-1846-48C4-9F14-3866E983FB74",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:cbk40_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7C3B3284-B11F-4752-9C6A-0B5BECA3DB2B",
"versionEndExcluding": "2.5.0.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:cbk40:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E526746E-1ED6-492E-B28C-A1CA8235D9FD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:cbr40_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2B05686E-7206-4E3B-BDBD-05C8EA6CABB5",
"versionEndExcluding": "2.5.0.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:cbr40:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AE0F7E9E-196C-4106-B1C9-C16FA5910A0F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:d7800_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ACEAC1F2-EEAE-4880-B6C0-FFAAA29685F1",
"versionEndExcluding": "1.0.1.58",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:d7800:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DA2D4987-3726-4A72-8D32-592F59FAC46D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:eax20_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "62EFA314-85C0-48CC-938E-E2BF42B16746",
"versionEndExcluding": "1.0.0.36",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:eax20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A9D3B54B-33C0-4E50-AD2B-2097C612F288",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:eax80_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C7EE6BC6-DEDA-4005-9E29-D66D0BC7E5C2",
"versionEndExcluding": "1.0.1.62",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:eax80:-:*:*:*:*:*:*:*",
"matchCriteriaId": "97740F5D-063E-424F-A0FE-09EBE1100975",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:ex7500_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B59B0C17-2714-48E8-8911-E72488CE32E3",
"versionEndExcluding": "1.0.0.68",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:ex7500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "44336289-F9DA-4779-8C1A-0221E29E2E2F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:mk62_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D7658849-0743-487B-803F-D49680EDF185",
"versionEndExcluding": "1.0.5.102",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:mk62:-:*:*:*:*:*:*:*",
"matchCriteriaId": "69A79475-37BE-47BD-A629-DCEF22500B0B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:mr60_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3E18CCBB-46CD-423D-AA66-36F223EFD6E6",
"versionEndExcluding": "1.0.5.102",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:mr60:-:*:*:*:*:*:*:*",
"matchCriteriaId": "65BB3ECD-2F0B-4625-A1DB-F6CEFC46E277",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:ms60_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "07A1D7A9-29E9-4B1D-90DB-24E0967C9BC7",
"versionEndExcluding": "1.0.5.102",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:ms60:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F003F064-591C-4D7C-9EC4-D0E553BC6683",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6120_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7F898DC9-9250-47DF-844C-F7308365135B",
"versionEndExcluding": "1.0.0.70",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6120:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D18D2CCD-424F-41D5-919B-E22B9FA68D36",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6220_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "79B24229-6AC2-489D-B542-4DAA7E630180",
"versionEndExcluding": "1.1.0.100",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6220:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B131B5C8-CB7F-433B-BA32-F05CE0E92A66",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6230_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2B5B842D-2275-4968-997B-A70A67CBDBEC",
"versionEndExcluding": "1.1.0.100",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6230:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C91CADFA-59DB-4B6C-A914-848884F4A4BD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6260_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "23D4F7E6-C042-434E-87B8-55DB18B08B0A",
"versionEndExcluding": "1.1.0.76",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6260:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3C395D49-57F9-4BC1-8619-57127355B86B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6330_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6524B85E-23AC-4983-8331-96E12899B773",
"versionEndExcluding": "1.1.0.76",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6330:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D621D26D-B144-424A-A9CB-19488399ACC1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6350_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9F105F6F-ECD3-411D-924E-94BCF036C1EA",
"versionEndExcluding": "1.1.0.76",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6350:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4B302909-29CF-4E53-9CCB-8664D3FCB03A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6400_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "478CE991-5E30-438D-94B0-0E15A29E27BD",
"versionEndExcluding": "1.0.1.62",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3E4CDF6B-3829-44D0-9675-71D7BE83CAA2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6400v2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6E32C097-6EDF-4C81-A375-028DB67B6231",
"versionEndExcluding": "1.0.4.98",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6400v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AFE6B3A8-0601-44EA-AD9B-3BDDE6654FDF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6700_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "19D625E4-17F4-44EF-9A51-DA0BAD4835F2",
"versionEndExcluding": "1.0.2.16",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6700:-:*:*:*:*:*:*:*",
"matchCriteriaId": "21B27F11-4262-4CE1-8107-B365A7C152F2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6700v2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9C5AB644-B80D-48A3-B794-C483FEFAFDED",
"versionEndExcluding": "1.2.0.72",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6700v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C9793286-86D2-43BF-B9B8-823C05BCAE4B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6700v3_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DCCFD041-9413-4E37-8C4D-F50D1B10582B",
"versionEndExcluding": "1.0.4.98",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6700v3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C88DA385-5FAE-49EC-80D6-78F81E7EEC16",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6800_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B8956A99-1071-42A7-8984-D7134E755CBF",
"versionEndExcluding": "1.2.0.72",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6800:-:*:*:*:*:*:*:*",
"matchCriteriaId": "09404083-B00B-4C1F-8085-BC242E625CA3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6850_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3408536D-FC77-48C5-AD15-C5A170D7417C",
"versionEndExcluding": "1.1.0.76",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6850:-:*:*:*:*:*:*:*",
"matchCriteriaId": "598B48C5-4706-4431-8C5A-DA496DD1052F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6900p_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "61DE3850-1661-43D1-9E52-31E2E01979EE",
"versionEndExcluding": "1.3.2.124",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6900p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C41908FF-AE64-4949-80E3-BEE061B2DA8A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6900_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B1D59AC0-2859-46C0-B050-3BB8E3E9CB06",
"versionEndExcluding": "1.0.2.16",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6900:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0794BB7C-1BCF-4F08-8EB2-9C3B150C105A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6900v2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "02672757-31FD-4338-AF2C-63FD1D7C1A19",
"versionEndExcluding": "1.2.0.72",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6900v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A9FC6398-60A5-4003-A294-C96AE6DBCED5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r7000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D208F2CA-DB20-4C82-8FFF-B99EBFE29713",
"versionEndExcluding": "1.0.11.106",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r7000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C9F86FF6-AB32-4E51-856A-DDE790C0A9A6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r7000p_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5C6F506A-464D-4BDE-8F9B-D537D3C7E137",
"versionEndExcluding": "1.3.2.124",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r7000p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DFE55F4D-E98B-46D3-B870-041141934CD1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r7200_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "02279B20-D951-46CE-B339-452BC585A4F3",
"versionEndExcluding": "1.2.0.72",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r7200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FECB83F9-D417-4FD3-B293-87BC177E3AEB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r7350_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B452611A-43C5-401B-95BD-189020B5C65C",
"versionEndExcluding": "1.2.0.72",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r7350:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AFD1A65C-F10F-4C52-8B6D-69992E512EB5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r7400_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "237C68C0-C2A9-4F71-9E08-547F2A317CBC",
"versionEndExcluding": "1.2.0.72",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r7400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1F68AC3B-A31F-4AB0-89E9-BFFDE427AD3B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r7450_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "63697E3A-AAA3-42E7-8116-93C6548D3AB7",
"versionEndExcluding": "1.2.0.72",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r7450:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6DA5420D-DD64-4A9C-9B5F-784F0ED2B464",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r7800_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C393DBF4-8281-4611-B591-CDB9DF0AA958",
"versionEndExcluding": "1.0.2.74",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r7800:-:*:*:*:*:*:*:*",
"matchCriteriaId": "17CF7445-6950-45FE-9D1A-E23F63316329",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r7850_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4171EB00-3664-43D5-9B62-A3538C358142",
"versionEndExcluding": "1.0.5.60",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r7850:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DAF94D73-B6D0-4334-9A41-83AA92B7C6DF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r7900_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D9800CB2-C14A-406B-B1FF-B1B62862EBDB",
"versionEndExcluding": "1.0.4.26",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r7900:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C484840F-AF30-4B5C-821A-4DB9BE407BDB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r7900p_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "44537647-E0B2-477D-98A5-7EA850BF3321",
"versionEndExcluding": "1.4.1.62",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r7900p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F3D6A70D-66AF-4064-9F1B-4358D4B1F016",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r7960p_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EA8D0327-0A72-44EC-9CC2-6CAF6A0C08B2",
"versionEndExcluding": "1.4.1.62",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r7960p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "091CEDB5-0069-4253-86D8-B9FE17CB9F24",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r8000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F030129E-95C6-4C31-92A6-DABCDC1B534B",
"versionEndExcluding": "1.0.4.58",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r8000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5B39F095-8FE8-43FD-A866-7B613B495984",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r8000p_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3B377E02-0228-4A2F-90F3-A82E7E964B37",
"versionEndExcluding": "1.4.1.62",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r8000p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F7EF872D-2537-4FEB-8799-499FC9D44339",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r8900_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "57314D03-64B1-4973-9D36-5D22A71DBCBB",
"versionEndExcluding": "1.0.5.24",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r8900:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0F859165-8D89-4CDD-9D48-9C7923D2261F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r9000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0DCE56F2-5A45-4B31-99EF-1D8455C71E5C",
"versionEndExcluding": "1.0.5.24",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r9000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D74F1BFC-562E-4E7D-BBAB-2F8B593B5A57",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rax120_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B697A877-214C-4701-AA9B-FE9C23FDBCEB",
"versionEndExcluding": "1.0.1.136",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rax120:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1742BD56-84E4-40E1-8C04-098B3715161E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rax15_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CC5225D5-96AD-43EE-BAA3-37B7FEF97E86",
"versionEndExcluding": "1.0.1.64",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rax15:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B624B4D3-BCF4-4F95-B401-A88BEC3145A5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rax20_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "33505A97-35DB-4EFD-9D47-EA03057C8FFD",
"versionEndExcluding": "1.0.1.64",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rax20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7038703C-C79D-4DD4-8B16-E1A5FC6694C0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rax200_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "49D5D1E8-637A-4970-8753-6A3FCA8FAC64",
"versionEndExcluding": "1.0.2.102",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rax200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "58EB0F2F-FB5C-47D9-9AE6-087AE517B3F9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rax45_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5A3B894E-E712-477A-9960-30AFAB2C35CF",
"versionEndExcluding": "1.0.2.64",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rax45:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4B08BD69-CDCC-4CEB-B887-4E47D2B45D26",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rax50_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A71AE85C-74C4-42C1-BF54-89B6EC38C707",
"versionEndExcluding": "1.0.2.64",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rax50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C430976E-24C0-4EA7-BF54-F9C188AB9C01",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rax75_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ADDF0077-E02C-4DDA-A84E-DF3A0237FC66",
"versionEndExcluding": "1.0.3.102",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rax75:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1BAA74D7-36A1-4494-96A2-BD0D2D6BF22F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rax80_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "81DF924F-FDA4-4588-B8A3-6F18ABBD4976",
"versionEndExcluding": "1.0.3.102",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rax80:-:*:*:*:*:*:*:*",
"matchCriteriaId": "06B5A85C-3588-4263-B9AD-4E56D3F6CB16",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rbk12_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9EC30751-F447-45A7-8C57-B73042869EA5",
"versionEndExcluding": "2.6.1.44",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rbk12:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D5465A78-4826-4F72-9CBE-528CBF286A79",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rbr10_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8246B8D3-8455-43B1-B0FA-F677B8FF84F5",
"versionEndExcluding": "2.6.1.44",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rbr10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5DADAA79-9A5C-4B6F-A58D-704ACD1C3334",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rbs10_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "28DA498C-B466-422E-BAD2-A1F9A15B157F",
"versionEndExcluding": "2.6.1.44",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rbs10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "32BAB5C0-F645-4A90-833F-6345335FA1AF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rbk20_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E72FDDB4-0802-467B-A255-06C8CE1A0B92",
"versionEndExcluding": "2.6.1.38",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rbk20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E6C9F31C-3E12-4787-9C9B-14883D9D152A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rbr20_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C80BEFF8-7094-4F21-B9E7-EE5C8B9DF3B3",
"versionEndExcluding": "2.6.1.36",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rbr20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AE5DBD66-9C2A-4EFF-87AB-03E791D584B5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rbs20_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "04F03BE5-1440-4BC4-B902-97E702ED0ADF",
"versionEndExcluding": "2.6.1.38",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rbs20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "14FC7F5B-7E4F-4A68-8427-D1F553EBE8CA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rbk40_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "09631703-25CD-40CB-80A8-AADD43939507",
"versionEndExcluding": "2.6.1.38",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rbk40:-:*:*:*:*:*:*:*",
"matchCriteriaId": "12DDD83C-6FF1-433F-ACA1-7B4B147F9A8C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rbr40_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1E21623E-9977-486F-93B1-858FC407E9D1",
"versionEndExcluding": "2.6.1.36",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rbr40:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A9E20E59-2B1E-4E43-A494-2C20FD716D4F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rbs40_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A32769CF-7D0A-4A3F-AF20-6202CA0C6870",
"versionEndExcluding": "2.6.1.38",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rbs40:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6FDCDE39-0355-43B9-BF57-F3718DA2988D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rbk50_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A0E3BFCB-BFF8-4722-BE48-5FA93CACD3AD",
"versionEndExcluding": "2.6.1.40",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rbk50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8BA66D07-D017-49D6-8E72-5C48E940DE1B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rbr50_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "39D6318D-F5A2-4469-B508-075F2825F0FA",
"versionEndExcluding": "2.6.1.40",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rbr50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B2CAEA32-6934-4743-9E6B-22D52AC5E7F8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rbs50_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1F44708A-C946-4E0F-9D6C-A91AFB4C9EF3",
"versionEndExcluding": "2.6.1.40",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rbs50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3BCFD959-D522-4FA0-AD01-2937DAEE1EDF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rbk752_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FDD03FFF-ECAF-4527-A195-559DF479A0F2",
"versionEndExcluding": "3.2.16.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rbk752:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A45832BD-114D-42F1-B9F1-7532496D30A6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rbr750_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "05A46FA9-5DC8-4408-B4C2-AD5F1CABE7C1",
"versionEndExcluding": "3.2.16.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rbr750:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C13F5C69-FA9B-472A-9036-0C2967BDCDE9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rbs750_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2C144D71-6C10-44CD-BFF9-907A92F0432C",
"versionEndExcluding": "3.2.16.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rbs750:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B529194C-C440-4BC3-850F-0613FC548F86",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rbk842_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F5C6DF5F-FEFB-4A30-87CC-379E726AE181",
"versionEndExcluding": "3.2.16.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rbk842:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0E9B19B2-5FF1-4C85-8504-C33C34F072B1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rbr840_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "451C5603-927A-4EB9-BF9D-150FE16A48F8",
"versionEndExcluding": "3.2.16.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rbr840:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4489CB05-A1C0-408C-8D8C-56EE98CA20E8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rbs840_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4B22B149-BD16-42A0-BB1D-DEF483F6B5E1",
"versionEndExcluding": "3.2.16.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rbs840:-:*:*:*:*:*:*:*",
"matchCriteriaId": "84AEA27B-8BEA-4E83-819A-FDAC1881928F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rbk852_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B66A716A-7EC5-4F9B-853A-36C0D1AA3BFE",
"versionEndExcluding": "3.2.16.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rbk852:-:*:*:*:*:*:*:*",
"matchCriteriaId": "14F257FE-31CE-4F74-829D-29407D74ADF7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rbr850_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FE13548D-0A26-45C1-8424-D4705EB105EA",
"versionEndExcluding": "3.2.16.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rbr850:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D92E4C8E-222A-476C-8273-F7171FC61F0B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rbs850_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "041D94DE-78C9-475C-9FAE-0B081C69B55F",
"versionEndExcluding": "3.2.16.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rbs850:-:*:*:*:*:*:*:*",
"matchCriteriaId": "221CA950-E984-44CD-9E1B-3AADE3CEBE52",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rs400_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "921A8CFC-D86E-4674-998E-31F4F956B5DC",
"versionEndExcluding": "1.5.0.48",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rs400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2700644E-0940-4D05-B3CA-904D91739E58",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:xr300_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D71EDB94-370B-46C3-A14E-3F3FB130DD49",
"versionEndExcluding": "1.0.3.50",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:xr300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5590CF28-B88A-4755-904B-1BC1778FBEDD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:xr450_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "051E8D2A-0EB0-43A7-9AAA-8519B8CC7FE0",
"versionEndExcluding": "2.3.2.66",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:xr450:-:*:*:*:*:*:*:*",
"matchCriteriaId": "66B9CE4D-D1EC-4F55-8226-D159CF5F3AB6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:xr500_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0BCFB551-95C6-4EEF-83F0-4246F67E6668",
"versionEndExcluding": "2.3.2.66",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:xr500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9E203D92-F97B-4F5B-B395-3A5DEDBF1C1C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:xr700_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "89AB672D-DD24-483E-B69D-7E46AF199483",
"versionEndExcluding": "1.0.1.34",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:xr700:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E12892C8-5E01-49A6-BF47-09D630377093",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects AC2100 before 1.2.0.72, AC2400 before 1.2.0.72, AC2600 before 1.2.0.72, CBK40 before 2.5.0.10, CBR40 before 2.5.0.10, D7800 before 1.0.1.58, EAX20 before 1.0.0.36, EAX80 before 1.0.1.62, EX7500 before 1.0.0.68, MK62 before 1.0.5.102, MR60 before 1.0.5.102, MS60 before 1.0.5.102, R6120 before 1.0.0.70, R6220 before 1.1.0.100, R6230 before 1.1.0.100, R6260 before 1.1.0.76, R6330 before 1.1.0.76, R6350 before 1.1.0.76, R6400 before 1.0.1.62, R6400v2 before 1.0.4.98, R6700 before 1.0.2.16, R6700v2 before 1.2.0.72, R6700v3 before 1.0.4.98, R6800 before 1.2.0.72, R6850 before 1.1.0.76, R6900P before 1.3.2.124, R6900 before 1.0.2.16, R6900v2 before 1.2.0.72, R7000 before 1.0.11.106, R7000P before 1.3.2.124, R7200 before 1.2.0.72, R7350 before 1.2.0.72, R7400 before 1.2.0.72, R7450 before 1.2.0.72, R7800 before 1.0.2.74, R7850 before 1.0.5.60, R7900 before 1.0.4.26, R7900P before 1.4.1.62, R7960P before 1.4.1.62, R8000 before 1.0.4.58, R8000P before 1.4.1.62, R8900 before 1.0.5.24, R9000 before 1.0.5.24, RAX120 before 1.0.1.136, RAX15 before 1.0.1.64, RAX20 before 1.0.1.64, RAX200 before 1.0.2.102, RAX45 before 1.0.2.64, RAX50 before 1.0.2.64, RAX75 before 1.0.3.102, RAX80 before 1.0.3.102, RBK12 before 2.6.1.44, RBR10 before 2.6.1.44, RBS10 before 2.6.1.44, RBK20 before 2.6.1.38, RBR20 before 2.6.1.36, RBS20 before 2.6.1.38, RBK40 before 2.6.1.38, RBR40 before 2.6.1.36, RBS40 before 2.6.1.38, RBK50 before 2.6.1.40, RBR50 before 2.6.1.40, RBS50 before 2.6.1.40, RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK842 before 3.2.16.6, RBR840 before 3.2.16.6, RBS840 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, RBS850 before 3.2.16.6, RS400 before 1.5.0.48, XR300 before 1.0.3.50, XR450 before 2.3.2.66, XR500 before 2.3.2.66, and XR700 before 1.0.1.34."
},
{
"lang": "es",
"value": "Determinados dispositivos NETGEAR est\u00e1n afectados por un desbordamiento del b\u00fafer por parte de un atacante no autenticado.\u0026#xa0;Esto afecta a AC2100 versiones anteriores a 1.2.0.72, AC2400 versiones anteriores a 1.2.0.72, AC2600 versiones anteriores a 1.2.0.72, CBK40 versiones anteriores a 2.5.0.10, CBR40 versiones anteriores a 2.5.0.10, D7800 versiones anteriores a 1.0.1.58, EAX20 versiones anteriores a 1.0.0.36, EAX80 versiones anteriores a 1.0.1.62, EX7500 versiones anteriores a 1.0.0.68, MK62 versiones anteriores a 1.0.5.102, MR60 versiones anteriores a 1.0.5.102, MS60 versiones anteriores a 1.0.5.102, R6120 versiones anteriores a 1.0.0.70, R6220 versiones anteriores a 1.1.0.100, R6230 versiones anteriores a 1.1.0.100, R6260 versiones anteriores a 1.1.0.76, R6330 versiones anteriores a 1.1.0.76, R6350 versiones anteriores a 1.1.0.76, R6400 versiones anteriores a 1.0.1.62, R6400v2 versiones anteriores a 1.0.4.98, R6700 versiones anteriores a 1.0.2.16, R6700v2 versiones anteriores a 1.2.0.72, R6700v3 versiones anteriores a 1.0.4.98, R6800 versiones anteriores a 1.2.0.72, R6850 versiones anteriores a 1.1. 0.76, R6900P versiones anteriores a 1.3.2.124, R6900 versiones anteriores a 1.0.2.16, R6900v2 versiones anteriores a 1.2.0.72, R7000 versiones anteriores a 1.0.11.106, R7000P versiones anteriores a 1.3.2.124, R7200 versiones anteriores a 1.2.0.72, R7350 versiones anteriores a 1.2.0.72, R7400 versiones anteriores a 1.2.0.72, R7450 versiones anteriores a 1.2.0.72, R7800 versiones anteriores a 1.0.2.74, R7850 versiones anteriores a 1.0.5.60, R7900 versiones anteriores a 1.0.4.26, R7900P versiones anteriores a 1.4.1.62, R7960P versiones anteriores a 1.4.1.62, R8000 versiones anteriores a 1.0.4.58, R8000P versiones anteriores a 1.4.1.62, R8900 versiones anteriores a 1.0.5.24, R9000 versiones anteriores a 1.0.5.24, RAX120 versiones anteriores a 1.0.1.136, RAX15 versiones anteriores a 1.0.1.64, RAX20 versiones anteriores a 1.0.1.64, RAX200 versiones anteriores a 1.0. 2.102, RAX45 versiones anteriores a 1.0.2.64, RAX50 versiones anteriores a 1.0.2.64, RAX75 versiones anteriores a 1.0.3.102, RAX80 versiones anteriores a 1.0.3.102, RBK12 versiones anteriores a 2.6.1.44, RBR10 versiones anteriores a 2.6.1.44, RBS10 versiones anteriores a 2.6.1.44, RBK20 versiones anteriores a 2.6.1.38, RBR20 versiones anteriores a 2.6.1.36, RBS20 versiones anteriores a 2.6.1.38, RBK40 versiones anteriores a 2.6.1.38, RBR40 versiones anteriores a 2.6.1.36, RBS40 versiones anteriores a 2.6.1.38, RBK50 versiones anteriores a 2.6.1.40, RBR50 versiones anteriores a 2.6.1.40, RBS50 versiones anteriores a 2.6.1.40, RBK752 versiones anteriores a 3.2.16.6, RBR750 versiones anteriores a 3.2.16.6, RBS750 versiones anteriores a 3.2.16.6, RBK752 versiones anteriores a 3.2.16.6, RBR750 versiones anteriores a 3.2.16.6, RBS750 versiones anteriores a 3.2.16.6, RBK842 versiones anteriores a 3.2.16.6, RBR840 versiones anteriores a 3.2.16.6, RBS840 versiones anteriores a 3.2. 16.6, RBK852 versiones anteriores a 3. 2.16.6, RBR850 versiones anteriores a 3.2.16.6, RBS850 versiones anteriores a 3.2.16.6, RS400 versiones anteriores a 1.5.0.48, XR300 versiones anteriores a 1.0.3.50, XR450 versiones anteriores a 2.3.2.66, XR500 versiones anteriores a 2.3.2.66 y XR700 versiones anteriores a 1.0.1.34."
}
],
"id": "CVE-2020-35795",
"lastModified": "2024-11-21T05:28:07.420",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "cve@mitre.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-12-30T00:15:14.080",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.netgear.com/000062735/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Routers-Range-Extenders-and-Orbi-WiFi-Systems-PSV-2020-0154"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.netgear.com/000062735/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Routers-Range-Extenders-and-Orbi-WiFi-Systems-PSV-2020-0154"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-08-11 00:17
Modified
2024-11-21 06:17
Severity ?
4.3 (Medium) - CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Summary
Certain NETGEAR devices are affected by stored XSS. This affects D6200 before 1.1.00.40, D7000 before 1.0.1.78, R6020 before 1.0.0.48, R6080 before 1.0.0.48, R6120 before 1.0.0.76, R6260 before 1.1.0.78, R6700v2 before 1.2.0.76, R6800 before 1.2.0.76, R6900v2 before 1.2.0.76, R6850 before 1.1.0.78, R7200 before 1.2.0.76, R7350 before 1.2.0.76, R7400 before 1.2.0.76, R7450 before 1.2.0.76, AC2100 before 1.2.0.76, AC2400 before 1.2.0.76, AC2600 before 1.2.0.76, RAX35 before 1.0.3.62, and RAX40 before 1.0.3.62.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netgear | d6200_firmware | * | |
| netgear | d6200 | - | |
| netgear | d7000_firmware | * | |
| netgear | d7000 | - | |
| netgear | r6020_firmware | * | |
| netgear | r6020 | - | |
| netgear | r6080_firmware | * | |
| netgear | r6080 | - | |
| netgear | r6120_firmware | * | |
| netgear | r6120 | - | |
| netgear | r6260_firmware | * | |
| netgear | r6260 | - | |
| netgear | r6700_firmware | * | |
| netgear | r6700 | v2 | |
| netgear | r6800_firmware | * | |
| netgear | r6800 | - | |
| netgear | r6900_firmware | * | |
| netgear | r6900 | v2 | |
| netgear | r6850_firmware | * | |
| netgear | r6850 | - | |
| netgear | r7200_firmware | * | |
| netgear | r7200 | - | |
| netgear | r7350_firmware | * | |
| netgear | r7350 | - | |
| netgear | r7400_firmware | * | |
| netgear | r7400 | - | |
| netgear | r7450_firmware | * | |
| netgear | r7450 | - | |
| netgear | ac2100_firmware | * | |
| netgear | ac2100 | - | |
| netgear | ac2400_firmware | * | |
| netgear | ac2400 | - | |
| netgear | ac2600_firmware | * | |
| netgear | ac2600 | - | |
| netgear | rax35_firmware | * | |
| netgear | rax35 | - | |
| netgear | rax40_firmware | * | |
| netgear | rax40 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:d6200_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "59BF957E-F3B6-41A5-A36C-8C0CF3B417D0",
"versionEndExcluding": "1.1.00.40",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:d6200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "00E6A1B7-4732-4259-9B71-10FF0B56A16B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:d7000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C539CF50-2AC3-45F9-8F69-FA2F50FAD92D",
"versionEndExcluding": "1.0.1.78",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:d7000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AF04B65B-9685-4595-9C71-0F77AD7109BE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6020_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6EC58A4B-E061-49ED-BB2D-E0497846DBEE",
"versionEndExcluding": "1.0.0.48",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6020:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5DDA7ABF-4C4B-4945-993A-F93BD8FCB55E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6080_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AF9D1B97-7FF8-45D9-BFD6-72554BBB6008",
"versionEndExcluding": "1.0.0.48",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6080:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1CEB5C49-53CF-44AE-9A7D-E7E6201BFE62",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6120_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B373C515-681A-4D80-9BFD-5E2DFD6F2DF0",
"versionEndExcluding": "1.0.0.76",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6120:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D18D2CCD-424F-41D5-919B-E22B9FA68D36",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6260_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "33824B9B-1224-484A-AFF4-953573F299C6",
"versionEndExcluding": "1.1.0.78",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6260:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3C395D49-57F9-4BC1-8619-57127355B86B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6700_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E0FCF958-2F6A-4B79-B307-2FE23B7CE8FC",
"versionEndExcluding": "1.2.0.76",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6700:v2:*:*:*:*:*:*:*",
"matchCriteriaId": "9F9706E6-CA53-43E4-91B0-D52655C86860",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6800_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EA434604-4916-4830-A96B-CEC0C8E5A1A0",
"versionEndExcluding": "1.2.0.76",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6800:-:*:*:*:*:*:*:*",
"matchCriteriaId": "09404083-B00B-4C1F-8085-BC242E625CA3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6900_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9E9457F1-F5E8-43CA-8697-3849E140B0CC",
"versionEndExcluding": "1.2.0.76",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6900:v2:*:*:*:*:*:*:*",
"matchCriteriaId": "2E8EB69B-6619-47B6-A073-D0B840D4EB0B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6850_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "612DAD20-761D-41D5-A6AB-AA9975847D34",
"versionEndExcluding": "1.1.0.78",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6850:-:*:*:*:*:*:*:*",
"matchCriteriaId": "598B48C5-4706-4431-8C5A-DA496DD1052F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r7200_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4D95583A-EC79-41FF-9496-DAB19A1A34DB",
"versionEndExcluding": "1.2.0.76",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r7200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FECB83F9-D417-4FD3-B293-87BC177E3AEB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r7350_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "53B1B947-2E36-463C-848F-C5F5C0A5ECAF",
"versionEndExcluding": "1.2.0.76",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r7350:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AFD1A65C-F10F-4C52-8B6D-69992E512EB5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r7400_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2A188F6E-5296-4511-97F2-9328B1E1F6CF",
"versionEndExcluding": "1.2.0.76",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r7400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1F68AC3B-A31F-4AB0-89E9-BFFDE427AD3B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r7450_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "33043216-4563-4195-88D7-93446302ECD1",
"versionEndExcluding": "1.2.0.76",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r7450:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6DA5420D-DD64-4A9C-9B5F-784F0ED2B464",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:ac2100_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8AB0B236-6BC6-4E99-8792-6B01BD591D3A",
"versionEndExcluding": "1.2.0.76",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:ac2100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A80B06A1-81B5-4C33-89F6-EC3F6E3068B5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:ac2400_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2B01C772-D1D4-41F1-A33D-72A6A672502A",
"versionEndExcluding": "1.2.0.76",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:ac2400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6B25A18F-DD96-45FE-B098-71E60CB0FFFE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:ac2600_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BA359610-21DC-41C4-9430-8406B34490EB",
"versionEndExcluding": "1.2.0.76",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:ac2600:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2BFCD9A8-1846-48C4-9F14-3866E983FB74",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rax35_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AD29688A-89F2-49A5-B9D9-6AFC0EA6CB49",
"versionEndExcluding": "1.0.3.62",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rax35:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4201E4D6-4DDF-4EF3-902A-960DFFF7C9A4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rax40_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1B269F15-F70A-4F6C-90AD-025EBB497C1B",
"versionEndExcluding": "1.0.3.62",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rax40:-:*:*:*:*:*:*:*",
"matchCriteriaId": "13D54346-4B03-4296-B050-04EB8CFCA732",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Certain NETGEAR devices are affected by stored XSS. This affects D6200 before 1.1.00.40, D7000 before 1.0.1.78, R6020 before 1.0.0.48, R6080 before 1.0.0.48, R6120 before 1.0.0.76, R6260 before 1.1.0.78, R6700v2 before 1.2.0.76, R6800 before 1.2.0.76, R6900v2 before 1.2.0.76, R6850 before 1.1.0.78, R7200 before 1.2.0.76, R7350 before 1.2.0.76, R7400 before 1.2.0.76, R7450 before 1.2.0.76, AC2100 before 1.2.0.76, AC2400 before 1.2.0.76, AC2600 before 1.2.0.76, RAX35 before 1.0.3.62, and RAX40 before 1.0.3.62."
},
{
"lang": "es",
"value": "Determinados dispositivos NETGEAR est\u00e1n afectados por un ataque de tipo XSS almacenado. Esto afecta a D6200 versiones anteriores a 1.1.00.40, D7000 versiones anteriores a 1.0.1.78, R6020 versiones anteriores a 1.0.0.48, R6080 versiones anteriores a 1.0.0.48, R6120 versiones anteriores a 1.0.0.76, R6260 versiones anteriores a 1.1.0.78, R6700v2 versiones anteriores a 1.2.0.76, R6800 versiones anteriores a 1.2.0.76, R6900v2 versiones anteriores a 1.2.0. 76, R6850 versiones anteriores a 1.1.0.78, R7200 versiones anteriores a 1.2.0.76, R7350 versiones anteriores a 1.2.0.76, R7400 versiones anteriores a 1.2.0.76, R7450 versiones anteriores a 1.2.0.76, AC2100 versiones anteriores a 1.2.0.76, AC2400 versiones anteriores a 1.2.0.76, AC2600 versiones anteriores a 1.2.0.76, RAX35 versiones anteriores a 1.0.3.62 y RAX40 versiones anteriores a 1.0.3.62"
}
],
"id": "CVE-2021-38535",
"lastModified": "2024-11-21T06:17:22.190",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 2.7,
"source": "cve@mitre.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-08-11T00:17:26.993",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.netgear.com/000063773/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-and-Gateways-PSV-2019-0192"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.netgear.com/000063773/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-and-Gateways-PSV-2019-0192"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-08-11 00:17
Modified
2024-11-21 06:17
Severity ?
4.3 (Medium) - CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Summary
Certain NETGEAR devices are affected by stored XSS. This affects D6200 before 1.1.00.40, D7000 before 1.0.1.78, R6020 before 1.0.0.48, R6080 before 1.0.0.48, R6120 before 1.0.0.66, R6260 before 1.1.0.78, R6700v2 before 1.2.0.76, R6800 before 1.2.0.76, R6900v2 before 1.2.0.76, R6850 before 1.1.0.78, R7200 before 1.2.0.76, R7350 before 1.2.0.76, R7400 before 1.2.0.76, R7450 before 1.2.0.76, AC2100 before 1.2.0.76, AC2400 before 1.2.0.76, AC2600 before 1.2.0.76, RAX35 before 1.0.3.62, and RAX40 before 1.0.3.62.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netgear | d6200_firmware | * | |
| netgear | d6200 | - | |
| netgear | d7000_firmware | * | |
| netgear | d7000 | - | |
| netgear | r6020_firmware | * | |
| netgear | r6020 | - | |
| netgear | r6080_firmware | * | |
| netgear | r6080 | - | |
| netgear | r6120_firmware | * | |
| netgear | r6120 | - | |
| netgear | r6260_firmware | * | |
| netgear | r6260 | - | |
| netgear | r6700_firmware | * | |
| netgear | r6700 | v2 | |
| netgear | r6800_firmware | * | |
| netgear | r6800 | - | |
| netgear | r6900_firmware | * | |
| netgear | r6900 | v2 | |
| netgear | r6850_firmware | * | |
| netgear | r6850 | - | |
| netgear | r7200_firmware | * | |
| netgear | r7200 | - | |
| netgear | r7350_firmware | * | |
| netgear | r7350 | - | |
| netgear | r7400_firmware | * | |
| netgear | r7400 | - | |
| netgear | r7450_firmware | * | |
| netgear | r7450 | - | |
| netgear | ac2100_firmware | * | |
| netgear | ac2100 | - | |
| netgear | ac2400_firmware | * | |
| netgear | ac2400 | - | |
| netgear | ac2600_firmware | * | |
| netgear | ac2600 | - | |
| netgear | rax35_firmware | * | |
| netgear | rax35 | - | |
| netgear | rax40_firmware | * | |
| netgear | rax40 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:d6200_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "59BF957E-F3B6-41A5-A36C-8C0CF3B417D0",
"versionEndExcluding": "1.1.00.40",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:d6200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "00E6A1B7-4732-4259-9B71-10FF0B56A16B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:d7000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C539CF50-2AC3-45F9-8F69-FA2F50FAD92D",
"versionEndExcluding": "1.0.1.78",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:d7000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AF04B65B-9685-4595-9C71-0F77AD7109BE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6020_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6EC58A4B-E061-49ED-BB2D-E0497846DBEE",
"versionEndExcluding": "1.0.0.48",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6020:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5DDA7ABF-4C4B-4945-993A-F93BD8FCB55E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6080_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AF9D1B97-7FF8-45D9-BFD6-72554BBB6008",
"versionEndExcluding": "1.0.0.48",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6080:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1CEB5C49-53CF-44AE-9A7D-E7E6201BFE62",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6120_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BC964EED-3452-4D6F-8603-0A28988282FA",
"versionEndExcluding": "1.0.0.66",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6120:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D18D2CCD-424F-41D5-919B-E22B9FA68D36",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6260_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "33824B9B-1224-484A-AFF4-953573F299C6",
"versionEndExcluding": "1.1.0.78",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6260:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3C395D49-57F9-4BC1-8619-57127355B86B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6700_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E0FCF958-2F6A-4B79-B307-2FE23B7CE8FC",
"versionEndExcluding": "1.2.0.76",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6700:v2:*:*:*:*:*:*:*",
"matchCriteriaId": "9F9706E6-CA53-43E4-91B0-D52655C86860",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6800_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EA434604-4916-4830-A96B-CEC0C8E5A1A0",
"versionEndExcluding": "1.2.0.76",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6800:-:*:*:*:*:*:*:*",
"matchCriteriaId": "09404083-B00B-4C1F-8085-BC242E625CA3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6900_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9E9457F1-F5E8-43CA-8697-3849E140B0CC",
"versionEndExcluding": "1.2.0.76",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6900:v2:*:*:*:*:*:*:*",
"matchCriteriaId": "2E8EB69B-6619-47B6-A073-D0B840D4EB0B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6850_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "612DAD20-761D-41D5-A6AB-AA9975847D34",
"versionEndExcluding": "1.1.0.78",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6850:-:*:*:*:*:*:*:*",
"matchCriteriaId": "598B48C5-4706-4431-8C5A-DA496DD1052F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r7200_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4D95583A-EC79-41FF-9496-DAB19A1A34DB",
"versionEndExcluding": "1.2.0.76",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r7200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FECB83F9-D417-4FD3-B293-87BC177E3AEB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r7350_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "53B1B947-2E36-463C-848F-C5F5C0A5ECAF",
"versionEndExcluding": "1.2.0.76",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r7350:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AFD1A65C-F10F-4C52-8B6D-69992E512EB5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r7400_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2A188F6E-5296-4511-97F2-9328B1E1F6CF",
"versionEndExcluding": "1.2.0.76",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r7400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1F68AC3B-A31F-4AB0-89E9-BFFDE427AD3B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r7450_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "33043216-4563-4195-88D7-93446302ECD1",
"versionEndExcluding": "1.2.0.76",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r7450:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6DA5420D-DD64-4A9C-9B5F-784F0ED2B464",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:ac2100_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8AB0B236-6BC6-4E99-8792-6B01BD591D3A",
"versionEndExcluding": "1.2.0.76",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:ac2100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A80B06A1-81B5-4C33-89F6-EC3F6E3068B5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:ac2400_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2B01C772-D1D4-41F1-A33D-72A6A672502A",
"versionEndExcluding": "1.2.0.76",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:ac2400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6B25A18F-DD96-45FE-B098-71E60CB0FFFE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:ac2600_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BA359610-21DC-41C4-9430-8406B34490EB",
"versionEndExcluding": "1.2.0.76",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:ac2600:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2BFCD9A8-1846-48C4-9F14-3866E983FB74",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rax35_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AD29688A-89F2-49A5-B9D9-6AFC0EA6CB49",
"versionEndExcluding": "1.0.3.62",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rax35:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4201E4D6-4DDF-4EF3-902A-960DFFF7C9A4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rax40_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1B269F15-F70A-4F6C-90AD-025EBB497C1B",
"versionEndExcluding": "1.0.3.62",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rax40:-:*:*:*:*:*:*:*",
"matchCriteriaId": "13D54346-4B03-4296-B050-04EB8CFCA732",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Certain NETGEAR devices are affected by stored XSS. This affects D6200 before 1.1.00.40, D7000 before 1.0.1.78, R6020 before 1.0.0.48, R6080 before 1.0.0.48, R6120 before 1.0.0.66, R6260 before 1.1.0.78, R6700v2 before 1.2.0.76, R6800 before 1.2.0.76, R6900v2 before 1.2.0.76, R6850 before 1.1.0.78, R7200 before 1.2.0.76, R7350 before 1.2.0.76, R7400 before 1.2.0.76, R7450 before 1.2.0.76, AC2100 before 1.2.0.76, AC2400 before 1.2.0.76, AC2600 before 1.2.0.76, RAX35 before 1.0.3.62, and RAX40 before 1.0.3.62."
},
{
"lang": "es",
"value": "Determinados dispositivos NETGEAR est\u00e1n afectados por un ataque de tipo XSS almacenado. Esto afecta a D6200 versiones anteriores a 1.1.00.40, D7000 versiones anteriores a 1.0.1.78, R6020 versiones anteriores a 1.0.0.48, R6080 versiones anteriores a 1.0.0.48, R6120 versiones anteriores a 1.0.0.66, R6260 versiones anteriores a 1.1.0.78, R6700v2 versiones anteriores a 1.2.0.76, R6800 versiones anteriores a 1.2.0.76, R6900v2 versiones anteriores a 1.2.0. 76, R6850 versiones anteriores a 1.1.0.78, R7200 versiones anteriores a 1.2.0.76, R7350 versiones anteriores a 1.2.0.76, R7400 versiones anteriores a 1.2.0.76, R7450 versiones anteriores a 1.2.0.76, AC2100 versiones anteriores a 1.2.0.76, AC2400 versiones anteriores a 1.2.0.76, AC2600 versiones anteriores a 1.2.0.76, RAX35 versiones anteriores a 1.0.3.62 y RAX40 versiones anteriores a 1.0.3.62"
}
],
"id": "CVE-2021-38536",
"lastModified": "2024-11-21T06:17:22.400",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 2.7,
"source": "cve@mitre.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-08-11T00:17:31.773",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.netgear.com/000063774/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-and-Gateways-PSV-2019-0193"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.netgear.com/000063774/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-and-Gateways-PSV-2019-0193"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-08-11 00:15
Modified
2024-11-21 06:17
Severity ?
10.0 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Certain NETGEAR devices are affected by lack of access control at the function level. This affects D6220 before 1.0.0.48, D6400 before 1.0.0.82, D7000v2 before 1.0.0.52, D7800 before 1.0.1.44, D8500 before 1.0.3.43, DC112A before 1.0.0.40, DGN2200v4 before 1.0.0.108, RBK50 before 2.3.0.32, RBR50 before 2.3.0.32, RBS50 before 2.3.0.32, RBK20 before 2.3.0.28, RBR20 before 2.3.0.28, RBS20 before 2.3.0.28, RBK40 before 2.3.0.28, RBR40 before 2.3.0.28, RBS40 before 2.3.0.28, R6020 before 1.0.0.34, R6080 before 1.0.0.34, R6120 before 1.0.0.44, R6220 before 1.1.0.80, R6230 before 1.1.0.80, R6250 before 1.0.4.34, R6260 before 1.1.0.40, R6850 before 1.1.0.40, R6350 before 1.1.0.40, R6400v2 before 1.0.2.62, R6700v3 before 1.0.2.62, R6700v2 before 1.2.0.36, R6800 before 1.2.0.36, R6900v2 before 1.2.0.36, R7000 before 1.0.9.34, R6900P before 1.3.1.44, R7000P before 1.3.1.44, R7100LG before 1.0.0.48, R7200 before 1.2.0.48, R7350 before 1.2.0.48, R7400 before 1.2.0.48, R7450 before 1.2.0.36, AC2100 before 1.2.0.36, AC2400 before 1.2.0.36, AC2600 before 1.2.0.36, R7500v2 before 1.0.3.38, R7800 before 1.0.2.58, R7900 before 1.0.3.8, R7960P before 1.4.1.44, R8000 before 1.0.4.28, R7900P before 1.4.1.30, R8000P before 1.4.1.30, R8900 before 1.0.4.2, R9000 before 1.0.4.2, RAX120 before 1.0.0.74, RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, RBS850 before 3.2.16.6, WNR3500Lv2 before 1.2.0.56, XR450 before 2.3.2.32, and XR500 before 2.3.2.32.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:d6220_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4F36AC74-11DB-4805-9B73-302F86A8C240",
"versionEndExcluding": "1.0.0.48",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:d6220:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F3EEA190-2E9C-4586-BF81-B115532FBA23",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:d6400_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E84B61C3-54CA-4127-AE6B-E63AB51E0C85",
"versionEndExcluding": "1.0.0.82",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:d6400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7D30939B-86E3-4C78-9B05-686B4994C8B9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:d7000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0A0D49BA-4843-4F7E-984A-FF7BDF292F56",
"versionEndExcluding": "1.0.0.52",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:d7000:v2:*:*:*:*:*:*:*",
"matchCriteriaId": "D8780623-F362-4FA5-8B33-37E9CB3FEE12",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:d7800_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0A6C9089-563D-4345-90C7-D2D512382BF1",
"versionEndExcluding": "1.0.1.44",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:d7800:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DA2D4987-3726-4A72-8D32-592F59FAC46D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:d8500_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6DF302FA-84AA-4863-B30F-7E4364CD098C",
"versionEndExcluding": "1.0.3.43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:d8500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "814A0114-9A1D-4EA0-9AF4-6968514E4F01",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:dc112a_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D7587473-93CA-4998-9D73-0E936E425F23",
"versionEndExcluding": "1.0.0.40",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:dc112a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F87FFC46-137D-45B8-B437-F15565FB33D0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:dgn2200_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "373DD028-D307-4B4A-9C35-DDC9366F481F",
"versionEndExcluding": "1.0.0.108",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:dgn2200:v4:*:*:*:*:*:*:*",
"matchCriteriaId": "099184A0-F1C6-4C3F-9C3B-F0B9AC0D4D14",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rbk50_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BA9F2B44-4114-495A-B200-B703FDFC3F8F",
"versionEndExcluding": "2.3.0.32",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rbk50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8BA66D07-D017-49D6-8E72-5C48E940DE1B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rbr50_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A25B8627-D325-493B-8B7D-4F900334F0D8",
"versionEndExcluding": "2.3.0.32",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rbr50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B2CAEA32-6934-4743-9E6B-22D52AC5E7F8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rbs50_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "81ED6C61-2A7C-49EC-BD3D-466442EF715C",
"versionEndExcluding": "2.3.0.32",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rbs50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3BCFD959-D522-4FA0-AD01-2937DAEE1EDF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rbk20_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "448D7EA1-A7BB-4AA5-8260-1D533D6A99AC",
"versionEndExcluding": "2.3.0.28",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rbk20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E6C9F31C-3E12-4787-9C9B-14883D9D152A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rbr20_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1525B9D0-B147-437D-ACAE-58819A1F4FC6",
"versionEndExcluding": "2.3.0.28",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rbr20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AE5DBD66-9C2A-4EFF-87AB-03E791D584B5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rbs20_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4515F985-B714-480C-8FBA-2499A29F29FA",
"versionEndExcluding": "2.3.0.28",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rbs20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "14FC7F5B-7E4F-4A68-8427-D1F553EBE8CA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rbk40_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1CC5263E-71E4-4B63-AD77-D1E72DC704B0",
"versionEndExcluding": "2.3.0.28",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rbk40:-:*:*:*:*:*:*:*",
"matchCriteriaId": "12DDD83C-6FF1-433F-ACA1-7B4B147F9A8C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rbr40_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D130E198-E9F5-4250-9C52-E39DF5C96711",
"versionEndExcluding": "2.3.0.28",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rbr40:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A9E20E59-2B1E-4E43-A494-2C20FD716D4F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rbs40_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "08426AC6-4811-43E8-87EB-204A2729C49B",
"versionEndExcluding": "2.3.0.28",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rbs40:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6FDCDE39-0355-43B9-BF57-F3718DA2988D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6020_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "973CBC26-395C-407F-937B-4E9D2DBE282C",
"versionEndExcluding": "1.0.0.34",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6020:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5DDA7ABF-4C4B-4945-993A-F93BD8FCB55E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6080_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "38FE855A-C695-4D0B-98C8-1D09265F0092",
"versionEndExcluding": "1.0.0.34",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6080:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1CEB5C49-53CF-44AE-9A7D-E7E6201BFE62",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6120_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A26A8815-5A8C-499B-8B30-90ADA47DA3C6",
"versionEndExcluding": "1.0.0.44",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6120:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D18D2CCD-424F-41D5-919B-E22B9FA68D36",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6220_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "220EBC67-69DA-43D6-8B09-EBEEEF29679D",
"versionEndExcluding": "1.1.0.80",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6220:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B131B5C8-CB7F-433B-BA32-F05CE0E92A66",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6230_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9466A450-0351-4B2D-B816-6A1B6F4F34B9",
"versionEndExcluding": "1.1.0.80",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6230:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C91CADFA-59DB-4B6C-A914-848884F4A4BD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6250_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E1DD1F7D-7556-4B95-A33F-E389948D20AA",
"versionEndExcluding": "1.0.4.34",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6250:-:*:*:*:*:*:*:*",
"matchCriteriaId": "321BE843-52C4-4638-A321-439CA7B3A6F2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6260_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FF20BDF1-ADE3-4C82-8E11-C720DA0BCD26",
"versionEndExcluding": "1.1.0.40",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6260:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3C395D49-57F9-4BC1-8619-57127355B86B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6850_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A0BC2E51-CD2D-43F2-B4BF-D2487673487D",
"versionEndExcluding": "1.1.0.40",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6850:-:*:*:*:*:*:*:*",
"matchCriteriaId": "598B48C5-4706-4431-8C5A-DA496DD1052F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6350_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "256D5AB2-9B04-4569-84F3-ACA6B8283176",
"versionEndExcluding": "1.1.0.40",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6350:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4B302909-29CF-4E53-9CCB-8664D3FCB03A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6400_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "91532716-831D-401C-8707-86785F0A4E16",
"versionEndExcluding": "1.0.2.62",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6400:v2:*:*:*:*:*:*:*",
"matchCriteriaId": "52AE9AD2-BC8D-477D-A3D3-891AE52FA5F3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6700_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "73CE0588-37C3-48C1-B013-3277CCE4EF98",
"versionEndExcluding": "1.0.2.62",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6700:v3:*:*:*:*:*:*:*",
"matchCriteriaId": "5A09A9E8-8C77-4EDB-9483-B3C540EF083A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6700_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4A4FB8A1-D380-4234-88EB-91BFF6D215C7",
"versionEndExcluding": "1.2.0.36",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6700:v2:*:*:*:*:*:*:*",
"matchCriteriaId": "9F9706E6-CA53-43E4-91B0-D52655C86860",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6800_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3C39CE79-6433-47E2-A439-9AB1DFBD843C",
"versionEndExcluding": "1.2.0.36",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6800:-:*:*:*:*:*:*:*",
"matchCriteriaId": "09404083-B00B-4C1F-8085-BC242E625CA3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6900_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DB6992BA-B0F5-4E00-84F4-0B0336910AFA",
"versionEndExcluding": "1.2.0.36",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6900:v2:*:*:*:*:*:*:*",
"matchCriteriaId": "2E8EB69B-6619-47B6-A073-D0B840D4EB0B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r7000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E453D3AE-A218-4791-BB19-79C2CF6EC6F8",
"versionEndExcluding": "1.0.9.34",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r7000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C9F86FF6-AB32-4E51-856A-DDE790C0A9A6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6900p_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "52A6DEB2-3A33-4184-866D-9C8D9DD991C6",
"versionEndExcluding": "1.3.1.44",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6900p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C41908FF-AE64-4949-80E3-BEE061B2DA8A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r7000p_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "90805FFE-E59D-43D2-BF1E-D55458CF05BF",
"versionEndExcluding": "1.3.1.44",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r7000p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DFE55F4D-E98B-46D3-B870-041141934CD1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r7100lg_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4B484FA9-17B9-4829-9152-83691EE6A9BB",
"versionEndExcluding": "1.0.0.48",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r7100lg:-:*:*:*:*:*:*:*",
"matchCriteriaId": "366FA778-3C2A-42AF-9141-DAD7043B406C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r7200_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6DC5CA05-2101-4C3A-9E04-D977EBEA9B0B",
"versionEndExcluding": "1.2.0.48",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r7200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FECB83F9-D417-4FD3-B293-87BC177E3AEB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r7350_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9E355B76-0211-452E-8A1B-F5C7B8CD4782",
"versionEndExcluding": "1.2.0.48",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r7350:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AFD1A65C-F10F-4C52-8B6D-69992E512EB5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r7400_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "08D8DE61-6C45-48DC-9914-10CDB3273FFA",
"versionEndExcluding": "1.2.0.48",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r7400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1F68AC3B-A31F-4AB0-89E9-BFFDE427AD3B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r7450_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "153A698C-B517-4B5B-B7AB-D2A50F461213",
"versionEndExcluding": "1.2.0.36",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r7450:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6DA5420D-DD64-4A9C-9B5F-784F0ED2B464",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:ac2100_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E46DF93A-4331-4AC2-A45F-7A729441C395",
"versionEndExcluding": "1.2.0.36",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:ac2100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A80B06A1-81B5-4C33-89F6-EC3F6E3068B5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:ac2400_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FE12CDFB-D0CD-451A-A52F-90F907ADDAEF",
"versionEndExcluding": "1.2.0.36",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:ac2400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6B25A18F-DD96-45FE-B098-71E60CB0FFFE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:ac2600_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "38297D93-B613-4E6C-9C35-2C3A45E72A2F",
"versionEndExcluding": "1.2.0.36",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:ac2600:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2BFCD9A8-1846-48C4-9F14-3866E983FB74",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r7500_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "536487B8-FF04-4526-BE91-44437256525C",
"versionEndExcluding": "1.0.3.38",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r7500:v2:*:*:*:*:*:*:*",
"matchCriteriaId": "2E0DFBF4-E393-44AE-AEF9-1B2059EE5AE8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r7800_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F9D54BE2-47EB-48F1-A6D0-FB0A2F5094C4",
"versionEndExcluding": "1.0.2.58",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r7800:-:*:*:*:*:*:*:*",
"matchCriteriaId": "17CF7445-6950-45FE-9D1A-E23F63316329",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r7900_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "845CF217-8361-4D5B-811D-B9CEB68880CB",
"versionEndExcluding": "1.0.3.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r7900:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C484840F-AF30-4B5C-821A-4DB9BE407BDB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r7960p_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "24B5561C-CB98-45BE-A39D-0C1CD8DFFA1A",
"versionEndExcluding": "1.4.1.44",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r7960p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "091CEDB5-0069-4253-86D8-B9FE17CB9F24",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r8000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "98FAEBDA-5FBA-402D-9BA1-25E5DF4EF55F",
"versionEndExcluding": "1.0.4.28",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r8000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5B39F095-8FE8-43FD-A866-7B613B495984",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r7900p_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8BBB7E16-D31C-49EA-9D82-D3BACED95441",
"versionEndExcluding": "1.4.1.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r7900p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F3D6A70D-66AF-4064-9F1B-4358D4B1F016",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r8000p_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6791754E-E5F9-42EA-AFDA-F93E8227A7C8",
"versionEndExcluding": "1.4.1.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r8000p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F7EF872D-2537-4FEB-8799-499FC9D44339",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r8900_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F52E74FF-6E04-4F96-966C-4355B38CF4DE",
"versionEndExcluding": "1.0.4.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r8900:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0F859165-8D89-4CDD-9D48-9C7923D2261F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r9000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2110965C-E19B-48D2-954D-145C45D0E7EF",
"versionEndExcluding": "1.0.4.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r9000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D74F1BFC-562E-4E7D-BBAB-2F8B593B5A57",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rax120_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "79E7E940-B043-40A7-9347-331DF006656E",
"versionEndExcluding": "1.0.0.74",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rax120:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1742BD56-84E4-40E1-8C04-098B3715161E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rbk752_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FDD03FFF-ECAF-4527-A195-559DF479A0F2",
"versionEndExcluding": "3.2.16.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rbk752:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A45832BD-114D-42F1-B9F1-7532496D30A6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rbr750_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "05A46FA9-5DC8-4408-B4C2-AD5F1CABE7C1",
"versionEndExcluding": "3.2.16.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rbr750:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C13F5C69-FA9B-472A-9036-0C2967BDCDE9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rbs750_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2C144D71-6C10-44CD-BFF9-907A92F0432C",
"versionEndExcluding": "3.2.16.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rbs750:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B529194C-C440-4BC3-850F-0613FC548F86",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rbk852_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B66A716A-7EC5-4F9B-853A-36C0D1AA3BFE",
"versionEndExcluding": "3.2.16.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rbk852:-:*:*:*:*:*:*:*",
"matchCriteriaId": "14F257FE-31CE-4F74-829D-29407D74ADF7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rbr850_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FE13548D-0A26-45C1-8424-D4705EB105EA",
"versionEndExcluding": "3.2.16.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rbr850:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D92E4C8E-222A-476C-8273-F7171FC61F0B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rbs850_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "041D94DE-78C9-475C-9FAE-0B081C69B55F",
"versionEndExcluding": "3.2.16.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rbs850:-:*:*:*:*:*:*:*",
"matchCriteriaId": "221CA950-E984-44CD-9E1B-3AADE3CEBE52",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:wnr3500l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0960178A-5EC8-4C53-8AA2-060025782DC0",
"versionEndExcluding": "1.2.0.56",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:wnr3500l:v2:*:*:*:*:*:*:*",
"matchCriteriaId": "C8DE4BFA-41DE-4748-ACC7-14362333A059",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:xr450_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "804E18F1-4621-4650-9015-49A9137A0C39",
"versionEndExcluding": "2.3.2.32",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:xr450:-:*:*:*:*:*:*:*",
"matchCriteriaId": "66B9CE4D-D1EC-4F55-8226-D159CF5F3AB6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:xr500_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "29216B3A-9A3B-4752-99C2-4A9CFA8E5E26",
"versionEndExcluding": "2.3.2.32",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:xr500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9E203D92-F97B-4F5B-B395-3A5DEDBF1C1C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Certain NETGEAR devices are affected by lack of access control at the function level. This affects D6220 before 1.0.0.48, D6400 before 1.0.0.82, D7000v2 before 1.0.0.52, D7800 before 1.0.1.44, D8500 before 1.0.3.43, DC112A before 1.0.0.40, DGN2200v4 before 1.0.0.108, RBK50 before 2.3.0.32, RBR50 before 2.3.0.32, RBS50 before 2.3.0.32, RBK20 before 2.3.0.28, RBR20 before 2.3.0.28, RBS20 before 2.3.0.28, RBK40 before 2.3.0.28, RBR40 before 2.3.0.28, RBS40 before 2.3.0.28, R6020 before 1.0.0.34, R6080 before 1.0.0.34, R6120 before 1.0.0.44, R6220 before 1.1.0.80, R6230 before 1.1.0.80, R6250 before 1.0.4.34, R6260 before 1.1.0.40, R6850 before 1.1.0.40, R6350 before 1.1.0.40, R6400v2 before 1.0.2.62, R6700v3 before 1.0.2.62, R6700v2 before 1.2.0.36, R6800 before 1.2.0.36, R6900v2 before 1.2.0.36, R7000 before 1.0.9.34, R6900P before 1.3.1.44, R7000P before 1.3.1.44, R7100LG before 1.0.0.48, R7200 before 1.2.0.48, R7350 before 1.2.0.48, R7400 before 1.2.0.48, R7450 before 1.2.0.36, AC2100 before 1.2.0.36, AC2400 before 1.2.0.36, AC2600 before 1.2.0.36, R7500v2 before 1.0.3.38, R7800 before 1.0.2.58, R7900 before 1.0.3.8, R7960P before 1.4.1.44, R8000 before 1.0.4.28, R7900P before 1.4.1.30, R8000P before 1.4.1.30, R8900 before 1.0.4.2, R9000 before 1.0.4.2, RAX120 before 1.0.0.74, RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, RBS850 before 3.2.16.6, WNR3500Lv2 before 1.2.0.56, XR450 before 2.3.2.32, and XR500 before 2.3.2.32."
},
{
"lang": "es",
"value": "Determinados dispositivos NETGEAR est\u00e1n afectados por una falta de control de acceso a nivel de funci\u00f3n. Esto afecta a D6220 versiones anteriores a 1.0.0.48, D6400 versiones anteriores a 1.0.0.82, D7000v2 versiones anteriores a 1.0.0.52, D7800 versiones anteriores a 1.0.1.44, D8500 versiones anteriores a 1.0.3.43, DC112A versiones anteriores a 1.0.0.40, DGN2200v4 versiones anteriores a 1.0.0.108, RBK50 versiones anteriores a 2.3.0.32, RBR50 versiones anteriores a 2.3.0.32, RBS50 versiones anteriores a 2.3.0.32, RBK20 versiones anteriores a 2.3.0.28, RBR20 versiones anteriores a 2.3.0.28, RBS20 versiones anteriores a 2.3.0.28, RBK40 versiones anteriores a 2.3.0.28, RBR40 versiones anteriores a 2.3.0.28, RBS40 versiones anteriores a 2.3.0.28, R6020 versiones anteriores a 1.0.0.34, R6080 versiones anteriores a 1.0.0.34, R6120 versiones anteriores a 1.0.0.44, R6220 versiones anteriores a 1.1.0.80, R6230 versiones anteriores a 1.1.0.80, R6250 versiones anteriores a 1.0.4.34, R6260 versiones anteriores a 1.1.0.40, R6850 versiones anteriores a 1.1.0.40, R6350 versiones anteriores a 1.1.0.40, R6400v2 versiones anteriores a 1.0.2.62, R6700v3 versiones anteriores a 1.0.2.62, R6700v2 versiones anteriores a 1.2.0.36, R6800 versiones anteriores a 1.2.0.36, R6900v2 versiones anteriores a 1.2.0.36, R7000 versiones anteriores a 1.0.9.34, R6900P versiones anteriores a 1.3.1.44, R7000P versiones anteriores a 1.3.1.44, R7100LG versiones anteriores a 1.0.0.48, R7200 versiones anteriores a 1.2.0.48, R7350 versiones anteriores a 1.2.0.48, R7400 versiones anteriores a 1.2.0.48, R7450 versiones anteriores a 1.2.0.36, AC2100 versiones anteriores a 1.2.0.36, AC2400 versiones anteriores a 1.2.0.36, AC2600 versiones anteriores a 1.2.0.36, R7500v2 versiones anteriores a 1.0.3.38, R7800 versiones anteriores a 1.0.2.58, R7900 versiones anteriores a 1.0.3.8, R7960P versiones anteriores a 1.4.1.44, R8000 versiones anteriores a 1.0.4.28, R7900P versiones anteriores a 1.4.1.30, R8000P versiones anteriores a 1.4.1.30, R8900 versiones anteriores a 1.0.4.2, R9000 versiones anteriores a 1.0.4.2, RAX120 versiones anteriores a 1.0.0.74, RBK752 versiones anteriores a 3.2.16.6, RBR750 versiones anteriores a 3.2.16.6, RBS750 versiones anteriores a 3.2.16.6, RBK852 versiones anteriores a 3.2.16.6, RBR850 versiones anteriores a 3.2.16.6, RBS850 versiones anteriores a 3.2.16.6, WNR3500Lv2 versiones anteriores a 1.2.0.56, XR450 versiones anteriores a 2.3.2.32, and XR500 versiones anteriores a 2.3.2.32"
}
],
"id": "CVE-2021-38516",
"lastModified": "2024-11-21T06:17:18.220",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 6.0,
"source": "cve@mitre.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-08-11T00:15:25.580",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.netgear.com/000063780/Security-Advisory-for-Missing-Function-Level-Access-Control-on-Some-Routers-Gateways-and-WiFi-Systems-PSV-2020-0273"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.netgear.com/000063780/Security-Advisory-for-Missing-Function-Level-Access-Control-on-Some-Routers-Gateways-and-WiFi-Systems-PSV-2020-0273"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-08-11 00:17
Modified
2024-11-21 06:17
Severity ?
4.2 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Summary
Certain NETGEAR devices are affected by stored XSS. This affects D6200 before 1.1.00.40, D7000 before 1.0.1.78, R6020 before 1.0.0.48, R6080 before 1.0.0.48, R6120 before 1.0.0.66, R6260 before 1.1.0.78, R6700v2 before 1.2.0.76, R6800 before 1.2.0.76, R6900v2 before 1.2.0.76, R6850 before 1.1.0.78, R7200 before 1.2.0.76, R7350 before 1.2.0.76, R7400 before 1.2.0.76, R7450 before 1.2.0.76, AC2100 before 1.2.0.76, AC2400 before 1.2.0.76, AC2600 before 1.2.0.76, and RAX40 before 1.0.3.62.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netgear | d6200_firmware | * | |
| netgear | d6200 | - | |
| netgear | d7000_firmware | * | |
| netgear | d7000 | - | |
| netgear | r6020_firmware | * | |
| netgear | r6020 | - | |
| netgear | r6080_firmware | * | |
| netgear | r6080 | - | |
| netgear | r6120_firmware | * | |
| netgear | r6120 | - | |
| netgear | r6260_firmware | * | |
| netgear | r6260 | - | |
| netgear | r6700_firmware | * | |
| netgear | r6700 | v2 | |
| netgear | r6800_firmware | * | |
| netgear | r6800 | - | |
| netgear | r6900_firmware | * | |
| netgear | r6900 | v2 | |
| netgear | r6850_firmware | * | |
| netgear | r6850 | - | |
| netgear | r7200_firmware | * | |
| netgear | r7200 | - | |
| netgear | r7350_firmware | * | |
| netgear | r7350 | - | |
| netgear | r7400_firmware | * | |
| netgear | r7400 | - | |
| netgear | r7450_firmware | * | |
| netgear | r7450 | - | |
| netgear | ac2100_firmware | * | |
| netgear | ac2100 | - | |
| netgear | ac2400_firmware | * | |
| netgear | ac2400 | - | |
| netgear | ac2600_firmware | * | |
| netgear | ac2600 | - | |
| netgear | rax40_firmware | * | |
| netgear | rax40 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:d6200_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "59BF957E-F3B6-41A5-A36C-8C0CF3B417D0",
"versionEndExcluding": "1.1.00.40",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:d6200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "00E6A1B7-4732-4259-9B71-10FF0B56A16B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:d7000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C539CF50-2AC3-45F9-8F69-FA2F50FAD92D",
"versionEndExcluding": "1.0.1.78",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:d7000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AF04B65B-9685-4595-9C71-0F77AD7109BE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6020_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6EC58A4B-E061-49ED-BB2D-E0497846DBEE",
"versionEndExcluding": "1.0.0.48",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6020:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5DDA7ABF-4C4B-4945-993A-F93BD8FCB55E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6080_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AF9D1B97-7FF8-45D9-BFD6-72554BBB6008",
"versionEndExcluding": "1.0.0.48",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6080:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1CEB5C49-53CF-44AE-9A7D-E7E6201BFE62",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6120_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BC964EED-3452-4D6F-8603-0A28988282FA",
"versionEndExcluding": "1.0.0.66",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6120:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D18D2CCD-424F-41D5-919B-E22B9FA68D36",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6260_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "33824B9B-1224-484A-AFF4-953573F299C6",
"versionEndExcluding": "1.1.0.78",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6260:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3C395D49-57F9-4BC1-8619-57127355B86B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6700_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E0FCF958-2F6A-4B79-B307-2FE23B7CE8FC",
"versionEndExcluding": "1.2.0.76",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6700:v2:*:*:*:*:*:*:*",
"matchCriteriaId": "9F9706E6-CA53-43E4-91B0-D52655C86860",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6800_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EA434604-4916-4830-A96B-CEC0C8E5A1A0",
"versionEndExcluding": "1.2.0.76",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6800:-:*:*:*:*:*:*:*",
"matchCriteriaId": "09404083-B00B-4C1F-8085-BC242E625CA3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6900_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9E9457F1-F5E8-43CA-8697-3849E140B0CC",
"versionEndExcluding": "1.2.0.76",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6900:v2:*:*:*:*:*:*:*",
"matchCriteriaId": "2E8EB69B-6619-47B6-A073-D0B840D4EB0B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6850_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "612DAD20-761D-41D5-A6AB-AA9975847D34",
"versionEndExcluding": "1.1.0.78",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6850:-:*:*:*:*:*:*:*",
"matchCriteriaId": "598B48C5-4706-4431-8C5A-DA496DD1052F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r7200_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4D95583A-EC79-41FF-9496-DAB19A1A34DB",
"versionEndExcluding": "1.2.0.76",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r7200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FECB83F9-D417-4FD3-B293-87BC177E3AEB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r7350_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "53B1B947-2E36-463C-848F-C5F5C0A5ECAF",
"versionEndExcluding": "1.2.0.76",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r7350:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AFD1A65C-F10F-4C52-8B6D-69992E512EB5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r7400_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2A188F6E-5296-4511-97F2-9328B1E1F6CF",
"versionEndExcluding": "1.2.0.76",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r7400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1F68AC3B-A31F-4AB0-89E9-BFFDE427AD3B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r7450_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "33043216-4563-4195-88D7-93446302ECD1",
"versionEndExcluding": "1.2.0.76",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r7450:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6DA5420D-DD64-4A9C-9B5F-784F0ED2B464",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:ac2100_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8AB0B236-6BC6-4E99-8792-6B01BD591D3A",
"versionEndExcluding": "1.2.0.76",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:ac2100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A80B06A1-81B5-4C33-89F6-EC3F6E3068B5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:ac2400_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2B01C772-D1D4-41F1-A33D-72A6A672502A",
"versionEndExcluding": "1.2.0.76",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:ac2400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6B25A18F-DD96-45FE-B098-71E60CB0FFFE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:ac2600_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BA359610-21DC-41C4-9430-8406B34490EB",
"versionEndExcluding": "1.2.0.76",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:ac2600:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2BFCD9A8-1846-48C4-9F14-3866E983FB74",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rax40_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1B269F15-F70A-4F6C-90AD-025EBB497C1B",
"versionEndExcluding": "1.0.3.62",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rax40:-:*:*:*:*:*:*:*",
"matchCriteriaId": "13D54346-4B03-4296-B050-04EB8CFCA732",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Certain NETGEAR devices are affected by stored XSS. This affects D6200 before 1.1.00.40, D7000 before 1.0.1.78, R6020 before 1.0.0.48, R6080 before 1.0.0.48, R6120 before 1.0.0.66, R6260 before 1.1.0.78, R6700v2 before 1.2.0.76, R6800 before 1.2.0.76, R6900v2 before 1.2.0.76, R6850 before 1.1.0.78, R7200 before 1.2.0.76, R7350 before 1.2.0.76, R7400 before 1.2.0.76, R7450 before 1.2.0.76, AC2100 before 1.2.0.76, AC2400 before 1.2.0.76, AC2600 before 1.2.0.76, and RAX40 before 1.0.3.62."
},
{
"lang": "es",
"value": "Determinados dispositivos NETGEAR est\u00e1n afectados por un ataque de tipo XSS almacenado. Esto afecta a D6200 versiones anteriores a 1.1.00.40, D7000 versiones anteriores a 1.0.1.78, R6020 versiones anteriores a 1.0.0.48, R6080 versiones anteriores a 1.0.0.48, R6120 versiones anteriores a 1.0.0.66, R6260 versiones anteriores a 1.1.0.78, R6700v2 versiones anteriores a 1.2.0.76, R6800 versiones anteriores a 1.2.0.76, R6900v2 versiones anteriores a 1.2. 0.76, R6850 versiones anteriores a 1.1.0.78, R7200 versiones anteriores a 1.2.0.76, R7350 versiones anteriores a 1.2.0.76, R7400 versiones anteriores a 1.2.0.76, R7450 versiones anteriores a 1.2.0.76, AC2100 versiones anteriores a 1.2.0.76, AC2400 versiones anteriores a 1.2.0.76, AC2600 versiones anteriores a 1.2.0.76 y RAX40 versiones anteriores a 1.0.3.62"
}
],
"id": "CVE-2021-38537",
"lastModified": "2024-11-21T06:17:22.680",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.1,
"impactScore": 2.7,
"source": "cve@mitre.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-08-11T00:17:48.797",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.netgear.com/000063775/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-and-Gateways-PSV-2019-0245"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.netgear.com/000063775/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-and-Gateways-PSV-2019-0245"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-12-26 01:15
Modified
2024-11-21 06:32
Severity ?
6.8 (Medium) - CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Certain NETGEAR devices are affected by authentication bypass. This affects AC2100 before 2021-08-27, AC2400 before 2021-08-27, AC2600 before 2021-08-27, D7000 before 2021-08-27, R6220 before 2021-08-27, R6230 before 2021-08-27, R6260 before 2021-08-27, R6330 before 2021-08-27, R6350 before 2021-08-27, R6700v2 before 2021-08-27, R6800 before 2021-08-27, R6850 before 2021-08-27, R6900v2 before 2021-08-27, R7200 before 2021-08-27, R7350 before 2021-08-27, R7400 before 2021-08-27, and R7450 before 2021-08-27.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netgear | ac2100_firmware | * | |
| netgear | ac2100 | - | |
| netgear | ac2400_firmware | * | |
| netgear | ac2400 | - | |
| netgear | ac2600_firmware | * | |
| netgear | ac2600 | - | |
| netgear | d7000_firmware | * | |
| netgear | d7000 | - | |
| netgear | r6220_firmware | * | |
| netgear | r6220 | - | |
| netgear | r6230_firmware | * | |
| netgear | r6230 | - | |
| netgear | r6260_firmware | * | |
| netgear | r6260 | - | |
| netgear | r6330_firmware | * | |
| netgear | r6330 | - | |
| netgear | r6350_firmware | * | |
| netgear | r6350 | - | |
| netgear | r6700v2_firmware | * | |
| netgear | r6700v2 | - | |
| netgear | r6800_firmware | * | |
| netgear | r6800 | - | |
| netgear | r6850_firmware | * | |
| netgear | r6850 | - | |
| netgear | r6900v2_firmware | * | |
| netgear | r6900v2 | - | |
| netgear | r7200_firmware | * | |
| netgear | r7200 | - | |
| netgear | r7350_firmware | * | |
| netgear | r7350 | - | |
| netgear | r7400_firmware | * | |
| netgear | r7400 | - | |
| netgear | r7450_firmware | * | |
| netgear | r7450 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:ac2100_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "45F7CAB5-C621-4BE5-A1A0-067D3A6782DE",
"versionEndExcluding": "1.2.0.88",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:ac2100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A80B06A1-81B5-4C33-89F6-EC3F6E3068B5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:ac2400_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EC90E98D-970F-405E-BD0F-87C569F3235E",
"versionEndExcluding": "1.2.0.88",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:ac2400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6B25A18F-DD96-45FE-B098-71E60CB0FFFE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:ac2600_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F716D30E-8A2C-4C99-951A-6AF94F467DBB",
"versionEndExcluding": "1.2.0.88",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:ac2600:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2BFCD9A8-1846-48C4-9F14-3866E983FB74",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:d7000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C74AB12E-2C62-488D-BD5E-DB2B4C174D91",
"versionEndExcluding": "1.0.1.80",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:d7000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AF04B65B-9685-4595-9C71-0F77AD7109BE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6220_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "894177B3-FEFC-450C-AB87-BAE985769719",
"versionEndExcluding": "1.1.0.110",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6220:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B131B5C8-CB7F-433B-BA32-F05CE0E92A66",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6230_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4EB2CDDD-4C4A-48CC-A6E6-03561C928F71",
"versionEndExcluding": "1.1.0.110",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6230:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C91CADFA-59DB-4B6C-A914-848884F4A4BD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6260_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A194A033-7DAD-470E-B07B-050B4761C3C5",
"versionEndExcluding": "1.1.0.84",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6260:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3C395D49-57F9-4BC1-8619-57127355B86B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6330_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C9652293-61FB-40DA-8C34-F347552D4CA6",
"versionEndExcluding": "1.1.0.84",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6330:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D621D26D-B144-424A-A9CB-19488399ACC1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6350_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "38890775-308B-49B6-A3B7-A7EE4C4CB696",
"versionEndExcluding": "1.1.0.84",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6350:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4B302909-29CF-4E53-9CCB-8664D3FCB03A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6700v2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A211653B-5485-41F5-9873-E610FEBB59E8",
"versionEndExcluding": "1.2.0.88",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6700v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C9793286-86D2-43BF-B9B8-823C05BCAE4B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6800_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D3D3DAA9-7067-4BB1-B7C8-46127F427F2C",
"versionEndExcluding": "1.2.0.88",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6800:-:*:*:*:*:*:*:*",
"matchCriteriaId": "09404083-B00B-4C1F-8085-BC242E625CA3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6850_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3F7CC681-B1DB-469F-A62F-EA3E3A00C1F3",
"versionEndExcluding": "1.1.0.84",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6850:-:*:*:*:*:*:*:*",
"matchCriteriaId": "598B48C5-4706-4431-8C5A-DA496DD1052F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6900v2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "13331B0F-038B-4652-A986-A2CE7E5C8144",
"versionEndExcluding": "1.2.0.88",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6900v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A9FC6398-60A5-4003-A294-C96AE6DBCED5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r7200_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E65B4BD2-D7DE-4F0C-998A-29B3A237B81D",
"versionEndExcluding": "1.2.0.88",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r7200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FECB83F9-D417-4FD3-B293-87BC177E3AEB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r7350_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F9A326D3-C31E-4722-A7D5-593371D90538",
"versionEndExcluding": "1.2.0.88",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r7350:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AFD1A65C-F10F-4C52-8B6D-69992E512EB5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r7400_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "413E21F8-0C60-4F94-9FAD-D71C14C1A30E",
"versionEndExcluding": "1.2.0.88",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r7400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1F68AC3B-A31F-4AB0-89E9-BFFDE427AD3B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r7450_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "35E5B11C-0BD8-44AC-8B49-6BA6F3DD9D9D",
"versionEndExcluding": "1.2.0.88",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r7450:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6DA5420D-DD64-4A9C-9B5F-784F0ED2B464",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Certain NETGEAR devices are affected by authentication bypass. This affects AC2100 before 2021-08-27, AC2400 before 2021-08-27, AC2600 before 2021-08-27, D7000 before 2021-08-27, R6220 before 2021-08-27, R6230 before 2021-08-27, R6260 before 2021-08-27, R6330 before 2021-08-27, R6350 before 2021-08-27, R6700v2 before 2021-08-27, R6800 before 2021-08-27, R6850 before 2021-08-27, R6900v2 before 2021-08-27, R7200 before 2021-08-27, R7350 before 2021-08-27, R7400 before 2021-08-27, and R7450 before 2021-08-27."
},
{
"lang": "es",
"value": "Determinados dispositivos NETGEAR est\u00e1n afectados por una omisi\u00f3n de autenticaci\u00f3n. Esto afecta a AC2100 versiones anteriores a 2021-08-27, AC2400 versiones anteriores a 2021-08-27, AC2600 versiones anteriores a 2021-08-27, D7000 versiones anteriores a 2021-08-27, R6220 versiones anteriores a 2021-08-27, R6230 versiones anteriores a 2021-08-27, R6260 versiones anteriores a 2021-08-27, R6330 versiones anteriores a 2021-08-27, R6350 versiones anteriores al 2021-08-27, R6700v2 versiones anteriores al 2021-08-27, R6800 versiones anteriores al 2021-08-27, R6850 versiones anteriores al 2021-08-27, R6900v2 versiones anteriores al 2021-08-27, R7200 versiones anteriores al 2021-08-27, R7350 versiones anteriores al 2021-08-27, R7400 versiones anteriores al 2021-08-27 y R7450 versiones anteriores al 2021-08-27"
}
],
"id": "CVE-2021-45511",
"lastModified": "2024-11-21T06:32:23.030",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 5.9,
"source": "cve@mitre.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-12-26T01:15:13.437",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://kb.netgear.com/000063961/Security-Advisory-for-Authentication-Bypass-Vulnerability-on-the-D7000-and-Some-Routers-PSV-2021-0133"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://kb.netgear.com/000063961/Security-Advisory-for-Authentication-Bypass-Vulnerability-on-the-D7000-and-Some-Routers-PSV-2021-0133"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-02-04 17:15
Modified
2024-11-21 05:21
Severity ?
Summary
This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of NETGEAR R7450 1.2.0.62_1.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SOAP API endpoint, which listens on TCP port 80 by default. The issue results from the lack of proper access control. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-11559.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netgear | ac2100_firmware | * | |
| netgear | ac2100 | - | |
| netgear | ac2400_firmware | * | |
| netgear | ac2400 | - | |
| netgear | ac2600_firmware | * | |
| netgear | ac2600 | - | |
| netgear | r6700_firmware | * | |
| netgear | r6700 | v2 | |
| netgear | r6800_firmware | * | |
| netgear | r6800 | - | |
| netgear | r6900_firmware | * | |
| netgear | r6900 | v2 | |
| netgear | r7200_firmware | * | |
| netgear | r7200 | - | |
| netgear | r7350_firmware | * | |
| netgear | r7350 | - | |
| netgear | r7400_firmware | * | |
| netgear | r7400 | - | |
| netgear | r7450_firmware | * | |
| netgear | r7450 | - | |
| netgear | r6220_firmware | * | |
| netgear | r6220 | - | |
| netgear | r6230_firmware | * | |
| netgear | r6230 | - | |
| netgear | r6260_firmware | * | |
| netgear | r6260 | - | |
| netgear | r6330_firmware | * | |
| netgear | r6330 | - | |
| netgear | r6350_firmware | * | |
| netgear | r6350 | - | |
| netgear | r6850_firmware | * | |
| netgear | r6850 | - | |
| netgear | r6120_firmware | * | |
| netgear | r6120 | - | |
| netgear | r6020_firmware | * | |
| netgear | r6020 | - | |
| netgear | r6080_firmware | * | |
| netgear | r6080 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:ac2100_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8AB0B236-6BC6-4E99-8792-6B01BD591D3A",
"versionEndExcluding": "1.2.0.76",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:ac2100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A80B06A1-81B5-4C33-89F6-EC3F6E3068B5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:ac2400_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2B01C772-D1D4-41F1-A33D-72A6A672502A",
"versionEndExcluding": "1.2.0.76",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:ac2400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6B25A18F-DD96-45FE-B098-71E60CB0FFFE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:ac2600_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BA359610-21DC-41C4-9430-8406B34490EB",
"versionEndExcluding": "1.2.0.76",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:ac2600:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2BFCD9A8-1846-48C4-9F14-3866E983FB74",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6700_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E0FCF958-2F6A-4B79-B307-2FE23B7CE8FC",
"versionEndExcluding": "1.2.0.76",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6700:v2:*:*:*:*:*:*:*",
"matchCriteriaId": "9F9706E6-CA53-43E4-91B0-D52655C86860",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6800_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EA434604-4916-4830-A96B-CEC0C8E5A1A0",
"versionEndExcluding": "1.2.0.76",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6800:-:*:*:*:*:*:*:*",
"matchCriteriaId": "09404083-B00B-4C1F-8085-BC242E625CA3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6900_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9E9457F1-F5E8-43CA-8697-3849E140B0CC",
"versionEndExcluding": "1.2.0.76",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6900:v2:*:*:*:*:*:*:*",
"matchCriteriaId": "2E8EB69B-6619-47B6-A073-D0B840D4EB0B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r7200_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4D95583A-EC79-41FF-9496-DAB19A1A34DB",
"versionEndExcluding": "1.2.0.76",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r7200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FECB83F9-D417-4FD3-B293-87BC177E3AEB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r7350_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "53B1B947-2E36-463C-848F-C5F5C0A5ECAF",
"versionEndExcluding": "1.2.0.76",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r7350:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AFD1A65C-F10F-4C52-8B6D-69992E512EB5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r7400_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2A188F6E-5296-4511-97F2-9328B1E1F6CF",
"versionEndExcluding": "1.2.0.76",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r7400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1F68AC3B-A31F-4AB0-89E9-BFFDE427AD3B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r7450_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "33043216-4563-4195-88D7-93446302ECD1",
"versionEndExcluding": "1.2.0.76",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r7450:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6DA5420D-DD64-4A9C-9B5F-784F0ED2B464",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6220_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E662BF37-5D81-4B9F-898E-F91B09821555",
"versionEndExcluding": "1.1.0.104",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6220:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B131B5C8-CB7F-433B-BA32-F05CE0E92A66",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6230_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7CD4B6F1-E58F-4B96-BF51-729F59FA1C8B",
"versionEndExcluding": "1.1.0.104",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6230:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C91CADFA-59DB-4B6C-A914-848884F4A4BD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6260_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "33824B9B-1224-484A-AFF4-953573F299C6",
"versionEndExcluding": "1.1.0.78",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6260:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3C395D49-57F9-4BC1-8619-57127355B86B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6330_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DBA2E978-FFF7-470D-90BA-4DBDC009B076",
"versionEndExcluding": "1.1.0.78",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6330:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D621D26D-B144-424A-A9CB-19488399ACC1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6350_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B2AE3CE4-23B0-467E-B522-A211048D6AF3",
"versionEndExcluding": "1.1.0.78",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6350:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4B302909-29CF-4E53-9CCB-8664D3FCB03A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6850_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "612DAD20-761D-41D5-A6AB-AA9975847D34",
"versionEndExcluding": "1.1.0.78",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6850:-:*:*:*:*:*:*:*",
"matchCriteriaId": "598B48C5-4706-4431-8C5A-DA496DD1052F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6120_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B373C515-681A-4D80-9BFD-5E2DFD6F2DF0",
"versionEndExcluding": "1.0.0.76",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6120:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D18D2CCD-424F-41D5-919B-E22B9FA68D36",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6020_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6EC58A4B-E061-49ED-BB2D-E0497846DBEE",
"versionEndExcluding": "1.0.0.48",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6020:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5DDA7ABF-4C4B-4945-993A-F93BD8FCB55E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6080_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AF9D1B97-7FF8-45D9-BFD6-72554BBB6008",
"versionEndExcluding": "1.0.0.48",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6080:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1CEB5C49-53CF-44AE-9A7D-E7E6201BFE62",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of NETGEAR R7450 1.2.0.62_1.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SOAP API endpoint, which listens on TCP port 80 by default. The issue results from the lack of proper access control. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-11559."
},
{
"lang": "es",
"value": "Esta vulnerabilidad permite a atacantes adyacentes a la red revelar informaci\u00f3n confidencial sobre las instalaciones afectadas de los enrutadores NETGEAR R7450 versi\u00f3n 1.2.0.62_1.0.1.\u0026#xa0;No es requerida una autenticaci\u00f3n para explotar esta vulnerabilidad.\u0026#xa0;El fallo espec\u00edfico se presenta dentro del endpoint de la API SOAP, que escucha en el puerto TCP 80 por defecto.\u0026#xa0;El problema resulta de una falta de control de acceso apropiado.\u0026#xa0;Un atacante puede aprovechar esta vulnerabilidad para revelar las credenciales almacenadas, conllevando a un mayor compromiso.\u0026#xa0;Fue ZDI-CAN-11559"
}
],
"id": "CVE-2020-27873",
"lastModified": "2024-11-21T05:21:58.680",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.5,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "zdi-disclosures@trendmicro.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-02-04T17:15:13.480",
"references": [
{
"source": "zdi-disclosures@trendmicro.com",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.netgear.com/000062641/Security-Advisory-for-Password-Recovery-Vulnerabilities-on-Some-Routers"
},
{
"source": "zdi-disclosures@trendmicro.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-072/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.netgear.com/000062641/Security-Advisory-for-Password-Recovery-Vulnerabilities-on-Some-Routers"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-072/"
}
],
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "zdi-disclosures@trendmicro.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-863"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-12-26 01:15
Modified
2024-11-21 06:32
Severity ?
6.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
Certain NETGEAR devices are affected by disclosure of sensitive information. This affects EAX80 before 1.0.1.62, EX7000 before 1.0.1.104, R6120 before 1.0.0.76, R6220 before 1.1.0.110, R6230 before 1.1.0.110, R6260 before 1.1.0.78, R6850 before 1.1.0.78, R6350 before 1.1.0.78, R6330 before 1.1.0.78, R6800 before 1.2.0.76, R6900v2 before 1.2.0.76, R6700v2 before 1.2.0.76, R7000 before 1.0.11.116, R6900P before 1.3.3.140, R7000P before 1.3.3.140, R7200 before 1.2.0.76, R7350 before 1.2.0.76, R7400 before 1.2.0.76, R7450 before 1.2.0.76, AC2100 before 1.2.0.76, AC2400 before 1.2.0.76, AC2600 before 1.2.0.76, R7900 before 1.0.4.38, R7960P before 1.4.1.66, R8000 before 1.0.4.68, R7900P before 1.4.1.66, R8000P before 1.4.1.66, RAX15 before 1.0.2.82, RAX20 before 1.0.2.82, RAX200 before 1.0.3.106, RAX45 before 1.0.2.72, RAX50 before 1.0.2.72, RAX75 before 1.0.3.106, and RAX80 before 1.0.3.106.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:eax80_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C7EE6BC6-DEDA-4005-9E29-D66D0BC7E5C2",
"versionEndExcluding": "1.0.1.62",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:eax80:-:*:*:*:*:*:*:*",
"matchCriteriaId": "97740F5D-063E-424F-A0FE-09EBE1100975",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:ex7000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A2826A7E-990D-455A-8B16-CBCCC4633B97",
"versionEndExcluding": "1.0.1.104",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:ex7000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9F45B620-60B8-40F3-A055-181ADD71EFFF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6120_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B373C515-681A-4D80-9BFD-5E2DFD6F2DF0",
"versionEndExcluding": "1.0.0.76",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6120:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D18D2CCD-424F-41D5-919B-E22B9FA68D36",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6220_firmware:1.1.0.110:*:*:*:*:*:*:*",
"matchCriteriaId": "DC0FFDB8-70A8-4656-A725-5B872F645AAB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6220:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B131B5C8-CB7F-433B-BA32-F05CE0E92A66",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6230_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4EB2CDDD-4C4A-48CC-A6E6-03561C928F71",
"versionEndExcluding": "1.1.0.110",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6230:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C91CADFA-59DB-4B6C-A914-848884F4A4BD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6260_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "33824B9B-1224-484A-AFF4-953573F299C6",
"versionEndExcluding": "1.1.0.78",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6260:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3C395D49-57F9-4BC1-8619-57127355B86B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6850_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "612DAD20-761D-41D5-A6AB-AA9975847D34",
"versionEndExcluding": "1.1.0.78",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6850:-:*:*:*:*:*:*:*",
"matchCriteriaId": "598B48C5-4706-4431-8C5A-DA496DD1052F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6350_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B2AE3CE4-23B0-467E-B522-A211048D6AF3",
"versionEndExcluding": "1.1.0.78",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6350:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4B302909-29CF-4E53-9CCB-8664D3FCB03A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6330_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DBA2E978-FFF7-470D-90BA-4DBDC009B076",
"versionEndExcluding": "1.1.0.78",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6330:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D621D26D-B144-424A-A9CB-19488399ACC1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6800_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EA434604-4916-4830-A96B-CEC0C8E5A1A0",
"versionEndExcluding": "1.2.0.76",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6800:-:*:*:*:*:*:*:*",
"matchCriteriaId": "09404083-B00B-4C1F-8085-BC242E625CA3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6900v2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E9647FDE-BFA1-4ACF-8A6D-57A7820D2352",
"versionEndExcluding": "1.2.0.76",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6900v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A9FC6398-60A5-4003-A294-C96AE6DBCED5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6700v2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "79B94ACE-9EEB-49A9-B8E4-D404667AD83E",
"versionEndExcluding": "1.2.0.76",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6700v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C9793286-86D2-43BF-B9B8-823C05BCAE4B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r7000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D9F1DAD0-F8B8-48D5-B571-C55636B274C3",
"versionEndExcluding": "1.0.11.116",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r7000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C9F86FF6-AB32-4E51-856A-DDE790C0A9A6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r7000p_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C3A7E8BF-8CC3-4806-89F5-FBE01A36A1FD",
"versionEndExcluding": "1.3.3.140",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r7000p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DFE55F4D-E98B-46D3-B870-041141934CD1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6900p_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "94795476-184B-4E7D-9D8B-ECB45609108E",
"versionEndExcluding": "1.3.3.140",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6900p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C41908FF-AE64-4949-80E3-BEE061B2DA8A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r7200_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4D95583A-EC79-41FF-9496-DAB19A1A34DB",
"versionEndExcluding": "1.2.0.76",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r7200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FECB83F9-D417-4FD3-B293-87BC177E3AEB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r7350_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "53B1B947-2E36-463C-848F-C5F5C0A5ECAF",
"versionEndExcluding": "1.2.0.76",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r7350:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AFD1A65C-F10F-4C52-8B6D-69992E512EB5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r7400_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2A188F6E-5296-4511-97F2-9328B1E1F6CF",
"versionEndExcluding": "1.2.0.76",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r7400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1F68AC3B-A31F-4AB0-89E9-BFFDE427AD3B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r7450_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "33043216-4563-4195-88D7-93446302ECD1",
"versionEndExcluding": "1.2.0.76",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r7450:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6DA5420D-DD64-4A9C-9B5F-784F0ED2B464",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:ac2100_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8AB0B236-6BC6-4E99-8792-6B01BD591D3A",
"versionEndExcluding": "1.2.0.76",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:ac2100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A80B06A1-81B5-4C33-89F6-EC3F6E3068B5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:ac2400_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2B01C772-D1D4-41F1-A33D-72A6A672502A",
"versionEndExcluding": "1.2.0.76",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:ac2400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6B25A18F-DD96-45FE-B098-71E60CB0FFFE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:ac2600_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BA359610-21DC-41C4-9430-8406B34490EB",
"versionEndExcluding": "1.2.0.76",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:ac2600:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2BFCD9A8-1846-48C4-9F14-3866E983FB74",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r7900_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "96390A31-03B8-477B-8710-F797CB44E741",
"versionEndExcluding": "1.0.4.38",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r7900:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C484840F-AF30-4B5C-821A-4DB9BE407BDB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r7900p_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "65F881E3-22B3-40D9-A896-51B13FD09EAA",
"versionEndExcluding": "1.4.1.66",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r7900p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F3D6A70D-66AF-4064-9F1B-4358D4B1F016",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r7960p_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5B717BA8-81B7-470C-BF20-A4318D063D77",
"versionEndExcluding": "1.4.1.66",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r7960p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "091CEDB5-0069-4253-86D8-B9FE17CB9F24",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r8000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D10E41DC-982F-444A-9A4D-82EC2BA64199",
"versionEndExcluding": "1.0.4.68",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r8000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5B39F095-8FE8-43FD-A866-7B613B495984",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r8000p_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "101031E9-479E-4F86-B83A-19376F8C8A45",
"versionEndExcluding": "1.4.1.66",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r8000p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F7EF872D-2537-4FEB-8799-499FC9D44339",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rax15_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ED73C5EC-C8D3-4206-BCAA-0901F786DD98",
"versionEndExcluding": "1.0.2.82",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rax15:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B624B4D3-BCF4-4F95-B401-A88BEC3145A5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rax20_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "93EF1D39-E084-40E9-86CF-C590763841A0",
"versionEndExcluding": "1.0.2.82",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rax20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7038703C-C79D-4DD4-8B16-E1A5FC6694C0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rax200_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "04513F08-329D-446F-A356-29074C1C0BEA",
"versionEndExcluding": "1.0.3.106",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rax200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "58EB0F2F-FB5C-47D9-9AE6-087AE517B3F9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rax45_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7932C371-669C-43C0-94A4-17BD4BDE8C74",
"versionEndExcluding": "1.0.2.72",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rax45:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4B08BD69-CDCC-4CEB-B887-4E47D2B45D26",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rax50_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D8B99059-161F-42D4-8AD8-478ABB7DE4B6",
"versionEndExcluding": "1.0.2.72",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rax50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C430976E-24C0-4EA7-BF54-F9C188AB9C01",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rax75_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C0318AD0-52A7-490F-94C1-D07C97370D2C",
"versionEndExcluding": "1.0.3.106",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rax75:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1BAA74D7-36A1-4494-96A2-BD0D2D6BF22F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rax80_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "34D7AF28-F117-4E31-AED8-A3179B1BE182",
"versionEndExcluding": "1.0.3.106",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rax80:-:*:*:*:*:*:*:*",
"matchCriteriaId": "06B5A85C-3588-4263-B9AD-4E56D3F6CB16",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Certain NETGEAR devices are affected by disclosure of sensitive information. This affects EAX80 before 1.0.1.62, EX7000 before 1.0.1.104, R6120 before 1.0.0.76, R6220 before 1.1.0.110, R6230 before 1.1.0.110, R6260 before 1.1.0.78, R6850 before 1.1.0.78, R6350 before 1.1.0.78, R6330 before 1.1.0.78, R6800 before 1.2.0.76, R6900v2 before 1.2.0.76, R6700v2 before 1.2.0.76, R7000 before 1.0.11.116, R6900P before 1.3.3.140, R7000P before 1.3.3.140, R7200 before 1.2.0.76, R7350 before 1.2.0.76, R7400 before 1.2.0.76, R7450 before 1.2.0.76, AC2100 before 1.2.0.76, AC2400 before 1.2.0.76, AC2600 before 1.2.0.76, R7900 before 1.0.4.38, R7960P before 1.4.1.66, R8000 before 1.0.4.68, R7900P before 1.4.1.66, R8000P before 1.4.1.66, RAX15 before 1.0.2.82, RAX20 before 1.0.2.82, RAX200 before 1.0.3.106, RAX45 before 1.0.2.72, RAX50 before 1.0.2.72, RAX75 before 1.0.3.106, and RAX80 before 1.0.3.106."
},
{
"lang": "es",
"value": "Determinados dispositivos NETGEAR est\u00e1n afectados por una divulgaci\u00f3n de informaci\u00f3n confidencial. Esto afecta a EAX80 versiones anteriores a 1.0.1.62, EX7000 versiones anteriores a 1.0.1.104, R6120 versiones anteriores a 1.0.0.76, R6220 versiones anteriores a 1.1.0.110, R6230 versiones anteriores a 1.1.0.110, R6260 versiones anteriores a 1.1.0.78, R6850 versiones anteriores a 1.1.0.78, R6350 versiones anteriores a 1.1.0. 78, R6330 versiones anteriores a 1.1.0.78, R6800 versiones anteriores a 1.2.0.76, R6900v2 versiones anteriores a 1.2.0.76, R6700v2 versiones anteriores a 1.2.0.76, R7000 versiones anteriores a 1.0.11.116, R6900P versiones anteriores a 1.3.3.140, R7000P versiones anteriores a 1.3.3.140, R7200 versiones anteriores a 1.2.0.76, R7350 versiones anteriores a 1. 2.0.76, R7400 versiones anteriores a 1.2.0.76, R7450 versiones anteriores a 1.2.0.76, AC2100 versiones anteriores a 1.2.0.76, AC2400 versiones anteriores a 1.2.0.76, AC2600 versiones anteriores a 1.2.0.76, R7900 versiones anteriores a 1.0.4.38, R7960P versiones anteriores a 1.4.1.66, R8000 versiones anteriores a 1.0.4.68, R7900P versiones anteriores a 1. 4.1.66, R8000P versiones anteriores a 1.4.1.66, RAX15 versiones anteriores a 1.0.2.82, RAX20 versiones anteriores a 1.0.2.82, RAX200 versiones anteriores a 1.0.3.106, RAX45 versiones anteriores a 1.0.2.72, RAX50 versiones anteriores a 1.0.2.72, RAX75 versiones anteriores a 1.0.3.106 y RAX80 versiones anteriores a 1.0.3.106"
}
],
"id": "CVE-2021-45647",
"lastModified": "2024-11-21T06:32:46.533",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "cve@mitre.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-12-26T01:15:19.963",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://kb.netgear.com/000064118/Security-Advisory-for-Sensitive-Information-Disclosure-on-Some-Routers-and-Extenders-PSV-2020-0184"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://kb.netgear.com/000064118/Security-Advisory-for-Sensitive-Information-Disclosure-on-Some-Routers-and-Extenders-PSV-2020-0184"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-01-25 16:15
Modified
2024-11-21 06:11
Severity ?
Summary
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of multiple NETGEAR routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the mini_httpd service, which listens on TCP port 80 by default. The issue results from incorrect string matching logic when accessing protected pages. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. Was ZDI-CAN-13313.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netgear | ac2100_firmware | * | |
| netgear | ac2100 | - | |
| netgear | ac2400_firmware | * | |
| netgear | ac2400 | - | |
| netgear | ac2600_firmware | * | |
| netgear | ac2600 | - | |
| netgear | d7000v1_firmware | * | |
| netgear | d7000v1 | - | |
| netgear | r6220_firmware | * | |
| netgear | r6220 | - | |
| netgear | r6230_firmware | * | |
| netgear | r6230 | - | |
| netgear | r6260_firmware | * | |
| netgear | r6260 | - | |
| netgear | r6330_firmware | * | |
| netgear | r6330 | - | |
| netgear | r6350_firmware | * | |
| netgear | r6350 | - | |
| netgear | r6700v2_firmware | * | |
| netgear | r6700v2 | - | |
| netgear | r6800_firmware | * | |
| netgear | r6800 | - | |
| netgear | r6850_firmware | * | |
| netgear | r6850 | - | |
| netgear | r6900v2_firmware | * | |
| netgear | r6900v2 | - | |
| netgear | r7200_firmware | * | |
| netgear | r7200 | - | |
| netgear | r7350_firmware | * | |
| netgear | r7350 | - | |
| netgear | r7400_firmware | * | |
| netgear | r7400 | - | |
| netgear | r7450_firmware | * | |
| netgear | r7450 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:ac2100_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "45F7CAB5-C621-4BE5-A1A0-067D3A6782DE",
"versionEndExcluding": "1.2.0.88",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:ac2100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A80B06A1-81B5-4C33-89F6-EC3F6E3068B5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:ac2400_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EC90E98D-970F-405E-BD0F-87C569F3235E",
"versionEndExcluding": "1.2.0.88",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:ac2400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6B25A18F-DD96-45FE-B098-71E60CB0FFFE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:ac2600_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F716D30E-8A2C-4C99-951A-6AF94F467DBB",
"versionEndExcluding": "1.2.0.88",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:ac2600:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2BFCD9A8-1846-48C4-9F14-3866E983FB74",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:d7000v1_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FFC44F3A-9464-47CD-BFF7-40927486638E",
"versionEndExcluding": "1.0.1.80",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:d7000v1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "020E7913-90BC-4D37-A575-B5C71F7C9670",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6220_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "894177B3-FEFC-450C-AB87-BAE985769719",
"versionEndExcluding": "1.1.0.110",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6220:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B131B5C8-CB7F-433B-BA32-F05CE0E92A66",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6230_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4EB2CDDD-4C4A-48CC-A6E6-03561C928F71",
"versionEndExcluding": "1.1.0.110",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6230:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C91CADFA-59DB-4B6C-A914-848884F4A4BD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6260_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A194A033-7DAD-470E-B07B-050B4761C3C5",
"versionEndExcluding": "1.1.0.84",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6260:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3C395D49-57F9-4BC1-8619-57127355B86B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6330_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C9652293-61FB-40DA-8C34-F347552D4CA6",
"versionEndExcluding": "1.1.0.84",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6330:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D621D26D-B144-424A-A9CB-19488399ACC1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6350_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "38890775-308B-49B6-A3B7-A7EE4C4CB696",
"versionEndExcluding": "1.1.0.84",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6350:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4B302909-29CF-4E53-9CCB-8664D3FCB03A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6700v2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A211653B-5485-41F5-9873-E610FEBB59E8",
"versionEndExcluding": "1.2.0.88",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6700v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C9793286-86D2-43BF-B9B8-823C05BCAE4B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6800_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D3D3DAA9-7067-4BB1-B7C8-46127F427F2C",
"versionEndExcluding": "1.2.0.88",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6800:-:*:*:*:*:*:*:*",
"matchCriteriaId": "09404083-B00B-4C1F-8085-BC242E625CA3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6850_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3F7CC681-B1DB-469F-A62F-EA3E3A00C1F3",
"versionEndExcluding": "1.1.0.84",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6850:-:*:*:*:*:*:*:*",
"matchCriteriaId": "598B48C5-4706-4431-8C5A-DA496DD1052F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6900v2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "13331B0F-038B-4652-A986-A2CE7E5C8144",
"versionEndExcluding": "1.2.0.88",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6900v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A9FC6398-60A5-4003-A294-C96AE6DBCED5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r7200_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E65B4BD2-D7DE-4F0C-998A-29B3A237B81D",
"versionEndExcluding": "1.2.0.88",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r7200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FECB83F9-D417-4FD3-B293-87BC177E3AEB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r7350_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F9A326D3-C31E-4722-A7D5-593371D90538",
"versionEndExcluding": "1.2.0.88",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r7350:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AFD1A65C-F10F-4C52-8B6D-69992E512EB5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r7400_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "413E21F8-0C60-4F94-9FAD-D71C14C1A30E",
"versionEndExcluding": "1.2.0.88",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r7400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1F68AC3B-A31F-4AB0-89E9-BFFDE427AD3B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r7450_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "35E5B11C-0BD8-44AC-8B49-6BA6F3DD9D9D",
"versionEndExcluding": "1.2.0.88",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r7450:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6DA5420D-DD64-4A9C-9B5F-784F0ED2B464",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of multiple NETGEAR routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the mini_httpd service, which listens on TCP port 80 by default. The issue results from incorrect string matching logic when accessing protected pages. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. Was ZDI-CAN-13313."
},
{
"lang": "es",
"value": "Esta vulnerabilidad permite a atacantes adyacentes a la red omitir la autenticaci\u00f3n en las instalaciones afectadas de varios routers NETGEAR. No es requerida una autenticaci\u00f3n para explotar esta vulnerabilidad. El fallo espec\u00edfico se presenta en el servicio mini_httpd, que escucha en el puerto TCP 80 por defecto. El problema es debido a una l\u00f3gica incorrecta de coincidencia de cadenas cuando es accedida a p\u00e1ginas protegidas. Un atacante puede aprovechar esta vulnerabilidad para escalar privilegios y ejecutar c\u00f3digo arbitrario en el contexto de root. Fue ZDI-CAN-13313"
}
],
"id": "CVE-2021-34865",
"lastModified": "2024-11-21T06:11:22.170",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 6.5,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "zdi-disclosures@trendmicro.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-01-25T16:15:08.383",
"references": [
{
"source": "zdi-disclosures@trendmicro.com",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.netgear.com/000063955/Security-Advisory-for-Authentication-Bypass-Vulnerability-on-Some-Routers-PSV-2021-0083?article=000063955"
},
{
"source": "zdi-disclosures@trendmicro.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1051/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.netgear.com/000063955/Security-Advisory-for-Authentication-Bypass-Vulnerability-on-Some-Routers-PSV-2021-0083?article=000063955"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1051/"
}
],
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "zdi-disclosures@trendmicro.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-697"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-12-26 01:15
Modified
2024-11-21 06:32
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects AC2100 before 1.2.0.88, AC2400 before 1.2.0.88, AC2600 before 1.2.0.88, D7000 before 1.0.1.82, R6220 before 1.1.0.110, R6230 before 1.1.0.110, R6260 before 1.1.0.84, R6330 before 1.1.0.84, R6350 before 1.1.0.84, R6700v2 before 1.2.0.88, R6800 before 1.2.0.88, R6850 before 1.1.0.84, R6900v2 before 1.2.0.88, R7200 before 1.2.0.88, R7350 before 1.2.0.88, R7400 before 1.2.0.88, and R7450 before 1.2.0.88.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netgear | ac2100_firmware | * | |
| netgear | ac2100 | - | |
| netgear | ac2400_firmware | * | |
| netgear | ac2400 | - | |
| netgear | ac2600_firmware | * | |
| netgear | ac2600 | - | |
| netgear | d7000_firmware | * | |
| netgear | d7000 | - | |
| netgear | r6220_firmware | * | |
| netgear | r6220 | - | |
| netgear | r6230_firmware | * | |
| netgear | r6230 | - | |
| netgear | r6260_firmware | * | |
| netgear | r6260 | - | |
| netgear | r6330_firmware | * | |
| netgear | r6330 | - | |
| netgear | r6350_firmware | * | |
| netgear | r6350 | - | |
| netgear | r6700v2_firmware | * | |
| netgear | r6700v2 | - | |
| netgear | r6800_firmware | * | |
| netgear | r6800 | - | |
| netgear | r6850_firmware | * | |
| netgear | r6850 | - | |
| netgear | r6900v2_firmware | * | |
| netgear | r6900v2 | - | |
| netgear | r7200_firmware | * | |
| netgear | r7200 | - | |
| netgear | r7350_firmware | * | |
| netgear | r7350 | - | |
| netgear | r7400_firmware | * | |
| netgear | r7400 | - | |
| netgear | r7450_firmware | * | |
| netgear | r7450 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:ac2100_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "45F7CAB5-C621-4BE5-A1A0-067D3A6782DE",
"versionEndExcluding": "1.2.0.88",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:ac2100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A80B06A1-81B5-4C33-89F6-EC3F6E3068B5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:ac2400_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EC90E98D-970F-405E-BD0F-87C569F3235E",
"versionEndExcluding": "1.2.0.88",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:ac2400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6B25A18F-DD96-45FE-B098-71E60CB0FFFE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:ac2600_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F716D30E-8A2C-4C99-951A-6AF94F467DBB",
"versionEndExcluding": "1.2.0.88",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:ac2600:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2BFCD9A8-1846-48C4-9F14-3866E983FB74",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:d7000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C37FAABD-5F8B-4185-815E-B49E51FF4FA9",
"versionEndExcluding": "1.0.1.82",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:d7000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AF04B65B-9685-4595-9C71-0F77AD7109BE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6220_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "894177B3-FEFC-450C-AB87-BAE985769719",
"versionEndExcluding": "1.1.0.110",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6220:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B131B5C8-CB7F-433B-BA32-F05CE0E92A66",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6230_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4EB2CDDD-4C4A-48CC-A6E6-03561C928F71",
"versionEndExcluding": "1.1.0.110",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6230:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C91CADFA-59DB-4B6C-A914-848884F4A4BD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6260_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A194A033-7DAD-470E-B07B-050B4761C3C5",
"versionEndExcluding": "1.1.0.84",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6260:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3C395D49-57F9-4BC1-8619-57127355B86B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6330_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C9652293-61FB-40DA-8C34-F347552D4CA6",
"versionEndExcluding": "1.1.0.84",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6330:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D621D26D-B144-424A-A9CB-19488399ACC1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6350_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "38890775-308B-49B6-A3B7-A7EE4C4CB696",
"versionEndExcluding": "1.1.0.84",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6350:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4B302909-29CF-4E53-9CCB-8664D3FCB03A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6700v2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A211653B-5485-41F5-9873-E610FEBB59E8",
"versionEndExcluding": "1.2.0.88",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6700v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C9793286-86D2-43BF-B9B8-823C05BCAE4B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6800_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D3D3DAA9-7067-4BB1-B7C8-46127F427F2C",
"versionEndExcluding": "1.2.0.88",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6800:-:*:*:*:*:*:*:*",
"matchCriteriaId": "09404083-B00B-4C1F-8085-BC242E625CA3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6850_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3F7CC681-B1DB-469F-A62F-EA3E3A00C1F3",
"versionEndExcluding": "1.1.0.84",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6850:-:*:*:*:*:*:*:*",
"matchCriteriaId": "598B48C5-4706-4431-8C5A-DA496DD1052F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6900v2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "13331B0F-038B-4652-A986-A2CE7E5C8144",
"versionEndExcluding": "1.2.0.88",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6900v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A9FC6398-60A5-4003-A294-C96AE6DBCED5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r7200_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E65B4BD2-D7DE-4F0C-998A-29B3A237B81D",
"versionEndExcluding": "1.2.0.88",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r7200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FECB83F9-D417-4FD3-B293-87BC177E3AEB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r7350_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F9A326D3-C31E-4722-A7D5-593371D90538",
"versionEndExcluding": "1.2.0.88",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r7350:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AFD1A65C-F10F-4C52-8B6D-69992E512EB5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r7400_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "413E21F8-0C60-4F94-9FAD-D71C14C1A30E",
"versionEndExcluding": "1.2.0.88",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r7400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1F68AC3B-A31F-4AB0-89E9-BFFDE427AD3B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r7450_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "35E5B11C-0BD8-44AC-8B49-6BA6F3DD9D9D",
"versionEndExcluding": "1.2.0.88",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r7450:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6DA5420D-DD64-4A9C-9B5F-784F0ED2B464",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Certain NETGEAR devices are affected by command injection by an authenticated user. This affects AC2100 before 1.2.0.88, AC2400 before 1.2.0.88, AC2600 before 1.2.0.88, D7000 before 1.0.1.82, R6220 before 1.1.0.110, R6230 before 1.1.0.110, R6260 before 1.1.0.84, R6330 before 1.1.0.84, R6350 before 1.1.0.84, R6700v2 before 1.2.0.88, R6800 before 1.2.0.88, R6850 before 1.1.0.84, R6900v2 before 1.2.0.88, R7200 before 1.2.0.88, R7350 before 1.2.0.88, R7400 before 1.2.0.88, and R7450 before 1.2.0.88."
},
{
"lang": "es",
"value": "Determinados dispositivos NETGEAR est\u00e1n afectados por una inyecci\u00f3n de comandos por parte de un usuario autenticado. Esto afecta a AC2100 versiones anteriores a 1.2.0.88, AC2400 versiones anteriores a 1.2.0.88, AC2600 versiones anteriores a 1.2.0.88, D7000 versiones anteriores a 1.0.1.82, R6220 versiones anteriores a 1.1.0.110, R6230 versiones anteriores a 1.1.0.110, R6260 versiones anteriores a 1.1.0.84, R6330 versiones anteriores a 1.1.0.84, R6350 versiones anteriores a 1. 1.0.84, R6700v2 versiones anteriores a 1.2.0.88, R6800 versiones anteriores a 1.2.0.88, R6850 versiones anteriores a 1.1.0.84, R6900v2 versiones anteriores a 1.2.0.88, R7200 versiones anteriores a 1.2.0.88, R7350 versiones anteriores a 1.2.0.88, R7400 versiones anteriores a 1.2.0.88 y R7450 versiones anteriores a 1.2.0.88"
}
],
"id": "CVE-2021-45534",
"lastModified": "2024-11-21T06:32:26.777",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "cve@mitre.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-12-26T01:15:14.600",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://immersivelabs.com/resources/blog/netgear-vulnerabilities-could-put-small-business-routers-at-risk/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://kb.netgear.com/000064406/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Routers-and-DSL-Modem-Routers-PSV-2021-0172"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://immersivelabs.com/resources/blog/netgear-vulnerabilities-could-put-small-business-routers-at-risk/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://kb.netgear.com/000064406/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Routers-and-DSL-Modem-Routers-PSV-2021-0172"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-12-26 01:15
Modified
2024-11-21 06:32
Severity ?
5.8 (Medium) - CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:L/A:N
4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Summary
Certain NETGEAR devices are affected by stored XSS. This affects R6120 before 1.0.0.76, R6260 before 1.1.0.78, R6850 before 1.1.0.78, R6350 before 1.1.0.78, R6330 before 1.1.0.78, R6800 before 1.2.0.76, R6700v2 before 1.2.0.76, R6900v2 before 1.2.0.76, R7200 before 1.2.0.76, R7350 before 1.2.0.76, R7400 before 1.2.0.76, R7450 before 1.2.0.76, AC2100 before 1.2.0.76, AC2400 before 1.2.0.76, and AC2600 before 1.2.0.76.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netgear | r6120_firmware | * | |
| netgear | r6120 | - | |
| netgear | r6260_firmware | * | |
| netgear | r6260 | - | |
| netgear | r6850_firmware | * | |
| netgear | r6850 | - | |
| netgear | r6350_firmware | * | |
| netgear | r6350 | - | |
| netgear | r6330_firmware | * | |
| netgear | r6330 | - | |
| netgear | r6800_firmware | * | |
| netgear | r6800 | - | |
| netgear | r6700v2_firmware | * | |
| netgear | r6700v2 | - | |
| netgear | r6900v2_firmware | * | |
| netgear | r6900v2 | - | |
| netgear | r7200_firmware | * | |
| netgear | r7200 | - | |
| netgear | r7350_firmware | * | |
| netgear | r7350 | - | |
| netgear | r7400_firmware | * | |
| netgear | r7400 | - | |
| netgear | r7450_firmware | * | |
| netgear | r7450 | - | |
| netgear | ac2100_firmware | * | |
| netgear | ac2100 | - | |
| netgear | ac2400_firmware | 1.2.0.76 | |
| netgear | ac2400 | - | |
| netgear | ac2600_firmware | * | |
| netgear | ac2600 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6120_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B373C515-681A-4D80-9BFD-5E2DFD6F2DF0",
"versionEndExcluding": "1.0.0.76",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6120:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D18D2CCD-424F-41D5-919B-E22B9FA68D36",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6260_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "33824B9B-1224-484A-AFF4-953573F299C6",
"versionEndExcluding": "1.1.0.78",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6260:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3C395D49-57F9-4BC1-8619-57127355B86B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6850_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "612DAD20-761D-41D5-A6AB-AA9975847D34",
"versionEndExcluding": "1.1.0.78",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6850:-:*:*:*:*:*:*:*",
"matchCriteriaId": "598B48C5-4706-4431-8C5A-DA496DD1052F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6350_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B2AE3CE4-23B0-467E-B522-A211048D6AF3",
"versionEndExcluding": "1.1.0.78",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6350:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4B302909-29CF-4E53-9CCB-8664D3FCB03A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6330_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DBA2E978-FFF7-470D-90BA-4DBDC009B076",
"versionEndExcluding": "1.1.0.78",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6330:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D621D26D-B144-424A-A9CB-19488399ACC1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6800_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EA434604-4916-4830-A96B-CEC0C8E5A1A0",
"versionEndExcluding": "1.2.0.76",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6800:-:*:*:*:*:*:*:*",
"matchCriteriaId": "09404083-B00B-4C1F-8085-BC242E625CA3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6700v2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "79B94ACE-9EEB-49A9-B8E4-D404667AD83E",
"versionEndExcluding": "1.2.0.76",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6700v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C9793286-86D2-43BF-B9B8-823C05BCAE4B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6900v2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E9647FDE-BFA1-4ACF-8A6D-57A7820D2352",
"versionEndExcluding": "1.2.0.76",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6900v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A9FC6398-60A5-4003-A294-C96AE6DBCED5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r7200_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4D95583A-EC79-41FF-9496-DAB19A1A34DB",
"versionEndExcluding": "1.2.0.76",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r7200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FECB83F9-D417-4FD3-B293-87BC177E3AEB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r7350_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "53B1B947-2E36-463C-848F-C5F5C0A5ECAF",
"versionEndExcluding": "1.2.0.76",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r7350:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AFD1A65C-F10F-4C52-8B6D-69992E512EB5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r7400_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2A188F6E-5296-4511-97F2-9328B1E1F6CF",
"versionEndExcluding": "1.2.0.76",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r7400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1F68AC3B-A31F-4AB0-89E9-BFFDE427AD3B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r7450_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "33043216-4563-4195-88D7-93446302ECD1",
"versionEndExcluding": "1.2.0.76",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r7450:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6DA5420D-DD64-4A9C-9B5F-784F0ED2B464",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:ac2100_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8AB0B236-6BC6-4E99-8792-6B01BD591D3A",
"versionEndExcluding": "1.2.0.76",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:ac2100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A80B06A1-81B5-4C33-89F6-EC3F6E3068B5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:ac2400_firmware:1.2.0.76:*:*:*:*:*:*:*",
"matchCriteriaId": "5CAAB6EA-A28D-4413-B1FC-0E66A179EBC8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:ac2400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6B25A18F-DD96-45FE-B098-71E60CB0FFFE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:ac2600_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BA359610-21DC-41C4-9430-8406B34490EB",
"versionEndExcluding": "1.2.0.76",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:ac2600:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2BFCD9A8-1846-48C4-9F14-3866E983FB74",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Certain NETGEAR devices are affected by stored XSS. This affects R6120 before 1.0.0.76, R6260 before 1.1.0.78, R6850 before 1.1.0.78, R6350 before 1.1.0.78, R6330 before 1.1.0.78, R6800 before 1.2.0.76, R6700v2 before 1.2.0.76, R6900v2 before 1.2.0.76, R7200 before 1.2.0.76, R7350 before 1.2.0.76, R7400 before 1.2.0.76, R7450 before 1.2.0.76, AC2100 before 1.2.0.76, AC2400 before 1.2.0.76, and AC2600 before 1.2.0.76."
},
{
"lang": "es",
"value": "Determinados dispositivos NETGEAR est\u00e1n afectados por un ataque de tipo XSS almacenado. Esto afecta a R6120 versiones anteriores a 1.0.0.76, a R6260 versiones anteriores a 1.1.0.78, a R6850 versiones anteriores a 1.1.0.78, a R6350 versiones anteriores a 1.1.0.78, a R6330 versiones anteriores a 1.1.0.78, a R6800 versiones anteriores a 1.2.0.76, a R6700v2 versiones anteriores a 1.2.0.76, a R6900v2 versiones anteriores a 1. 2.0.76, R7200 versiones anteriores a 1.2.0.76, R7350 versiones anteriores a 1.2.0.76, R7400 versiones anteriores a 1.2.0.76, R7450 versiones anteriores a 1.2.0.76, AC2100 versiones anteriores a 1.2.0.76, AC2400 versiones anteriores a 1.2.0.76 y AC2600 versiones anteriores a 1.2.0.76"
}
],
"id": "CVE-2021-45675",
"lastModified": "2024-11-21T06:32:51.277",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.6,
"impactScore": 4.7,
"source": "cve@mitre.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-12-26T01:15:21.240",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://kb.netgear.com/000064116/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-PSV-2020-0128"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://kb.netgear.com/000064116/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-PSV-2020-0128"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-03-23 07:15
Modified
2024-11-21 06:00
Severity ?
9.9 (Critical) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. This affects R6700v3 before 1.0.4.98, R6400v2 before 1.0.4.98, R7000 before 1.0.11.106, R6900P before 1.3.2.124, R7000P before 1.3.2.124, R7900 before 1.0.4.26, R7850 before 1.0.5.60, R8000 before 1.0.4.58, RS400 before 1.5.0.48, R6400 before 1.0.1.62, R6700 before 1.0.2.16, R6900 before 1.0.2.16, MK60 before 1.0.5.102, MR60 before 1.0.5.102, MS60 before 1.0.5.102, CBR40 before 2.5.0.10, R8000P before 1.4.1.62, R7960P before 1.4.1.62, R7900P before 1.4.1.62, RAX15 before 1.0.1.64, RAX20 before 1.0.1.64, RAX75 before 1.0.3.102, RAX80 before 1.0.3.102, RAX200 before 1.0.2.102, RAX45 before 1.0.2.64, RAX50 before 1.0.2.64, EX7500 before 1.0.0.68, EAX80 before 1.0.1.62, EAX20 before 1.0.0.36, RBK752 before 3.2.16.6, RBK753 before 3.2.16.6, RBK753S before 3.2.16.6, RBK754 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBK853 before 3.2.16.6, RBK854 before 3.2.16.6, RBR850 before 3.2.16.6, RBS850 before 3.2.16.6, RBR840 before 3.2.16.6, RBS840 before 3.2.16.6, R6120 before 1.0.0.70, R6220 before 1.1.0.100, R6230 before 1.1.0.100, R6260 before 1.1.0.76, R6850 before 1.1.0.76, R6350 before 1.1.0.76, R6330 before 1.1.0.76, D7800 before 1.0.1.58, RBK50 before 2.6.1.40, RBR50 before 2.6.1.40, RBS50 before 2.6.1.40, RBK40 before 2.6.1.36, RBR40 before 2.6.1.36, RBS40 before 2.6.1.38, RBK23 before 2.6.1.36, RBR20 before 2.6.1.38, RBS20 before 2.6.1.38, RBK12 before 2.6.1.44, RBK13 before 2.6.1.44, RBK14 before 2.6.1.44, RBK15 before 2.6.1.44, RBR10 before 2.6.1.44, RBS10 before 2.6.1.44, R6800 before 1.2.0.72, R6900v2 before 1.2.0.72, R6700v2 before 1.2.0.72, R7200 before 1.2.0.72, R7350 before 1.2.0.72, R7400 before 1.2.0.72, R7450 before 1.2.0.72, AC2100 before 1.2.0.72, AC2400 before 1.2.0.72, AC2600 before 1.2.0.72, R7800 before 1.0.2.74, R8900 before 1.0.5.24, R9000 before 1.0.5.24, RAX120 before 1.0.1.136, XR450 before 2.3.2.66, XR500 before 2.3.2.66, XR700 before 1.0.1.34, and XR300 before 1.0.3.50.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6700_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4E99E8C5-D88D-409C-8233-944E254D587F",
"versionEndExcluding": "1.0.4.98",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6700:v3:*:*:*:*:*:*:*",
"matchCriteriaId": "5A09A9E8-8C77-4EDB-9483-B3C540EF083A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6400_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1B80222E-C65C-4AA5-9399-E2017D844117",
"versionEndExcluding": "1.0.4.98",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6400:v2:*:*:*:*:*:*:*",
"matchCriteriaId": "52AE9AD2-BC8D-477D-A3D3-891AE52FA5F3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r7000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D208F2CA-DB20-4C82-8FFF-B99EBFE29713",
"versionEndExcluding": "1.0.11.106",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r7000:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E5A29C8A-71C1-477F-9D17-CD2E74784BB8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6900p_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "61DE3850-1661-43D1-9E52-31E2E01979EE",
"versionEndExcluding": "1.3.2.124",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6900p:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3524A509-D0CF-40EB-93FE-9538169CEF53",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r7000p_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5C6F506A-464D-4BDE-8F9B-D537D3C7E137",
"versionEndExcluding": "1.3.2.124",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r7000p:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8DC381A4-BDC7-4F40-AD68-F9EEE5370AC1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r7900_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D9800CB2-C14A-406B-B1FF-B1B62862EBDB",
"versionEndExcluding": "1.0.4.26",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r7900:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0F35362B-CF27-4C04-AD15-8579F1F6B949",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r7850_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4171EB00-3664-43D5-9B62-A3538C358142",
"versionEndExcluding": "1.0.5.60",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r7850:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7780F243-8E08-4E1F-A819-24386B05F817",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r8000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F030129E-95C6-4C31-92A6-DABCDC1B534B",
"versionEndExcluding": "1.0.4.58",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r8000:*:*:*:*:*:*:*:*",
"matchCriteriaId": "41BA56D3-4429-43DA-9988-A83CC92D323D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rs400_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "921A8CFC-D86E-4674-998E-31F4F956B5DC",
"versionEndExcluding": "1.5.0.48",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rs400:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BE56058F-FE7A-43D3-A362-2043B74FAE81",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6400_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "478CE991-5E30-438D-94B0-0E15A29E27BD",
"versionEndExcluding": "1.0.1.62",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6400:*:*:*:*:*:*:*:*",
"matchCriteriaId": "09DF14C8-CE32-47AB-B087-D8D6C84C8F98",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6700_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "19D625E4-17F4-44EF-9A51-DA0BAD4835F2",
"versionEndExcluding": "1.0.2.16",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6700:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B0D05E55-6C70-419A-9A5D-D89AA8F19499",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6900_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B1D59AC0-2859-46C0-B050-3BB8E3E9CB06",
"versionEndExcluding": "1.0.2.16",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6900:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E5B64473-5409-419B-967A-E4D7922D7010",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:mk60_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "99DA73AE-E82E-4886-9237-291B6B32BE9E",
"versionEndExcluding": "1.0.5.102",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:mk60:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F2581D68-BF67-43E9-9465-A510DC80C236",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:mr60_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3E18CCBB-46CD-423D-AA66-36F223EFD6E6",
"versionEndExcluding": "1.0.5.102",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:mr60:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D651DEF9-CC2F-4ADB-9FEE-5C43A8366A75",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:ms60_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "07A1D7A9-29E9-4B1D-90DB-24E0967C9BC7",
"versionEndExcluding": "1.0.5.102",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:ms60:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7467498D-EEFE-4B57-8031-B9F99751D556",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:cbr40_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2B05686E-7206-4E3B-BDBD-05C8EA6CABB5",
"versionEndExcluding": "2.5.0.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:cbr40:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ACAD2041-9A20-444A-BB81-8764610D6F00",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r8000p_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3B377E02-0228-4A2F-90F3-A82E7E964B37",
"versionEndExcluding": "1.4.1.62",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r8000p:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2982807D-D17B-49B8-B0D7-80662EDFC306",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r7960p_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EA8D0327-0A72-44EC-9CC2-6CAF6A0C08B2",
"versionEndExcluding": "1.4.1.62",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r7960p:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5C64BD39-F245-47DB-981D-36613AD40BFF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r7900p_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "44537647-E0B2-477D-98A5-7EA850BF3321",
"versionEndExcluding": "1.4.1.62",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r7900p:*:*:*:*:*:*:*:*",
"matchCriteriaId": "67C27B00-2FD3-4AE9-90B7-AEFA2631C9E4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rax15_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CC5225D5-96AD-43EE-BAA3-37B7FEF97E86",
"versionEndExcluding": "1.0.1.64",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rax15:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3DED03C1-00A1-49B3-BD19-DCCC489E7FE2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rax20_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "33505A97-35DB-4EFD-9D47-EA03057C8FFD",
"versionEndExcluding": "1.0.1.64",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rax20:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B881D3AF-6D5B-4AC9-BB36-E673D88BDC54",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rax75_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ADDF0077-E02C-4DDA-A84E-DF3A0237FC66",
"versionEndExcluding": "1.0.3.102",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rax75:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DCF91BA6-DF2A-4121-9246-83C6DAA89C11",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rax80_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "81DF924F-FDA4-4588-B8A3-6F18ABBD4976",
"versionEndExcluding": "1.0.3.102",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rax80:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E4EAEF0F-DCED-4ECC-B8DF-4E91AA030D8E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rax200_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "49D5D1E8-637A-4970-8753-6A3FCA8FAC64",
"versionEndExcluding": "1.0.2.102",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rax200:*:*:*:*:*:*:*:*",
"matchCriteriaId": "497D21B1-4F55-408F-8D05-18B2B9F55291",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rax45_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5A3B894E-E712-477A-9960-30AFAB2C35CF",
"versionEndExcluding": "1.0.2.64",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rax45:*:*:*:*:*:*:*:*",
"matchCriteriaId": "80FD45DF-A29E-46C7-99DC-09EE74F5A276",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rax50_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A71AE85C-74C4-42C1-BF54-89B6EC38C707",
"versionEndExcluding": "1.0.2.64",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rax50:*:*:*:*:*:*:*:*",
"matchCriteriaId": "12DA6A42-4064-4884-9D8C-7273CA8F0498",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:ex7500_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B59B0C17-2714-48E8-8911-E72488CE32E3",
"versionEndExcluding": "1.0.0.68",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:ex7500:*:*:*:*:*:*:*:*",
"matchCriteriaId": "111905EF-0E9E-4321-837F-D7E7C146E9FF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:eax80_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C7EE6BC6-DEDA-4005-9E29-D66D0BC7E5C2",
"versionEndExcluding": "1.0.1.62",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:eax80:*:*:*:*:*:*:*:*",
"matchCriteriaId": "06EC4DE7-7424-4D7C-9979-88C58CBB0978",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:eax20_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "62EFA314-85C0-48CC-938E-E2BF42B16746",
"versionEndExcluding": "1.0.0.36",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:eax20:*:*:*:*:*:*:*:*",
"matchCriteriaId": "24022452-B0A3-4101-875A-46D0B5E60D48",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rbk752_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FDD03FFF-ECAF-4527-A195-559DF479A0F2",
"versionEndExcluding": "3.2.16.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rbk752:*:*:*:*:*:*:*:*",
"matchCriteriaId": "31427F8E-7D14-4DE1-AF03-7487073040B1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rbk753_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3E391711-0D34-4CBB-9022-BF809C435616",
"versionEndExcluding": "3.2.16.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rbk753:*:*:*:*:*:*:*:*",
"matchCriteriaId": "57204B6D-6D87-4616-91ED-446894C24A3A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rbk753s_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C348EA7B-1226-4745-9961-A5B253BE8235",
"versionEndExcluding": "3.2.16.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rbk753s:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DFFAC263-BF84-404C-9A4F-BF9D1D4134E5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rbk754_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "85D95CCB-7E4A-4CA5-A503-FB79DBC08DDE",
"versionEndExcluding": "3.2.16.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rbk754:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2731D467-A9C2-4801-9D41-BBECF0F4C585",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rbr750_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "05A46FA9-5DC8-4408-B4C2-AD5F1CABE7C1",
"versionEndExcluding": "3.2.16.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rbr750:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C6CB2B42-ADFE-42A7-8A9D-B5C2ED6F2E7F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rbs750_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2C144D71-6C10-44CD-BFF9-907A92F0432C",
"versionEndExcluding": "3.2.16.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rbs750:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EB5309A5-3F84-46F4-BB50-754E9C52FA88",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rbk852_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B66A716A-7EC5-4F9B-853A-36C0D1AA3BFE",
"versionEndExcluding": "3.2.16.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rbk852:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4B06308A-9862-4B1E-A100-B9A8B47311B5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rbk853_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "02781FF1-A884-44D3-8364-FF8371D47FCA",
"versionEndExcluding": "3.2.16.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rbk853:*:*:*:*:*:*:*:*",
"matchCriteriaId": "530F895F-0061-441F-A2BD-CC51A8C13BE5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rbk854_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FAA417FF-DB33-477B-9D73-003CE56C5D78",
"versionEndExcluding": "3.2.16.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rbk854:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B9217A7B-0410-4E57-BD91-8E20237FB52B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rbr850_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FE13548D-0A26-45C1-8424-D4705EB105EA",
"versionEndExcluding": "3.2.16.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rbr850:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A77C093D-AF25-4757-880C-698A7902D507",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rbs850_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "041D94DE-78C9-475C-9FAE-0B081C69B55F",
"versionEndExcluding": "3.2.16.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rbs850:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7A92FEE8-77A2-49DE-BCF7-9416F64E5F28",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rbk842_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F5C6DF5F-FEFB-4A30-87CC-379E726AE181",
"versionEndExcluding": "3.2.16.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rbk842:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1AC8A705-F376-4B1F-B5AD-024CE43EB997",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rbr840_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "451C5603-927A-4EB9-BF9D-150FE16A48F8",
"versionEndExcluding": "3.2.16.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rbr840:*:*:*:*:*:*:*:*",
"matchCriteriaId": "057CD043-7ACD-4284-9CC0-171F437B1501",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rbs840_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4B22B149-BD16-42A0-BB1D-DEF483F6B5E1",
"versionEndExcluding": "3.2.16.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rbs840:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0D633C05-5C85-490D-8692-BBA04C36F450",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6120_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7F898DC9-9250-47DF-844C-F7308365135B",
"versionEndExcluding": "1.0.0.70",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6120:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C1B44D10-8A75-4643-8937-9157C7C1014D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6220_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0754CB8B-A9D4-4444-8426-E1DDBBD2A9D1",
"versionEndExcluding": "1.0.0.70",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6220:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D00B9746-B4B1-4473-8417-BF1B10831B50",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6230_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9D35F61B-5E8F-483B-9F31-A312AB8C717F",
"versionEndExcluding": "1.0.0.70",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6230:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D8C14B49-D069-41E3-94C3-A49E06022D60",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6260_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "23D4F7E6-C042-434E-87B8-55DB18B08B0A",
"versionEndExcluding": "1.1.0.76",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6260:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0E2353F3-A93F-4477-9E2E-4E23EAA5F51C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6850_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3408536D-FC77-48C5-AD15-C5A170D7417C",
"versionEndExcluding": "1.1.0.76",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6850:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D4F77BFF-3640-4906-ABCF-E3C6945050E3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6350_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9F105F6F-ECD3-411D-924E-94BCF036C1EA",
"versionEndExcluding": "1.1.0.76",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6350:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5B54BEAD-CF85-48AB-87EE-F09FAAF1F3D6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6330_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6524B85E-23AC-4983-8331-96E12899B773",
"versionEndExcluding": "1.1.0.76",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6330:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D552EC52-5DB8-45BF-BD1B-0554FCEBCD24",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:d7800_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ACEAC1F2-EEAE-4880-B6C0-FFAAA29685F1",
"versionEndExcluding": "1.0.1.58",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:d7800:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0C82317F-0843-4B4F-9FE0-8A44BA651D26",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rbk50_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A0E3BFCB-BFF8-4722-BE48-5FA93CACD3AD",
"versionEndExcluding": "2.6.1.40",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rbk50:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4660355E-74B6-40E5-86E0-3BA55589C557",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rbr50_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "39D6318D-F5A2-4469-B508-075F2825F0FA",
"versionEndExcluding": "2.6.1.40",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rbr50:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0D9688E5-D944-437C-81AC-03CA64087DC3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rbs50_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1F44708A-C946-4E0F-9D6C-A91AFB4C9EF3",
"versionEndExcluding": "2.6.1.40",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rbs50:*:*:*:*:*:*:*:*",
"matchCriteriaId": "00C4E1D7-94CB-4A0B-9E74-89880CBFF11C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rbk40_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AAC56D3D-B697-4C9D-ADBB-A45845A3B5D4",
"versionEndExcluding": "2.6.1.36",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rbk40:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AADEEDB6-C8F5-41D3-93C8-AB94605554C9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rbr40_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1E21623E-9977-486F-93B1-858FC407E9D1",
"versionEndExcluding": "2.6.1.36",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rbr40:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5428D4B4-DEEC-4A14-BF24-EB480A614FA8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rbs40_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A32769CF-7D0A-4A3F-AF20-6202CA0C6870",
"versionEndExcluding": "2.6.1.38",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rbs40:*:*:*:*:*:*:*:*",
"matchCriteriaId": "772CF322-9944-4243-BFBB-8F133AE5A373",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rbk23_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "675E9C59-D39B-47B0-ABEC-32D548650AB7",
"versionEndExcluding": "2.6.1.36",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rbk23:*:*:*:*:*:*:*:*",
"matchCriteriaId": "752FA3EA-C87D-4402-ACFF-11E1DE15501B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rbr20_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C1612C65-9BA0-4CAF-93B3-D528287B0790",
"versionEndExcluding": "2.6.1.38",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rbr20:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BE1E01AE-DE82-4F20-BCFB-E5A48CCE28AA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rbs20_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "04F03BE5-1440-4BC4-B902-97E702ED0ADF",
"versionEndExcluding": "2.6.1.38",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rbs20:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B12E8664-5D49-4377-A8C4-175F15E94083",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rbk12_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9EC30751-F447-45A7-8C57-B73042869EA5",
"versionEndExcluding": "2.6.1.44",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rbk12:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D26AB2BC-061D-4142-9E37-A22368398876",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rbk13_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2E7758BF-0AE4-46DB-A014-734F68AEEAA0",
"versionEndExcluding": "2.6.1.44",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rbk13:*:*:*:*:*:*:*:*",
"matchCriteriaId": "52BB59CE-7024-4F7C-B49B-C2444FAA923E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rbk14_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B7CD38DB-B4A3-460E-8F89-E85A0E0F5BD3",
"versionEndExcluding": "2.6.1.44",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rbk14:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C0CD88D0-E4F4-4695-A2BE-44758F6CA4C4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rbk15_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3E25990D-C38A-44E7-A301-AB9E80A9D5CA",
"versionEndExcluding": "2.6.1.44",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rbk15:*:*:*:*:*:*:*:*",
"matchCriteriaId": "87232E4A-7821-4A7A-8D31-67C91DCCA5B2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rbr10_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8246B8D3-8455-43B1-B0FA-F677B8FF84F5",
"versionEndExcluding": "2.6.1.44",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rbr10:*:*:*:*:*:*:*:*",
"matchCriteriaId": "69E984D9-C35E-4925-A3C3-695BCEF56C75",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rbs10_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "28DA498C-B466-422E-BAD2-A1F9A15B157F",
"versionEndExcluding": "2.6.1.44",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rbs10:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B0242C44-637E-4984-B830-9148E265E74B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6800_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B8956A99-1071-42A7-8984-D7134E755CBF",
"versionEndExcluding": "1.2.0.72",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6800:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6F3127F5-9624-4002-B8F8-D76A01676ADA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6900_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A660042D-27F6-4110-AB03-BCAFAC194557",
"versionEndExcluding": "1.2.0.72",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6900:v2:*:*:*:*:*:*:*",
"matchCriteriaId": "2E8EB69B-6619-47B6-A073-D0B840D4EB0B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6700_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AFA2C5B9-92C2-4E70-B166-87AD9973F80E",
"versionEndExcluding": "1.2.0.72",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6700:v2:*:*:*:*:*:*:*",
"matchCriteriaId": "9F9706E6-CA53-43E4-91B0-D52655C86860",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r7200_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "02279B20-D951-46CE-B339-452BC585A4F3",
"versionEndExcluding": "1.2.0.72",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r7200:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E330A8C5-1D91-4743-A35C-430CB5EAA0A2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r7350_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B452611A-43C5-401B-95BD-189020B5C65C",
"versionEndExcluding": "1.2.0.72",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r7350:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F27FB281-6C22-45E6-A3A1-DE90C3F2B608",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r7400_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "237C68C0-C2A9-4F71-9E08-547F2A317CBC",
"versionEndExcluding": "1.2.0.72",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r7400:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CE8F6B4F-5995-40A4-89B4-325BACA086A2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r7450_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "63697E3A-AAA3-42E7-8116-93C6548D3AB7",
"versionEndExcluding": "1.2.0.72",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r7450:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EB5E5161-10A9-41A9-9FC4-9A5F6B4536AA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:ac2100_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4C1280B1-A2DF-4CAB-AB19-6B463206AA3D",
"versionEndExcluding": "1.2.0.72",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:ac2100:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DDFA0025-8657-4A20-A282-D1034D8BBEF3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:ac2400_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "76C658A4-BF82-40CE-A5E1-C9F3DA1A9B0B",
"versionEndExcluding": "1.2.0.72",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:ac2400:*:*:*:*:*:*:*:*",
"matchCriteriaId": "710011A1-F633-4B5D-9C09-04E518C71DE9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:ac2600_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4A3A6655-B468-46FB-84D7-2294D4243C91",
"versionEndExcluding": "1.2.0.72",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:ac2600:*:*:*:*:*:*:*:*",
"matchCriteriaId": "474A7CEB-7133-40FA-8FC5-BC85D712DABF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r7800_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C393DBF4-8281-4611-B591-CDB9DF0AA958",
"versionEndExcluding": "1.0.2.74",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r7800:*:*:*:*:*:*:*:*",
"matchCriteriaId": "01CF301B-9DF5-4960-BD62-06E56EDF1031",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r8900_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "57314D03-64B1-4973-9D36-5D22A71DBCBB",
"versionEndExcluding": "1.0.5.24",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r8900:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0CD4841B-0F5C-4B7B-9764-F37605BF7AD9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r9000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0DCE56F2-5A45-4B31-99EF-1D8455C71E5C",
"versionEndExcluding": "1.0.5.24",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r9000:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E4AAEB70-4F97-4044-B897-86020787DE01",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rax120_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B697A877-214C-4701-AA9B-FE9C23FDBCEB",
"versionEndExcluding": "1.0.1.136",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rax120:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B302272A-8BCE-47B7-B7DB-026B22A39367",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:xr450_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "051E8D2A-0EB0-43A7-9AAA-8519B8CC7FE0",
"versionEndExcluding": "2.3.2.66",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:xr450:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EA83AEEB-FBEB-40A9-9F61-814596C00922",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:xr500_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0BCFB551-95C6-4EEF-83F0-4246F67E6668",
"versionEndExcluding": "2.3.2.66",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:xr500:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7F284951-6DAA-4AA4-A189-44CDB44878A5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:xr700_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "89AB672D-DD24-483E-B69D-7E46AF199483",
"versionEndExcluding": "1.0.1.34",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:xr700:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1AF919EF-8893-4E1A-A854-3FB932682504",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:xr300_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D71EDB94-370B-46C3-A14E-3F3FB130DD49",
"versionEndExcluding": "1.0.3.50",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:xr300:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AED2DE10-EC70-4A50-9C17-2C02569BD149",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. This affects R6700v3 before 1.0.4.98, R6400v2 before 1.0.4.98, R7000 before 1.0.11.106, R6900P before 1.3.2.124, R7000P before 1.3.2.124, R7900 before 1.0.4.26, R7850 before 1.0.5.60, R8000 before 1.0.4.58, RS400 before 1.5.0.48, R6400 before 1.0.1.62, R6700 before 1.0.2.16, R6900 before 1.0.2.16, MK60 before 1.0.5.102, MR60 before 1.0.5.102, MS60 before 1.0.5.102, CBR40 before 2.5.0.10, R8000P before 1.4.1.62, R7960P before 1.4.1.62, R7900P before 1.4.1.62, RAX15 before 1.0.1.64, RAX20 before 1.0.1.64, RAX75 before 1.0.3.102, RAX80 before 1.0.3.102, RAX200 before 1.0.2.102, RAX45 before 1.0.2.64, RAX50 before 1.0.2.64, EX7500 before 1.0.0.68, EAX80 before 1.0.1.62, EAX20 before 1.0.0.36, RBK752 before 3.2.16.6, RBK753 before 3.2.16.6, RBK753S before 3.2.16.6, RBK754 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBK853 before 3.2.16.6, RBK854 before 3.2.16.6, RBR850 before 3.2.16.6, RBS850 before 3.2.16.6, RBR840 before 3.2.16.6, RBS840 before 3.2.16.6, R6120 before 1.0.0.70, R6220 before 1.1.0.100, R6230 before 1.1.0.100, R6260 before 1.1.0.76, R6850 before 1.1.0.76, R6350 before 1.1.0.76, R6330 before 1.1.0.76, D7800 before 1.0.1.58, RBK50 before 2.6.1.40, RBR50 before 2.6.1.40, RBS50 before 2.6.1.40, RBK40 before 2.6.1.36, RBR40 before 2.6.1.36, RBS40 before 2.6.1.38, RBK23 before 2.6.1.36, RBR20 before 2.6.1.38, RBS20 before 2.6.1.38, RBK12 before 2.6.1.44, RBK13 before 2.6.1.44, RBK14 before 2.6.1.44, RBK15 before 2.6.1.44, RBR10 before 2.6.1.44, RBS10 before 2.6.1.44, R6800 before 1.2.0.72, R6900v2 before 1.2.0.72, R6700v2 before 1.2.0.72, R7200 before 1.2.0.72, R7350 before 1.2.0.72, R7400 before 1.2.0.72, R7450 before 1.2.0.72, AC2100 before 1.2.0.72, AC2400 before 1.2.0.72, AC2600 before 1.2.0.72, R7800 before 1.0.2.74, R8900 before 1.0.5.24, R9000 before 1.0.5.24, RAX120 before 1.0.1.136, XR450 before 2.3.2.66, XR500 before 2.3.2.66, XR700 before 1.0.1.34, and XR300 before 1.0.3.50."
},
{
"lang": "es",
"value": "Determinados dispositivos NETGEAR est\u00e1n afectados por un desbordamiento del b\u00fafer por parte de un usuario autenticado. Esto afecta al R6700v3 versiones anteriores a 1.0.4.98, al R6400v2 versiones anteriores a 1.0.4.98, al R7000 versiones anteriores a 1.0.11.106, al R6900P versiones anteriores a 1.3.2.124, al R7000P versiones anteriores a 1.3.2.124, al R7900 versiones anteriores a 1.0.4.26, al R7850 versiones anteriores a 1.0.5.60, al R8000 versiones anteriores a 1.0.4.58, al RS400 versiones anteriores a 1.5.0.48, al R6400 versiones anteriores a 1.0.1. 62, R6700 versiones anteriores a 1.0.2.16, R6900 versiones anteriores a 1.0.2.16, MK60 versiones anteriores a 1.0.5.102, MR60 versiones anteriores a 1.0.5.102, MS60 versiones anteriores a 1.0.5.102, CBR40 versiones anteriores a 2.5.0.10, R8000P versiones anteriores a 1.4.1.62, R7960P versiones anteriores a 1.4.1.62, R7900P versiones anteriores a 1.4.1.62, RAX15 versiones anteriores a 1.0.1.64, RAX20 versiones anteriores a 1. 0.1.64, RAX75 versiones anteriores a 1.0.3.102, RAX80 versiones anteriores a 1.0.3.102, RAX200 versiones anteriores a 1.0.2.102, RAX45 versiones anteriores a 1.0.2.64, RAX50 versiones anteriores a 1.0.2.64, EX7500 versiones anteriores a 1.0.0.68, EAX80 versiones anteriores a 1.0.1.62, EAX20 versiones anteriores a 1.0.0.36, RBK752 versiones anteriores a 3.2.16.6, RBK753 versiones anteriores a 3.2.16. 6, RBK753S versiones anteriores a 3.2.16.6, RBK754 versiones anteriores a 3.2.16.6, RBR750 versiones anteriores a 3.2.16.6, RBS750 versiones anteriores a 3.2.16.6, RBK852 versiones anteriores a 3.2.16. 6, RBK853 versiones anteriores a 3.2.16.6, RBK854 versiones anteriores a 3.2.16.6, RBR850 versiones anteriores a 3.2.16.6, RBS850 versiones anteriores a 3.2.16.6, RBR840 versiones anteriores a 3.2.16. 6, RBS840 versiones anteriores a 3.2.16.6, R6120 versiones anteriores a 1.0.0.70, R6220 versiones anteriores a 1.1.0.100, R6230 versiones anteriores a 1.1.0.100, R6260 versiones anteriores a 1.1.0.76, R6850 versiones anteriores a 1.1.0.76, R6350 versiones anteriores a 1.1.0.76, R6330 versiones anteriores a 1.1.0.76, D7800 versiones anteriores a 1.0.1.58, RBK50 versiones anteriores a 2.6.1.40, RBR50 versiones anteriores a 2. 6.1.40, RBS50 versiones anteriores a 2.6.1.40, RBK40 versiones anteriores a 2.6.1.36, RBR40 versiones anteriores a 2.6.1.36, RBS40 versiones anteriores a 2.6.1.38, RBK23 versiones anteriores a 2.6.1.36, RBR20 versiones anteriores a 2.6.1.38, RBS20 versiones anteriores a 2.6.1.38, RBK12 versiones anteriores a 2.6.1.44, RBK13 versiones anteriores a 2.6.1.44, RBK14 versiones anteriores a 2.6.1. 44, RBK15 versiones anteriores a 2.6.1.44, RBR10 versiones anteriores a 2.6.1.44, RBS10 versiones anteriores a 2.6.1.44, R6800 versiones anteriores a 1.2.0.72, R6900v2 versiones anteriores a 1.2.0. 72, R6700v2 versiones anteriores a 1.2.0.72, R7200 versiones anteriores a 1.2.0.72, R7350 versiones anteriores a 1.2.0.72, R7400 versiones anteriores a 1.2.0.72, R7450 versiones anteriores a 1.2.0.72, AC2100 versiones anteriores a 1. 2.0.72, AC2400 versiones anteriores a 1.2.0.72, AC2600 versiones anteriores a 1.2.0.72, R7800 versiones anteriores a 1.0.2.74, R8900 versiones anteriores a 1.0.5.24, R9000 versiones anteriores a 1.0.5.24, RAX120 versiones anteriores a 1.0.1.136, XR450 versiones anteriores a 2.3.2.66, XR500 versiones anteriores a 2.3.2.66, XR700 versiones anteriores a 1.0.1.34 y XR300 versiones anteriores a 1.0.3.50"
}
],
"id": "CVE-2021-29068",
"lastModified": "2024-11-21T06:00:38.353",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.1,
"impactScore": 6.0,
"source": "cve@mitre.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-03-23T07:15:13.297",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.netgear.com/000063021/Security-Advisory-for-Post-Authentication-Buffer-Overflow-on-Some-Routers-Extenders-and-WiFi-Systems-PSV-2020-0155"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.netgear.com/000063021/Security-Advisory-for-Post-Authentication-Buffer-Overflow-on-Some-Routers-Extenders-and-WiFi-Systems-PSV-2020-0155"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-12-26 01:15
Modified
2024-11-21 06:32
Severity ?
4.2 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Summary
Certain NETGEAR devices are affected by Stored XSS. This affects D6200 before 1.1.00.40, D7000 before 1.0.1.78, R6020 before 1.0.0.48, R6080 before 1.0.0.48, R6120 before 1.0.0.76, R6220 before 1.1.0.110, R6230 before 1.1.0.110, R6260 before 1.1.0.78, R6800 before 1.2.0.76, R6900v2 before 1.2.0.76, R6700v2 before 1.2.0.76, R6850 before 1.1.0.78, R7200 before 1.2.0.76, R7350 before 1.2.0.76, R7400 before 1.2.0.76, R7450 before 1.2.0.76, AC2100 before 1.2.0.76, AC2400 before 1.2.0.76, AC2600 before 1.2.0.76, and RAX40 before 1.0.3.62.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netgear | d6200_firmware | * | |
| netgear | d6200 | - | |
| netgear | d7000_firmware | * | |
| netgear | d7000 | - | |
| netgear | r6020_firmware | * | |
| netgear | r6020 | - | |
| netgear | r6080_firmware | * | |
| netgear | r6080 | - | |
| netgear | r6120_firmware | * | |
| netgear | r6120 | - | |
| netgear | r6220_firmware | * | |
| netgear | r6220 | - | |
| netgear | r6230_firmware | * | |
| netgear | r6230 | - | |
| netgear | r6260_firmware | * | |
| netgear | r6260 | - | |
| netgear | r6800_firmware | * | |
| netgear | r6800 | - | |
| netgear | r6900v2_firmware | * | |
| netgear | r6900v2 | - | |
| netgear | r6700v2_firmware | * | |
| netgear | r6700v2 | - | |
| netgear | r6850_firmware | * | |
| netgear | r6850 | - | |
| netgear | r7200_firmware | * | |
| netgear | r7200 | - | |
| netgear | r7350_firmware | * | |
| netgear | r7350 | - | |
| netgear | r7400_firmware | * | |
| netgear | r7400 | - | |
| netgear | r7450_firmware | * | |
| netgear | r7450 | - | |
| netgear | ac2100_firmware | * | |
| netgear | ac2100 | - | |
| netgear | ac2400_firmware | * | |
| netgear | ac2400 | - | |
| netgear | ac2600_firmware | * | |
| netgear | ac2600 | - | |
| netgear | rax40_firmware | * | |
| netgear | rax40 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:d6200_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "59BF957E-F3B6-41A5-A36C-8C0CF3B417D0",
"versionEndExcluding": "1.1.00.40",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:d6200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "00E6A1B7-4732-4259-9B71-10FF0B56A16B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:d7000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C539CF50-2AC3-45F9-8F69-FA2F50FAD92D",
"versionEndExcluding": "1.0.1.78",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:d7000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AF04B65B-9685-4595-9C71-0F77AD7109BE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6020_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6EC58A4B-E061-49ED-BB2D-E0497846DBEE",
"versionEndExcluding": "1.0.0.48",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6020:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5DDA7ABF-4C4B-4945-993A-F93BD8FCB55E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6080_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AF9D1B97-7FF8-45D9-BFD6-72554BBB6008",
"versionEndExcluding": "1.0.0.48",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6080:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1CEB5C49-53CF-44AE-9A7D-E7E6201BFE62",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6120_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B373C515-681A-4D80-9BFD-5E2DFD6F2DF0",
"versionEndExcluding": "1.0.0.76",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6120:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D18D2CCD-424F-41D5-919B-E22B9FA68D36",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6220_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "894177B3-FEFC-450C-AB87-BAE985769719",
"versionEndExcluding": "1.1.0.110",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6220:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B131B5C8-CB7F-433B-BA32-F05CE0E92A66",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6230_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4EB2CDDD-4C4A-48CC-A6E6-03561C928F71",
"versionEndExcluding": "1.1.0.110",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6230:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C91CADFA-59DB-4B6C-A914-848884F4A4BD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6260_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "33824B9B-1224-484A-AFF4-953573F299C6",
"versionEndExcluding": "1.1.0.78",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6260:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3C395D49-57F9-4BC1-8619-57127355B86B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6800_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EA434604-4916-4830-A96B-CEC0C8E5A1A0",
"versionEndExcluding": "1.2.0.76",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6800:-:*:*:*:*:*:*:*",
"matchCriteriaId": "09404083-B00B-4C1F-8085-BC242E625CA3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6900v2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E9647FDE-BFA1-4ACF-8A6D-57A7820D2352",
"versionEndExcluding": "1.2.0.76",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6900v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A9FC6398-60A5-4003-A294-C96AE6DBCED5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6700v2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "79B94ACE-9EEB-49A9-B8E4-D404667AD83E",
"versionEndExcluding": "1.2.0.76",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6700v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C9793286-86D2-43BF-B9B8-823C05BCAE4B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6850_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "612DAD20-761D-41D5-A6AB-AA9975847D34",
"versionEndExcluding": "1.1.0.78",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6850:-:*:*:*:*:*:*:*",
"matchCriteriaId": "598B48C5-4706-4431-8C5A-DA496DD1052F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r7200_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4D95583A-EC79-41FF-9496-DAB19A1A34DB",
"versionEndExcluding": "1.2.0.76",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r7200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FECB83F9-D417-4FD3-B293-87BC177E3AEB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r7350_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "53B1B947-2E36-463C-848F-C5F5C0A5ECAF",
"versionEndExcluding": "1.2.0.76",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r7350:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AFD1A65C-F10F-4C52-8B6D-69992E512EB5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r7400_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2A188F6E-5296-4511-97F2-9328B1E1F6CF",
"versionEndExcluding": "1.2.0.76",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r7400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1F68AC3B-A31F-4AB0-89E9-BFFDE427AD3B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r7450_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "33043216-4563-4195-88D7-93446302ECD1",
"versionEndExcluding": "1.2.0.76",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r7450:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6DA5420D-DD64-4A9C-9B5F-784F0ED2B464",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:ac2100_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8AB0B236-6BC6-4E99-8792-6B01BD591D3A",
"versionEndExcluding": "1.2.0.76",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:ac2100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A80B06A1-81B5-4C33-89F6-EC3F6E3068B5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:ac2400_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2B01C772-D1D4-41F1-A33D-72A6A672502A",
"versionEndExcluding": "1.2.0.76",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:ac2400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6B25A18F-DD96-45FE-B098-71E60CB0FFFE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:ac2600_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BA359610-21DC-41C4-9430-8406B34490EB",
"versionEndExcluding": "1.2.0.76",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:ac2600:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2BFCD9A8-1846-48C4-9F14-3866E983FB74",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rax40_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1B269F15-F70A-4F6C-90AD-025EBB497C1B",
"versionEndExcluding": "1.0.3.62",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rax40:-:*:*:*:*:*:*:*",
"matchCriteriaId": "13D54346-4B03-4296-B050-04EB8CFCA732",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Certain NETGEAR devices are affected by Stored XSS. This affects D6200 before 1.1.00.40, D7000 before 1.0.1.78, R6020 before 1.0.0.48, R6080 before 1.0.0.48, R6120 before 1.0.0.76, R6220 before 1.1.0.110, R6230 before 1.1.0.110, R6260 before 1.1.0.78, R6800 before 1.2.0.76, R6900v2 before 1.2.0.76, R6700v2 before 1.2.0.76, R6850 before 1.1.0.78, R7200 before 1.2.0.76, R7350 before 1.2.0.76, R7400 before 1.2.0.76, R7450 before 1.2.0.76, AC2100 before 1.2.0.76, AC2400 before 1.2.0.76, AC2600 before 1.2.0.76, and RAX40 before 1.0.3.62."
},
{
"lang": "es",
"value": "Determinados dispositivos NETGEAR est\u00e1n afectados por un ataque de tipo XSS almacenado. Esto afecta a D6200 versiones anteriores a 1.1.00.40, a D7000 versiones anteriores a 1.0.1.78, a R6020 versiones anteriores a 1.0.0.48, a R6080 versiones anteriores a 1.0.0.48, a R6120 versiones anteriores a 1.0.0.76, a R6220 versiones anteriores a 1.1.0.110, a R6230 versiones anteriores a 1.1.0.110, a R6260 versiones anteriores a 1.1.0.78, a R6800 versiones anteriores a 1.2.0.76, a R6900v2 versiones anteriores a 1.2. 0.76, R6700v2 versiones anteriores a 1.2.0.76, R6850 versiones anteriores a 1.1.0.78, R7200 versiones anteriores a 1.2.0.76, R7350 versiones anteriores a 1.2.0.76, R7400 versiones anteriores a 1.2.0.76, R7450 versiones anteriores a 1.2.0.76, AC2100 versiones anteriores a 1.2.0.76, AC2400 versiones anteriores a 1.2.0.76, AC2600 versiones anteriores a 1.2.0.76 y RAX40 versiones anteriores a 1.0.3.62"
}
],
"id": "CVE-2021-45672",
"lastModified": "2024-11-21T06:32:50.727",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.1,
"impactScore": 2.7,
"source": "cve@mitre.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-12-26T01:15:21.103",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://kb.netgear.com/000064075/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-PSV-2019-0244"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://kb.netgear.com/000064075/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-PSV-2019-0244"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-12-26 01:15
Modified
2024-11-21 06:32
Severity ?
9.4 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Certain NETGEAR devices are affected by authentication bypass. This affects AC2400 before 1.1.0.84, AC2600 before 1.1.0.84, D7000 before 1.0.1.82, R6020 before 1.0.0.52, R6080 before 1.0.0.52, R6120 before 1.0.0.80, R6220 before 1.1.0.110, R6230 before 1.1.0.110, R6260 before 1.1.0.84, R6330 before 1.1.0.84, R6350 before 1.1.0.84, R6700v2 before 1.1.0.84, R6800 before 1.1.0.84, R6850 before 1.1.0.84, R6900v2 before 1.1.0.84, R7200 before 1.1.0.84, R7350 before 1.1.0.84, R7400 before 1.1.0.84, and R7450 before 1.1.0.84.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netgear | ac2400_firmware | * | |
| netgear | ac2400 | - | |
| netgear | ac2600_firmware | * | |
| netgear | ac2600 | - | |
| netgear | d7000_firmware | * | |
| netgear | d7000 | - | |
| netgear | r6020_firmware | * | |
| netgear | r6020 | - | |
| netgear | r6080_firmware | * | |
| netgear | r6080 | - | |
| netgear | r6120_firmware | * | |
| netgear | r6120 | - | |
| netgear | r6220_firmware | * | |
| netgear | r6220 | - | |
| netgear | r6230_firmware | * | |
| netgear | r6230 | - | |
| netgear | r6260_firmware | * | |
| netgear | r6260 | - | |
| netgear | r6330_firmware | * | |
| netgear | r6330 | - | |
| netgear | r6350_firmware | * | |
| netgear | r6350 | - | |
| netgear | r6700v2_firmware | * | |
| netgear | r6700v2 | - | |
| netgear | r6800_firmware | * | |
| netgear | r6800 | - | |
| netgear | r6850_firmware | * | |
| netgear | r6850 | - | |
| netgear | r6900v2_firmware | * | |
| netgear | r6900v2 | - | |
| netgear | r7200_firmware | * | |
| netgear | r7200 | - | |
| netgear | r7350_firmware | * | |
| netgear | r7350 | - | |
| netgear | r7400_firmware | * | |
| netgear | r7400 | - | |
| netgear | r7450_firmware | * | |
| netgear | r7450 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:ac2400_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C58AE2F0-D2B5-4781-BB17-7DB7754C7104",
"versionEndExcluding": "1.1.0.84",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:ac2400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6B25A18F-DD96-45FE-B098-71E60CB0FFFE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:ac2600_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A340F3DB-A810-4422-BD1E-EFBB7CE3114D",
"versionEndExcluding": "1.1.0.84",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:ac2600:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2BFCD9A8-1846-48C4-9F14-3866E983FB74",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:d7000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C37FAABD-5F8B-4185-815E-B49E51FF4FA9",
"versionEndExcluding": "1.0.1.82",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:d7000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AF04B65B-9685-4595-9C71-0F77AD7109BE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6020_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "791E4414-852E-4DA1-AB96-0EBC6CC13F4A",
"versionEndExcluding": "1.0.0.52",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6020:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5DDA7ABF-4C4B-4945-993A-F93BD8FCB55E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6080_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E9EAD423-031A-400E-89CB-958D73BF4484",
"versionEndExcluding": "1.0.0.52",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6080:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1CEB5C49-53CF-44AE-9A7D-E7E6201BFE62",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6120_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7B41633A-89CB-4DC7-8CD8-AF1EE7E2CF60",
"versionEndExcluding": "1.0.0.80",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6120:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D18D2CCD-424F-41D5-919B-E22B9FA68D36",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6220_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "894177B3-FEFC-450C-AB87-BAE985769719",
"versionEndExcluding": "1.1.0.110",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6220:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B131B5C8-CB7F-433B-BA32-F05CE0E92A66",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6230_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4EB2CDDD-4C4A-48CC-A6E6-03561C928F71",
"versionEndExcluding": "1.1.0.110",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6230:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C91CADFA-59DB-4B6C-A914-848884F4A4BD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6260_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A194A033-7DAD-470E-B07B-050B4761C3C5",
"versionEndExcluding": "1.1.0.84",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6260:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3C395D49-57F9-4BC1-8619-57127355B86B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6330_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C9652293-61FB-40DA-8C34-F347552D4CA6",
"versionEndExcluding": "1.1.0.84",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6330:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D621D26D-B144-424A-A9CB-19488399ACC1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6350_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "38890775-308B-49B6-A3B7-A7EE4C4CB696",
"versionEndExcluding": "1.1.0.84",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6350:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4B302909-29CF-4E53-9CCB-8664D3FCB03A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6700v2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5C2D16A6-378A-4072-B743-09F966220C66",
"versionEndExcluding": "1.1.0.84",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6700v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C9793286-86D2-43BF-B9B8-823C05BCAE4B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6800_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "234A281D-3FDF-45C1-82C1-78DD6B7B9330",
"versionEndExcluding": "1.1.0.84",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6800:-:*:*:*:*:*:*:*",
"matchCriteriaId": "09404083-B00B-4C1F-8085-BC242E625CA3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6850_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3F7CC681-B1DB-469F-A62F-EA3E3A00C1F3",
"versionEndExcluding": "1.1.0.84",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6850:-:*:*:*:*:*:*:*",
"matchCriteriaId": "598B48C5-4706-4431-8C5A-DA496DD1052F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6900v2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F5FD1D1D-FD2C-496D-B114-D99394DB4D0C",
"versionEndExcluding": "1.1.0.84",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6900v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A9FC6398-60A5-4003-A294-C96AE6DBCED5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r7200_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "17BA87B8-783B-4B47-8225-220B9F9A602B",
"versionEndExcluding": "1.1.0.84",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r7200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FECB83F9-D417-4FD3-B293-87BC177E3AEB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r7350_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8F9794C1-A2DC-477F-B7DF-33A88C9309E9",
"versionEndExcluding": "1.1.0.84",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r7350:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AFD1A65C-F10F-4C52-8B6D-69992E512EB5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r7400_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E0EA5BB6-0082-47E5-8DFC-10677A4AC817",
"versionEndExcluding": "1.1.0.84",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r7400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1F68AC3B-A31F-4AB0-89E9-BFFDE427AD3B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r7450_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "477D15A9-BD8B-41D6-B4EA-C55F62AD173D",
"versionEndExcluding": "1.1.0.84",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r7450:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6DA5420D-DD64-4A9C-9B5F-784F0ED2B464",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Certain NETGEAR devices are affected by authentication bypass. This affects AC2400 before 1.1.0.84, AC2600 before 1.1.0.84, D7000 before 1.0.1.82, R6020 before 1.0.0.52, R6080 before 1.0.0.52, R6120 before 1.0.0.80, R6220 before 1.1.0.110, R6230 before 1.1.0.110, R6260 before 1.1.0.84, R6330 before 1.1.0.84, R6350 before 1.1.0.84, R6700v2 before 1.1.0.84, R6800 before 1.1.0.84, R6850 before 1.1.0.84, R6900v2 before 1.1.0.84, R7200 before 1.1.0.84, R7350 before 1.1.0.84, R7400 before 1.1.0.84, and R7450 before 1.1.0.84."
},
{
"lang": "es",
"value": "Determinados dispositivos NETGEAR est\u00e1n afectados por una omisi\u00f3n de autenticaci\u00f3n. Esto afecta a los dispositivos AC2400 versiones anteriores a 1.1.0.84, AC2600 versiones anteriores a 1.1.0.84, D7000 versiones anteriores a 1.0.1.82, R6020 versiones anteriores a 1.0.0.52, R6080 versiones anteriores a 1.0.0.52, R6120 versiones anteriores a 1.0.0.80, R6220 versiones anteriores a 1.1.0.110, R6230 versiones anteriores a 1.1.0.110, R6260 versiones anteriores a 1.1.0.84, R6330 versiones anteriores a 1.1.0.84. 1.0.84, R6350 versiones anteriores a 1.1.0.84, R6700v2 versiones anteriores a 1.1.0.84, R6800 versiones anteriores a 1.1.0.84, R6850 versiones anteriores a 1.1.0.84, R6900v2 versiones anteriores a 1.1.0.84, R7200 versiones anteriores a 1.1.0.84, R7350 versiones anteriores a 1.1.0.84, R7400 versiones anteriores a 1.1.0.84 y R7450 versiones anteriores a 1.1.0.84"
}
],
"id": "CVE-2021-45501",
"lastModified": "2024-11-21T06:32:21.403",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.5,
"source": "cve@mitre.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-12-26T01:15:12.930",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://kb.netgear.com/000064532/Security-Advisory-for-Authentication-Bypass-on-Some-Routers-PSV-2021-0154"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://kb.netgear.com/000064532/Security-Advisory-for-Authentication-Bypass-on-Some-Routers-PSV-2021-0154"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-02-12 00:15
Modified
2024-11-21 05:21
Severity ?
Summary
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6020, R6080, R6120, R6220, R6260, R6700v2, R6800, R6900v2, R7450, JNR3210, WNR2020, Nighthawk AC2100, and Nighthawk AC2400 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the mini_httpd service, which listens on TCP port 80 by default. When parsing the funjsq_access_token parameter, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-11653.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netgear | ac2100_firmware | * | |
| netgear | ac2100 | - | |
| netgear | ac2400_firmware | * | |
| netgear | ac2400 | - | |
| netgear | ac2600_firmware | * | |
| netgear | ac2600 | - | |
| netgear | r6700_firmware | * | |
| netgear | r6700 | v2 | |
| netgear | r6800_firmware | * | |
| netgear | r6800 | - | |
| netgear | r6900_firmware | * | |
| netgear | r6900 | v2 | |
| netgear | r7200_firmware | * | |
| netgear | r7200 | - | |
| netgear | r7350_firmware | * | |
| netgear | r7350 | - | |
| netgear | r7400_firmware | * | |
| netgear | r7400 | - | |
| netgear | r7450_firmware | * | |
| netgear | r7450 | - | |
| netgear | r6220_firmware | * | |
| netgear | r6220 | - | |
| netgear | r6230_firmware | * | |
| netgear | r6230 | - | |
| netgear | r6260_firmware | * | |
| netgear | r6260 | - | |
| netgear | r6330_firmware | * | |
| netgear | r6330 | - | |
| netgear | r6350_firmware | * | |
| netgear | r6350 | - | |
| netgear | r6850_firmware | * | |
| netgear | r6850 | - | |
| netgear | r6120_firmware | * | |
| netgear | r6120 | - | |
| netgear | r6020_firmware | * | |
| netgear | r6020 | - | |
| netgear | r6080_firmware | * | |
| netgear | r6080 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:ac2100_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8AB0B236-6BC6-4E99-8792-6B01BD591D3A",
"versionEndExcluding": "1.2.0.76",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:ac2100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A80B06A1-81B5-4C33-89F6-EC3F6E3068B5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:ac2400_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2B01C772-D1D4-41F1-A33D-72A6A672502A",
"versionEndExcluding": "1.2.0.76",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:ac2400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6B25A18F-DD96-45FE-B098-71E60CB0FFFE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:ac2600_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BA359610-21DC-41C4-9430-8406B34490EB",
"versionEndExcluding": "1.2.0.76",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:ac2600:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2BFCD9A8-1846-48C4-9F14-3866E983FB74",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6700_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E0FCF958-2F6A-4B79-B307-2FE23B7CE8FC",
"versionEndExcluding": "1.2.0.76",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6700:v2:*:*:*:*:*:*:*",
"matchCriteriaId": "9F9706E6-CA53-43E4-91B0-D52655C86860",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6800_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EA434604-4916-4830-A96B-CEC0C8E5A1A0",
"versionEndExcluding": "1.2.0.76",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6800:-:*:*:*:*:*:*:*",
"matchCriteriaId": "09404083-B00B-4C1F-8085-BC242E625CA3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6900_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9E9457F1-F5E8-43CA-8697-3849E140B0CC",
"versionEndExcluding": "1.2.0.76",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6900:v2:*:*:*:*:*:*:*",
"matchCriteriaId": "2E8EB69B-6619-47B6-A073-D0B840D4EB0B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r7200_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4D95583A-EC79-41FF-9496-DAB19A1A34DB",
"versionEndExcluding": "1.2.0.76",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r7200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FECB83F9-D417-4FD3-B293-87BC177E3AEB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r7350_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "53B1B947-2E36-463C-848F-C5F5C0A5ECAF",
"versionEndExcluding": "1.2.0.76",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r7350:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AFD1A65C-F10F-4C52-8B6D-69992E512EB5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r7400_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2A188F6E-5296-4511-97F2-9328B1E1F6CF",
"versionEndExcluding": "1.2.0.76",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r7400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1F68AC3B-A31F-4AB0-89E9-BFFDE427AD3B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r7450_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "33043216-4563-4195-88D7-93446302ECD1",
"versionEndExcluding": "1.2.0.76",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r7450:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6DA5420D-DD64-4A9C-9B5F-784F0ED2B464",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6220_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E662BF37-5D81-4B9F-898E-F91B09821555",
"versionEndExcluding": "1.1.0.104",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6220:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B131B5C8-CB7F-433B-BA32-F05CE0E92A66",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6230_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7CD4B6F1-E58F-4B96-BF51-729F59FA1C8B",
"versionEndExcluding": "1.1.0.104",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6230:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C91CADFA-59DB-4B6C-A914-848884F4A4BD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6260_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "33824B9B-1224-484A-AFF4-953573F299C6",
"versionEndExcluding": "1.1.0.78",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6260:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3C395D49-57F9-4BC1-8619-57127355B86B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6330_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DBA2E978-FFF7-470D-90BA-4DBDC009B076",
"versionEndExcluding": "1.1.0.78",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6330:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D621D26D-B144-424A-A9CB-19488399ACC1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6350_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B2AE3CE4-23B0-467E-B522-A211048D6AF3",
"versionEndExcluding": "1.1.0.78",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6350:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4B302909-29CF-4E53-9CCB-8664D3FCB03A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6850_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "612DAD20-761D-41D5-A6AB-AA9975847D34",
"versionEndExcluding": "1.1.0.78",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6850:-:*:*:*:*:*:*:*",
"matchCriteriaId": "598B48C5-4706-4431-8C5A-DA496DD1052F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6120_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B373C515-681A-4D80-9BFD-5E2DFD6F2DF0",
"versionEndExcluding": "1.0.0.76",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6120:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D18D2CCD-424F-41D5-919B-E22B9FA68D36",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6020_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6EC58A4B-E061-49ED-BB2D-E0497846DBEE",
"versionEndExcluding": "1.0.0.48",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6020:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5DDA7ABF-4C4B-4945-993A-F93BD8FCB55E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6080_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AF9D1B97-7FF8-45D9-BFD6-72554BBB6008",
"versionEndExcluding": "1.0.0.48",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6080:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1CEB5C49-53CF-44AE-9A7D-E7E6201BFE62",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6020, R6080, R6120, R6220, R6260, R6700v2, R6800, R6900v2, R7450, JNR3210, WNR2020, Nighthawk AC2100, and Nighthawk AC2400 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the mini_httpd service, which listens on TCP port 80 by default. When parsing the funjsq_access_token parameter, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-11653."
},
{
"lang": "es",
"value": "Esta vulnerabilidad permite a los atacantes adyacentes a la red ejecutar c\u00f3digo arbitrario en las instalaciones afectadas de los routers NETGEAR R6020, R6080, R6120, R6220, R6260, R6700v2, R6800, R6900v2, R7450, JNR3210, WNR2020, Nighthawk AC2100 y Nighthawk AC2400. Aunque la autenticaci\u00f3n es necesaria para explotar esta vulnerabilidad, el mecanismo de autenticaci\u00f3n existente puede ser evitado. El fallo espec\u00edfico existe en el servicio mini_httpd, que escucha en el puerto TCP 80 por defecto. Al analizar el par\u00e1metro funjsq_access_token, el proceso no valida correctamente una cadena suministrada por el usuario antes de utilizarla para ejecutar una llamada al sistema. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto de root. Era ZDI-CAN-11653"
}
],
"id": "CVE-2020-27867",
"lastModified": "2024-11-21T05:21:57.877",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.7,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:A/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 5.1,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 0.9,
"impactScore": 5.9,
"source": "zdi-disclosures@trendmicro.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-02-12T00:15:12.970",
"references": [
{
"source": "zdi-disclosures@trendmicro.com",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.netgear.com/000062641/Security-Advisory-for-Password-Recovery-Vulnerabilities-on-Some-Routers"
},
{
"source": "zdi-disclosures@trendmicro.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1423/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.netgear.com/000062641/Security-Advisory-for-Password-Recovery-Vulnerabilities-on-Some-Routers"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1423/"
}
],
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "zdi-disclosures@trendmicro.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-12-26 01:15
Modified
2024-11-21 06:32
Severity ?
6.8 (Medium) - CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects AC2100 before 1.2.0.88, AC2400 before 1.2.0.88, AC2600 before 1.2.0.88, R6220 before 1.1.0.110, R6230 before 1.1.0.110, R6260 before 1.1.0.84, R6330 before 1.1.0.84, R6350 before 1.1.0.84, R6700v2 before 1.2.0.88, R6800 before 1.2.0.88, R6850 before 1.1.0.84, R6900v2 before 1.2.0.88, R7200 before 1.2.0.88, R7350 before 1.2.0.88, R7400 before 1.2.0.88, and R7450 before 1.2.0.88.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netgear | ac2100_firmware | * | |
| netgear | ac2100 | - | |
| netgear | ac2400_firmware | * | |
| netgear | ac2400 | - | |
| netgear | ac2600_firmware | * | |
| netgear | ac2600 | - | |
| netgear | r6220_firmware | * | |
| netgear | r6220 | - | |
| netgear | r6230_firmware | * | |
| netgear | r6230 | - | |
| netgear | r6260_firmware | * | |
| netgear | r6260 | - | |
| netgear | r6330_firmware | * | |
| netgear | r6330 | - | |
| netgear | r6350_firmware | * | |
| netgear | r6350 | - | |
| netgear | r6700v2_firmware | * | |
| netgear | r6700v2 | - | |
| netgear | r6800_firmware | * | |
| netgear | r6800 | - | |
| netgear | r6850_firmware | * | |
| netgear | r6850 | - | |
| netgear | r6900v2_firmware | * | |
| netgear | r6900v2 | - | |
| netgear | r7200_firmware | * | |
| netgear | r7200 | - | |
| netgear | r7350_firmware | * | |
| netgear | r7350 | - | |
| netgear | r7400_firmware | * | |
| netgear | r7400 | - | |
| netgear | r7450_firmware | * | |
| netgear | r7450 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:ac2100_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "45F7CAB5-C621-4BE5-A1A0-067D3A6782DE",
"versionEndExcluding": "1.2.0.88",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:ac2100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A80B06A1-81B5-4C33-89F6-EC3F6E3068B5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:ac2400_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EC90E98D-970F-405E-BD0F-87C569F3235E",
"versionEndExcluding": "1.2.0.88",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:ac2400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6B25A18F-DD96-45FE-B098-71E60CB0FFFE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:ac2600_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F716D30E-8A2C-4C99-951A-6AF94F467DBB",
"versionEndExcluding": "1.2.0.88",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:ac2600:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2BFCD9A8-1846-48C4-9F14-3866E983FB74",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6220_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "894177B3-FEFC-450C-AB87-BAE985769719",
"versionEndExcluding": "1.1.0.110",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6220:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B131B5C8-CB7F-433B-BA32-F05CE0E92A66",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6230_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4EB2CDDD-4C4A-48CC-A6E6-03561C928F71",
"versionEndExcluding": "1.1.0.110",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6230:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C91CADFA-59DB-4B6C-A914-848884F4A4BD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6260_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A194A033-7DAD-470E-B07B-050B4761C3C5",
"versionEndExcluding": "1.1.0.84",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6260:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3C395D49-57F9-4BC1-8619-57127355B86B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6330_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C9652293-61FB-40DA-8C34-F347552D4CA6",
"versionEndExcluding": "1.1.0.84",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6330:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D621D26D-B144-424A-A9CB-19488399ACC1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6350_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "38890775-308B-49B6-A3B7-A7EE4C4CB696",
"versionEndExcluding": "1.1.0.84",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6350:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4B302909-29CF-4E53-9CCB-8664D3FCB03A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6700v2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A211653B-5485-41F5-9873-E610FEBB59E8",
"versionEndExcluding": "1.2.0.88",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6700v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C9793286-86D2-43BF-B9B8-823C05BCAE4B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6800_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D3D3DAA9-7067-4BB1-B7C8-46127F427F2C",
"versionEndExcluding": "1.2.0.88",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6800:-:*:*:*:*:*:*:*",
"matchCriteriaId": "09404083-B00B-4C1F-8085-BC242E625CA3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6850_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3F7CC681-B1DB-469F-A62F-EA3E3A00C1F3",
"versionEndExcluding": "1.1.0.84",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6850:-:*:*:*:*:*:*:*",
"matchCriteriaId": "598B48C5-4706-4431-8C5A-DA496DD1052F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6900v2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "13331B0F-038B-4652-A986-A2CE7E5C8144",
"versionEndExcluding": "1.2.0.88",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6900v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A9FC6398-60A5-4003-A294-C96AE6DBCED5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r7200_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E65B4BD2-D7DE-4F0C-998A-29B3A237B81D",
"versionEndExcluding": "1.2.0.88",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r7200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FECB83F9-D417-4FD3-B293-87BC177E3AEB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r7350_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F9A326D3-C31E-4722-A7D5-593371D90538",
"versionEndExcluding": "1.2.0.88",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r7350:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AFD1A65C-F10F-4C52-8B6D-69992E512EB5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r7400_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "413E21F8-0C60-4F94-9FAD-D71C14C1A30E",
"versionEndExcluding": "1.2.0.88",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r7400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1F68AC3B-A31F-4AB0-89E9-BFFDE427AD3B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r7450_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "35E5B11C-0BD8-44AC-8B49-6BA6F3DD9D9D",
"versionEndExcluding": "1.2.0.88",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r7450:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6DA5420D-DD64-4A9C-9B5F-784F0ED2B464",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects AC2100 before 1.2.0.88, AC2400 before 1.2.0.88, AC2600 before 1.2.0.88, R6220 before 1.1.0.110, R6230 before 1.1.0.110, R6260 before 1.1.0.84, R6330 before 1.1.0.84, R6350 before 1.1.0.84, R6700v2 before 1.2.0.88, R6800 before 1.2.0.88, R6850 before 1.1.0.84, R6900v2 before 1.2.0.88, R7200 before 1.2.0.88, R7350 before 1.2.0.88, R7400 before 1.2.0.88, and R7450 before 1.2.0.88."
},
{
"lang": "es",
"value": "Determinados dispositivos NETGEAR est\u00e1n afectados por una configuraci\u00f3n incorrecta de los ajustes de seguridad. Esto afecta a los dispositivos AC2100 versiones anteriores a 1.2.0.88, AC2400 versiones anteriores a 1.2.0.88, AC2600 versiones anteriores a 1.2.0.88, R6220 versiones anteriores a 1.1.0.110, R6230 versiones anteriores a 1.1.0.110, R6260 versiones anteriores a 1.1.0.84, R6330 versiones anteriores a 1.1.0.84, R6350 versiones anteriores a 1.1. 0.84, R6700v2 versiones anteriores a 1.2.0.88, R6800 versiones anteriores a 1.2.0.88, R6850 versiones anteriores a 1.1.0.84, R6900v2 versiones anteriores a 1.2.0.88, R7200 versiones anteriores a 1.2.0.88, R7350 versiones anteriores a 1.2.0.88, R7400 versiones anteriores a 1.2.0.88 y R7450 versiones anteriores a 1.2.0.88"
}
],
"id": "CVE-2021-45644",
"lastModified": "2024-11-21T06:32:45.947",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 5.9,
"source": "cve@mitre.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-12-26T01:15:19.827",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://kb.netgear.com/000064162/Security-Advisory-for-Security-Misconfiguration-on-Some-Routers-PSV-2021-0046"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://kb.netgear.com/000064162/Security-Advisory-for-Security-Misconfiguration-on-Some-Routers-PSV-2021-0046"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-02-04 17:15
Modified
2024-11-21 05:21
Severity ?
Summary
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R7450 1.2.0.62_1.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the mini_httpd service, which listens on TCP port 80 by default. The issue results from improper state tracking in the password recovery process. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-11365.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netgear | ac2100_firmware | * | |
| netgear | ac2100 | - | |
| netgear | ac2400_firmware | * | |
| netgear | ac2400 | - | |
| netgear | ac2600_firmware | * | |
| netgear | ac2600 | - | |
| netgear | r6700_firmware | * | |
| netgear | r6700 | v2 | |
| netgear | r6800_firmware | * | |
| netgear | r6800 | - | |
| netgear | r6900_firmware | * | |
| netgear | r6900 | v2 | |
| netgear | r7200_firmware | * | |
| netgear | r7200 | - | |
| netgear | r7350_firmware | * | |
| netgear | r7350 | - | |
| netgear | r7400_firmware | * | |
| netgear | r7400 | - | |
| netgear | r7450_firmware | * | |
| netgear | r7450 | - | |
| netgear | r6220_firmware | * | |
| netgear | r6220 | - | |
| netgear | r6230_firmware | * | |
| netgear | r6230 | - | |
| netgear | r6260_firmware | * | |
| netgear | r6260 | - | |
| netgear | r6330_firmware | * | |
| netgear | r6330 | - | |
| netgear | r6350_firmware | * | |
| netgear | r6350 | - | |
| netgear | r6850_firmware | * | |
| netgear | r6850 | - | |
| netgear | r6120_firmware | * | |
| netgear | r6120 | - | |
| netgear | r6020_firmware | * | |
| netgear | r6020 | - | |
| netgear | r6080_firmware | * | |
| netgear | r6080 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:ac2100_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8AB0B236-6BC6-4E99-8792-6B01BD591D3A",
"versionEndExcluding": "1.2.0.76",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:ac2100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A80B06A1-81B5-4C33-89F6-EC3F6E3068B5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:ac2400_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2B01C772-D1D4-41F1-A33D-72A6A672502A",
"versionEndExcluding": "1.2.0.76",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:ac2400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6B25A18F-DD96-45FE-B098-71E60CB0FFFE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:ac2600_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BA359610-21DC-41C4-9430-8406B34490EB",
"versionEndExcluding": "1.2.0.76",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:ac2600:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2BFCD9A8-1846-48C4-9F14-3866E983FB74",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6700_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E0FCF958-2F6A-4B79-B307-2FE23B7CE8FC",
"versionEndExcluding": "1.2.0.76",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6700:v2:*:*:*:*:*:*:*",
"matchCriteriaId": "9F9706E6-CA53-43E4-91B0-D52655C86860",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6800_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EA434604-4916-4830-A96B-CEC0C8E5A1A0",
"versionEndExcluding": "1.2.0.76",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6800:-:*:*:*:*:*:*:*",
"matchCriteriaId": "09404083-B00B-4C1F-8085-BC242E625CA3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6900_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9E9457F1-F5E8-43CA-8697-3849E140B0CC",
"versionEndExcluding": "1.2.0.76",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6900:v2:*:*:*:*:*:*:*",
"matchCriteriaId": "2E8EB69B-6619-47B6-A073-D0B840D4EB0B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r7200_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4D95583A-EC79-41FF-9496-DAB19A1A34DB",
"versionEndExcluding": "1.2.0.76",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r7200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FECB83F9-D417-4FD3-B293-87BC177E3AEB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r7350_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "53B1B947-2E36-463C-848F-C5F5C0A5ECAF",
"versionEndExcluding": "1.2.0.76",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r7350:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AFD1A65C-F10F-4C52-8B6D-69992E512EB5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r7400_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2A188F6E-5296-4511-97F2-9328B1E1F6CF",
"versionEndExcluding": "1.2.0.76",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r7400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1F68AC3B-A31F-4AB0-89E9-BFFDE427AD3B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r7450_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "33043216-4563-4195-88D7-93446302ECD1",
"versionEndExcluding": "1.2.0.76",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r7450:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6DA5420D-DD64-4A9C-9B5F-784F0ED2B464",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6220_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E662BF37-5D81-4B9F-898E-F91B09821555",
"versionEndExcluding": "1.1.0.104",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6220:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B131B5C8-CB7F-433B-BA32-F05CE0E92A66",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6230_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7CD4B6F1-E58F-4B96-BF51-729F59FA1C8B",
"versionEndExcluding": "1.1.0.104",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6230:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C91CADFA-59DB-4B6C-A914-848884F4A4BD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6260_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "33824B9B-1224-484A-AFF4-953573F299C6",
"versionEndExcluding": "1.1.0.78",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6260:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3C395D49-57F9-4BC1-8619-57127355B86B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6330_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DBA2E978-FFF7-470D-90BA-4DBDC009B076",
"versionEndExcluding": "1.1.0.78",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6330:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D621D26D-B144-424A-A9CB-19488399ACC1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6350_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B2AE3CE4-23B0-467E-B522-A211048D6AF3",
"versionEndExcluding": "1.1.0.78",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6350:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4B302909-29CF-4E53-9CCB-8664D3FCB03A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6850_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "612DAD20-761D-41D5-A6AB-AA9975847D34",
"versionEndExcluding": "1.1.0.78",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6850:-:*:*:*:*:*:*:*",
"matchCriteriaId": "598B48C5-4706-4431-8C5A-DA496DD1052F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6120_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B373C515-681A-4D80-9BFD-5E2DFD6F2DF0",
"versionEndExcluding": "1.0.0.76",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6120:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D18D2CCD-424F-41D5-919B-E22B9FA68D36",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6020_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6EC58A4B-E061-49ED-BB2D-E0497846DBEE",
"versionEndExcluding": "1.0.0.48",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6020:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5DDA7ABF-4C4B-4945-993A-F93BD8FCB55E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6080_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AF9D1B97-7FF8-45D9-BFD6-72554BBB6008",
"versionEndExcluding": "1.0.0.48",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6080:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1CEB5C49-53CF-44AE-9A7D-E7E6201BFE62",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R7450 1.2.0.62_1.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the mini_httpd service, which listens on TCP port 80 by default. The issue results from improper state tracking in the password recovery process. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-11365."
},
{
"lang": "es",
"value": "Esta vulnerabilidad permite a atacantes adyacentes a la red omitir la autenticaci\u00f3n en las instalaciones afectadas de los enrutadores NETGEAR R7450 versi\u00f3n 1.2.0.62_1.0.1.\u0026#xa0;No es requerida una autenticaci\u00f3n para explotar esta vulnerabilidad.\u0026#xa0;El fallo espec\u00edfico se presenta dentro del servicio mini_httpd, que escucha en el puerto TCP 80 por defecto.\u0026#xa0;El problema resulta de un seguimiento inapropiado del estado en el proceso de recuperaci\u00f3n de la contrase\u00f1a.\u0026#xa0;Un atacante puede aprovechar esto junto con otras vulnerabilidades para ejecutar c\u00f3digo en el contexto root.\u0026#xa0;Fue ZDI-CAN-11365"
}
],
"id": "CVE-2020-27872",
"lastModified": "2024-11-21T05:21:58.533",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.5,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "zdi-disclosures@trendmicro.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-02-04T17:15:13.293",
"references": [
{
"source": "zdi-disclosures@trendmicro.com",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.netgear.com/000062641/Security-Advisory-for-Password-Recovery-Vulnerabilities-on-Some-Routers"
},
{
"source": "zdi-disclosures@trendmicro.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-071/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.netgear.com/000062641/Security-Advisory-for-Password-Recovery-Vulnerabilities-on-Some-Routers"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-071/"
}
],
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-642"
}
],
"source": "zdi-disclosures@trendmicro.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-668"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-10-13 17:15
Modified
2024-11-21 05:08
Severity ?
Summary
This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of NETGEAR R6120, R6080, R6260, R6220, R6020, JNR3210, and WNR2020 routers with firmware 1.0.66. Authentication is not required to exploit this vulnerability. The specific flaw exists within the mini_httpd service, which listens on TCP port 80 by default. The issue results from incorrect string matching logic when accessing protected pages. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-10754.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| zdi-disclosures@trendmicro.com | https://kb.netgear.com/000062304/Security-Advisory-for-Authentication-Bypass-on-Some-Routers-PSV-2020-0258 | Patch, Vendor Advisory | |
| zdi-disclosures@trendmicro.com | https://www.zerodayinitiative.com/advisories/ZDI-20-1176/ | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kb.netgear.com/000062304/Security-Advisory-for-Authentication-Bypass-on-Some-Routers-PSV-2020-0258 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.zerodayinitiative.com/advisories/ZDI-20-1176/ | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netgear | r6020_firmware | * | |
| netgear | r6020 | - | |
| netgear | r6080_firmware | * | |
| netgear | r6080 | - | |
| netgear | r6120_firmware | * | |
| netgear | r6120 | - | |
| netgear | r6220_firmware | * | |
| netgear | r6220 | - | |
| netgear | r6230_firmware | * | |
| netgear | r6230 | - | |
| netgear | r6260_firmware | * | |
| netgear | r6260 | - | |
| netgear | r6330_firmware | * | |
| netgear | r6330 | - | |
| netgear | r6350_firmware | * | |
| netgear | r6350 | - | |
| netgear | r6850_firmware | * | |
| netgear | r6850 | - | |
| netgear | jnr3210_firmware | - | |
| netgear | jnr3210 | - | |
| netgear | wnr2020_firmware | - | |
| netgear | wnr2020 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6020_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D1194304-4B9E-418B-90B5-D8125AB07049",
"versionEndExcluding": "1.0.0.44",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6020:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5DDA7ABF-4C4B-4945-993A-F93BD8FCB55E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6080_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "731CB26A-38C7-4CE0-9F48-0CBC4FE59800",
"versionEndExcluding": "1.0.0.44",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6080:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1CEB5C49-53CF-44AE-9A7D-E7E6201BFE62",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6120_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7F898DC9-9250-47DF-844C-F7308365135B",
"versionEndExcluding": "1.0.0.70",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6120:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D18D2CCD-424F-41D5-919B-E22B9FA68D36",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6220_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "79B24229-6AC2-489D-B542-4DAA7E630180",
"versionEndExcluding": "1.1.0.100",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6220:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B131B5C8-CB7F-433B-BA32-F05CE0E92A66",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6230_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2B5B842D-2275-4968-997B-A70A67CBDBEC",
"versionEndExcluding": "1.1.0.100",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6230:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C91CADFA-59DB-4B6C-A914-848884F4A4BD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6260_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "23D4F7E6-C042-434E-87B8-55DB18B08B0A",
"versionEndExcluding": "1.1.0.76",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6260:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3C395D49-57F9-4BC1-8619-57127355B86B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6330_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6524B85E-23AC-4983-8331-96E12899B773",
"versionEndExcluding": "1.1.0.76",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6330:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D621D26D-B144-424A-A9CB-19488399ACC1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6350_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9F105F6F-ECD3-411D-924E-94BCF036C1EA",
"versionEndExcluding": "1.1.0.76",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6350:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4B302909-29CF-4E53-9CCB-8664D3FCB03A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6850_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3408536D-FC77-48C5-AD15-C5A170D7417C",
"versionEndExcluding": "1.1.0.76",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6850:-:*:*:*:*:*:*:*",
"matchCriteriaId": "598B48C5-4706-4431-8C5A-DA496DD1052F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:jnr3210_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "79F5CFE2-19F3-4A52-93D9-FFC092C774B2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:jnr3210:-:*:*:*:*:*:*:*",
"matchCriteriaId": "64C02F2D-ED67-411A-AB68-F0AD0DB6C0D9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:wnr2020_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F9E56E01-D7C9-4E5A-B6AC-45293C063ABC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:wnr2020:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C2189628-03E7-445A-9EF2-656A85539115",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of NETGEAR R6120, R6080, R6260, R6220, R6020, JNR3210, and WNR2020 routers with firmware 1.0.66. Authentication is not required to exploit this vulnerability. The specific flaw exists within the mini_httpd service, which listens on TCP port 80 by default. The issue results from incorrect string matching logic when accessing protected pages. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-10754."
},
{
"lang": "es",
"value": "Esta vulnerabilidad permite a atacantes adyacentes a la red divulgar informaci\u00f3n confidencial sobre las instalaciones afectadas de los enrutadores NETGEAR R6120, R6080, R6260, R6220, R6020, JNR3210 y WNR2020 con versiones de firmware 1.0.66.\u0026#xa0;No es requerida una autenticaci\u00f3n para explotar esta vulnerabilidad.\u0026#xa0;El fallo espec\u00edfico se presenta dentro del servicio mini_httpd, que escucha en el puerto TCP 80 por defecto.\u0026#xa0;El problema resulta de una l\u00f3gica de coincidencia de cadenas incorrecta cuando se accede a p\u00e1ginas protegidas.\u0026#xa0;Un atacante puede aprovechar esta vulnerabilidad para revelar las credenciales almacenadas, conllevando a un mayor compromiso.\u0026#xa0;Fue ZDI-CAN-10754"
}
],
"id": "CVE-2020-17409",
"lastModified": "2024-11-21T05:08:02.343",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.5,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "zdi-disclosures@trendmicro.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-10-13T17:15:13.777",
"references": [
{
"source": "zdi-disclosures@trendmicro.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://kb.netgear.com/000062304/Security-Advisory-for-Authentication-Bypass-on-Some-Routers-PSV-2020-0258"
},
{
"source": "zdi-disclosures@trendmicro.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1176/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://kb.netgear.com/000062304/Security-Advisory-for-Authentication-Bypass-on-Some-Routers-PSV-2020-0258"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1176/"
}
],
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-288"
}
],
"source": "zdi-disclosures@trendmicro.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-02-12 00:15
Modified
2024-11-21 05:21
Severity ?
Summary
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6020, R6080, R6120, R6220, R6260, R6700v2, R6800, R6900v2, R7450, JNR3210, WNR2020, Nighthawk AC2100, and Nighthawk AC2400 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the mini_httpd service, which listens on TCP port 80 by default. The issue results from incorrect string matching logic when accessing protected pages. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-11355.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netgear | ac2100_firmware | * | |
| netgear | ac2100 | - | |
| netgear | ac2400_firmware | * | |
| netgear | ac2400 | - | |
| netgear | ac2600_firmware | * | |
| netgear | ac2600 | - | |
| netgear | r6700_firmware | * | |
| netgear | r6700 | v2 | |
| netgear | r6800_firmware | * | |
| netgear | r6800 | - | |
| netgear | r6900_firmware | * | |
| netgear | r6900 | v2 | |
| netgear | r7200_firmware | * | |
| netgear | r7200 | - | |
| netgear | r7350_firmware | * | |
| netgear | r7350 | - | |
| netgear | r7400_firmware | * | |
| netgear | r7400 | - | |
| netgear | r7450_firmware | * | |
| netgear | r7450 | - | |
| netgear | r6220_firmware | * | |
| netgear | r6220 | - | |
| netgear | r6230_firmware | * | |
| netgear | r6230 | - | |
| netgear | r6260_firmware | * | |
| netgear | r6260 | - | |
| netgear | r6330_firmware | * | |
| netgear | r6330 | - | |
| netgear | r6350_firmware | * | |
| netgear | r6350 | - | |
| netgear | r6850_firmware | * | |
| netgear | r6850 | - | |
| netgear | r6120_firmware | * | |
| netgear | r6120 | - | |
| netgear | r6020_firmware | * | |
| netgear | r6020 | - | |
| netgear | r6080_firmware | * | |
| netgear | r6080 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:ac2100_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8AB0B236-6BC6-4E99-8792-6B01BD591D3A",
"versionEndExcluding": "1.2.0.76",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:ac2100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A80B06A1-81B5-4C33-89F6-EC3F6E3068B5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:ac2400_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2B01C772-D1D4-41F1-A33D-72A6A672502A",
"versionEndExcluding": "1.2.0.76",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:ac2400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6B25A18F-DD96-45FE-B098-71E60CB0FFFE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:ac2600_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BA359610-21DC-41C4-9430-8406B34490EB",
"versionEndExcluding": "1.2.0.76",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:ac2600:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2BFCD9A8-1846-48C4-9F14-3866E983FB74",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6700_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E0FCF958-2F6A-4B79-B307-2FE23B7CE8FC",
"versionEndExcluding": "1.2.0.76",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6700:v2:*:*:*:*:*:*:*",
"matchCriteriaId": "9F9706E6-CA53-43E4-91B0-D52655C86860",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6800_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EA434604-4916-4830-A96B-CEC0C8E5A1A0",
"versionEndExcluding": "1.2.0.76",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6800:-:*:*:*:*:*:*:*",
"matchCriteriaId": "09404083-B00B-4C1F-8085-BC242E625CA3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6900_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9E9457F1-F5E8-43CA-8697-3849E140B0CC",
"versionEndExcluding": "1.2.0.76",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6900:v2:*:*:*:*:*:*:*",
"matchCriteriaId": "2E8EB69B-6619-47B6-A073-D0B840D4EB0B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r7200_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4D95583A-EC79-41FF-9496-DAB19A1A34DB",
"versionEndExcluding": "1.2.0.76",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r7200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FECB83F9-D417-4FD3-B293-87BC177E3AEB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r7350_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "53B1B947-2E36-463C-848F-C5F5C0A5ECAF",
"versionEndExcluding": "1.2.0.76",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r7350:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AFD1A65C-F10F-4C52-8B6D-69992E512EB5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r7400_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2A188F6E-5296-4511-97F2-9328B1E1F6CF",
"versionEndExcluding": "1.2.0.76",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r7400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1F68AC3B-A31F-4AB0-89E9-BFFDE427AD3B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r7450_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "33043216-4563-4195-88D7-93446302ECD1",
"versionEndExcluding": "1.2.0.76",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r7450:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6DA5420D-DD64-4A9C-9B5F-784F0ED2B464",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6220_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E662BF37-5D81-4B9F-898E-F91B09821555",
"versionEndExcluding": "1.1.0.104",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6220:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B131B5C8-CB7F-433B-BA32-F05CE0E92A66",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6230_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7CD4B6F1-E58F-4B96-BF51-729F59FA1C8B",
"versionEndExcluding": "1.1.0.104",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6230:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C91CADFA-59DB-4B6C-A914-848884F4A4BD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6260_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "33824B9B-1224-484A-AFF4-953573F299C6",
"versionEndExcluding": "1.1.0.78",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6260:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3C395D49-57F9-4BC1-8619-57127355B86B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6330_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DBA2E978-FFF7-470D-90BA-4DBDC009B076",
"versionEndExcluding": "1.1.0.78",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6330:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D621D26D-B144-424A-A9CB-19488399ACC1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6350_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B2AE3CE4-23B0-467E-B522-A211048D6AF3",
"versionEndExcluding": "1.1.0.78",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6350:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4B302909-29CF-4E53-9CCB-8664D3FCB03A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6850_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "612DAD20-761D-41D5-A6AB-AA9975847D34",
"versionEndExcluding": "1.1.0.78",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6850:-:*:*:*:*:*:*:*",
"matchCriteriaId": "598B48C5-4706-4431-8C5A-DA496DD1052F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6120_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B373C515-681A-4D80-9BFD-5E2DFD6F2DF0",
"versionEndExcluding": "1.0.0.76",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6120:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D18D2CCD-424F-41D5-919B-E22B9FA68D36",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6020_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6EC58A4B-E061-49ED-BB2D-E0497846DBEE",
"versionEndExcluding": "1.0.0.48",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6020:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5DDA7ABF-4C4B-4945-993A-F93BD8FCB55E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6080_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AF9D1B97-7FF8-45D9-BFD6-72554BBB6008",
"versionEndExcluding": "1.0.0.48",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6080:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1CEB5C49-53CF-44AE-9A7D-E7E6201BFE62",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6020, R6080, R6120, R6220, R6260, R6700v2, R6800, R6900v2, R7450, JNR3210, WNR2020, Nighthawk AC2100, and Nighthawk AC2400 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the mini_httpd service, which listens on TCP port 80 by default. The issue results from incorrect string matching logic when accessing protected pages. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-11355."
},
{
"lang": "es",
"value": "Esta vulnerabilidad permite a los atacantes adyacentes a la red saltarse la autenticaci\u00f3n en las instalaciones afectadas de los routers NETGEAR R6020, R6080, R6120, R6220, R6260, R6700v2, R6800, R6900v2, R7450, JNR3210, WNR2020, Nighthawk AC2100 y Nighthawk AC2400. No se requiere autenticaci\u00f3n para explotar esta vulnerabilidad. El fallo espec\u00edfico existe en el servicio mini_httpd, que escucha en el puerto TCP 80 por defecto. El problema se debe a una l\u00f3gica incorrecta de coincidencia de cadenas al acceder a p\u00e1ginas protegidas. Un atacante puede aprovechar esto junto con otras vulnerabilidades para ejecutar c\u00f3digo en el contexto de root. Era ZDI-CAN-11355"
}
],
"id": "CVE-2020-27866",
"lastModified": "2024-11-21T05:21:57.740",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 6.5,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "zdi-disclosures@trendmicro.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-02-12T00:15:12.877",
"references": [
{
"source": "zdi-disclosures@trendmicro.com",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.netgear.com/000062641/Security-Advisory-for-Password-Recovery-Vulnerabilities-on-Some-Routers"
},
{
"source": "zdi-disclosures@trendmicro.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1451/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.netgear.com/000062641/Security-Advisory-for-Password-Recovery-Vulnerabilities-on-Some-Routers"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1451/"
}
],
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-288"
}
],
"source": "zdi-disclosures@trendmicro.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2021-38537
Vulnerability from cvelistv5
Published
2021-08-10 23:59
Modified
2024-08-04 01:44
Severity ?
EPSS score ?
Summary
Certain NETGEAR devices are affected by stored XSS. This affects D6200 before 1.1.00.40, D7000 before 1.0.1.78, R6020 before 1.0.0.48, R6080 before 1.0.0.48, R6120 before 1.0.0.66, R6260 before 1.1.0.78, R6700v2 before 1.2.0.76, R6800 before 1.2.0.76, R6900v2 before 1.2.0.76, R6850 before 1.1.0.78, R7200 before 1.2.0.76, R7350 before 1.2.0.76, R7400 before 1.2.0.76, R7450 before 1.2.0.76, AC2100 before 1.2.0.76, AC2400 before 1.2.0.76, AC2600 before 1.2.0.76, and RAX40 before 1.0.3.62.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:44:23.474Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.netgear.com/000063775/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-and-Gateways-PSV-2019-0245"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Certain NETGEAR devices are affected by stored XSS. This affects D6200 before 1.1.00.40, D7000 before 1.0.1.78, R6020 before 1.0.0.48, R6080 before 1.0.0.48, R6120 before 1.0.0.66, R6260 before 1.1.0.78, R6700v2 before 1.2.0.76, R6800 before 1.2.0.76, R6900v2 before 1.2.0.76, R6850 before 1.1.0.78, R7200 before 1.2.0.76, R7350 before 1.2.0.76, R7400 before 1.2.0.76, R7450 before 1.2.0.76, AC2100 before 1.2.0.76, AC2400 before 1.2.0.76, AC2600 before 1.2.0.76, and RAX40 before 1.0.3.62."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AC:L/AV:L/A:N/C:L/I:L/PR:H/S:C/UI:R",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-10T23:59:03",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.netgear.com/000063775/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-and-Gateways-PSV-2019-0245"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-38537",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Certain NETGEAR devices are affected by stored XSS. This affects D6200 before 1.1.00.40, D7000 before 1.0.1.78, R6020 before 1.0.0.48, R6080 before 1.0.0.48, R6120 before 1.0.0.66, R6260 before 1.1.0.78, R6700v2 before 1.2.0.76, R6800 before 1.2.0.76, R6900v2 before 1.2.0.76, R6850 before 1.1.0.78, R7200 before 1.2.0.76, R7350 before 1.2.0.76, R7400 before 1.2.0.76, R7450 before 1.2.0.76, AC2100 before 1.2.0.76, AC2400 before 1.2.0.76, AC2600 before 1.2.0.76, and RAX40 before 1.0.3.62."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AC:L/AV:L/A:N/C:L/I:L/PR:H/S:C/UI:R",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.netgear.com/000063775/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-and-Gateways-PSV-2019-0245",
"refsource": "MISC",
"url": "https://kb.netgear.com/000063775/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-and-Gateways-PSV-2019-0245"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-38537",
"datePublished": "2021-08-10T23:59:03",
"dateReserved": "2021-08-10T00:00:00",
"dateUpdated": "2024-08-04T01:44:23.474Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-27867
Vulnerability from cvelistv5
Published
2021-02-11 23:35
Modified
2024-08-04 16:25
Severity ?
EPSS score ?
Summary
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6020, R6080, R6120, R6220, R6260, R6700v2, R6800, R6900v2, R7450, JNR3210, WNR2020, Nighthawk AC2100, and Nighthawk AC2400 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the mini_httpd service, which listens on TCP port 80 by default. When parsing the funjsq_access_token parameter, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-11653.
References
| ▼ | URL | Tags |
|---|---|---|
| https://kb.netgear.com/000062641/Security-Advisory-for-Password-Recovery-Vulnerabilities-on-Some-Routers | x_refsource_MISC | |
| https://www.zerodayinitiative.com/advisories/ZDI-20-1423/ | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NETGEAR | Multiple Routers |
Version: firmware version 1.2.0.62_1.0.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:25:43.694Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.netgear.com/000062641/Security-Advisory-for-Password-Recovery-Vulnerabilities-on-Some-Routers"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1423/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Multiple Routers",
"vendor": "NETGEAR",
"versions": [
{
"status": "affected",
"version": "firmware version 1.2.0.62_1.0.1"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "1sd3d"
}
],
"descriptions": [
{
"lang": "en",
"value": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6020, R6080, R6120, R6220, R6260, R6700v2, R6800, R6900v2, R7450, JNR3210, WNR2020, Nighthawk AC2100, and Nighthawk AC2400 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the mini_httpd service, which listens on TCP port 80 by default. When parsing the funjsq_access_token parameter, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-11653."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77: Command Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-12T13:57:49",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.netgear.com/000062641/Security-Advisory-for-Password-Recovery-Vulnerabilities-on-Some-Routers"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1423/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID": "CVE-2020-27867",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Multiple Routers",
"version": {
"version_data": [
{
"version_value": "firmware version 1.2.0.62_1.0.1"
}
]
}
}
]
},
"vendor_name": "NETGEAR"
}
]
}
},
"credit": "1sd3d",
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6020, R6080, R6120, R6220, R6260, R6700v2, R6800, R6900v2, R7450, JNR3210, WNR2020, Nighthawk AC2100, and Nighthawk AC2400 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the mini_httpd service, which listens on TCP port 80 by default. When parsing the funjsq_access_token parameter, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-11653."
}
]
},
"impact": {
"cvss": {
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-77: Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.netgear.com/000062641/Security-Advisory-for-Password-Recovery-Vulnerabilities-on-Some-Routers",
"refsource": "MISC",
"url": "https://kb.netgear.com/000062641/Security-Advisory-for-Password-Recovery-Vulnerabilities-on-Some-Routers"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-1423/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1423/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2020-27867",
"datePublished": "2021-02-11T23:35:40",
"dateReserved": "2020-10-27T00:00:00",
"dateUpdated": "2024-08-04T16:25:43.694Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-38536
Vulnerability from cvelistv5
Published
2021-08-10 23:59
Modified
2024-08-04 01:44
Severity ?
EPSS score ?
Summary
Certain NETGEAR devices are affected by stored XSS. This affects D6200 before 1.1.00.40, D7000 before 1.0.1.78, R6020 before 1.0.0.48, R6080 before 1.0.0.48, R6120 before 1.0.0.66, R6260 before 1.1.0.78, R6700v2 before 1.2.0.76, R6800 before 1.2.0.76, R6900v2 before 1.2.0.76, R6850 before 1.1.0.78, R7200 before 1.2.0.76, R7350 before 1.2.0.76, R7400 before 1.2.0.76, R7450 before 1.2.0.76, AC2100 before 1.2.0.76, AC2400 before 1.2.0.76, AC2600 before 1.2.0.76, RAX35 before 1.0.3.62, and RAX40 before 1.0.3.62.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:44:22.933Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.netgear.com/000063774/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-and-Gateways-PSV-2019-0193"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Certain NETGEAR devices are affected by stored XSS. This affects D6200 before 1.1.00.40, D7000 before 1.0.1.78, R6020 before 1.0.0.48, R6080 before 1.0.0.48, R6120 before 1.0.0.66, R6260 before 1.1.0.78, R6700v2 before 1.2.0.76, R6800 before 1.2.0.76, R6900v2 before 1.2.0.76, R6850 before 1.1.0.78, R7200 before 1.2.0.76, R7350 before 1.2.0.76, R7400 before 1.2.0.76, R7450 before 1.2.0.76, AC2100 before 1.2.0.76, AC2400 before 1.2.0.76, AC2600 before 1.2.0.76, RAX35 before 1.0.3.62, and RAX40 before 1.0.3.62."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AC:L/AV:A/A:N/C:L/I:L/PR:H/S:C/UI:R",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-10T23:59:11",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.netgear.com/000063774/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-and-Gateways-PSV-2019-0193"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-38536",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Certain NETGEAR devices are affected by stored XSS. This affects D6200 before 1.1.00.40, D7000 before 1.0.1.78, R6020 before 1.0.0.48, R6080 before 1.0.0.48, R6120 before 1.0.0.66, R6260 before 1.1.0.78, R6700v2 before 1.2.0.76, R6800 before 1.2.0.76, R6900v2 before 1.2.0.76, R6850 before 1.1.0.78, R7200 before 1.2.0.76, R7350 before 1.2.0.76, R7400 before 1.2.0.76, R7450 before 1.2.0.76, AC2100 before 1.2.0.76, AC2400 before 1.2.0.76, AC2600 before 1.2.0.76, RAX35 before 1.0.3.62, and RAX40 before 1.0.3.62."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"availabilityImpact": "NONE",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AC:L/AV:A/A:N/C:L/I:L/PR:H/S:C/UI:R",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.netgear.com/000063774/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-and-Gateways-PSV-2019-0193",
"refsource": "MISC",
"url": "https://kb.netgear.com/000063774/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-and-Gateways-PSV-2019-0193"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-38536",
"datePublished": "2021-08-10T23:59:11",
"dateReserved": "2021-08-10T00:00:00",
"dateUpdated": "2024-08-04T01:44:22.933Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-27873
Vulnerability from cvelistv5
Published
2021-02-04 16:45
Modified
2024-08-04 16:25
Severity ?
EPSS score ?
Summary
This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of NETGEAR R7450 1.2.0.62_1.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SOAP API endpoint, which listens on TCP port 80 by default. The issue results from the lack of proper access control. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-11559.
References
| ▼ | URL | Tags |
|---|---|---|
| https://kb.netgear.com/000062641/Security-Advisory-for-Password-Recovery-Vulnerabilities-on-Some-Routers | x_refsource_MISC | |
| https://www.zerodayinitiative.com/advisories/ZDI-21-072/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:25:43.706Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.netgear.com/000062641/Security-Advisory-for-Password-Recovery-Vulnerabilities-on-Some-Routers"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-072/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "R7450",
"vendor": "NETGEAR",
"versions": [
{
"status": "affected",
"version": "1.2.0.62_1.0.1"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "1sd3d of Viettel Cyber Security"
}
],
"descriptions": [
{
"lang": "en",
"value": "This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of NETGEAR R7450 1.2.0.62_1.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SOAP API endpoint, which listens on TCP port 80 by default. The issue results from the lack of proper access control. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-11559."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284: Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-04T16:45:18",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.netgear.com/000062641/Security-Advisory-for-Password-Recovery-Vulnerabilities-on-Some-Routers"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-072/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID": "CVE-2020-27873",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "R7450",
"version": {
"version_data": [
{
"version_value": "1.2.0.62_1.0.1"
}
]
}
}
]
},
"vendor_name": "NETGEAR"
}
]
}
},
"credit": "1sd3d of Viettel Cyber Security",
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of NETGEAR R7450 1.2.0.62_1.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SOAP API endpoint, which listens on TCP port 80 by default. The issue results from the lack of proper access control. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-11559."
}
]
},
"impact": {
"cvss": {
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284: Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.netgear.com/000062641/Security-Advisory-for-Password-Recovery-Vulnerabilities-on-Some-Routers",
"refsource": "MISC",
"url": "https://kb.netgear.com/000062641/Security-Advisory-for-Password-Recovery-Vulnerabilities-on-Some-Routers"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-072/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-072/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2020-27873",
"datePublished": "2021-02-04T16:45:18",
"dateReserved": "2020-10-27T00:00:00",
"dateUpdated": "2024-08-04T16:25:43.706Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-29068
Vulnerability from cvelistv5
Published
2021-03-23 06:57
Modified
2024-08-03 21:55
Severity ?
EPSS score ?
Summary
Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. This affects R6700v3 before 1.0.4.98, R6400v2 before 1.0.4.98, R7000 before 1.0.11.106, R6900P before 1.3.2.124, R7000P before 1.3.2.124, R7900 before 1.0.4.26, R7850 before 1.0.5.60, R8000 before 1.0.4.58, RS400 before 1.5.0.48, R6400 before 1.0.1.62, R6700 before 1.0.2.16, R6900 before 1.0.2.16, MK60 before 1.0.5.102, MR60 before 1.0.5.102, MS60 before 1.0.5.102, CBR40 before 2.5.0.10, R8000P before 1.4.1.62, R7960P before 1.4.1.62, R7900P before 1.4.1.62, RAX15 before 1.0.1.64, RAX20 before 1.0.1.64, RAX75 before 1.0.3.102, RAX80 before 1.0.3.102, RAX200 before 1.0.2.102, RAX45 before 1.0.2.64, RAX50 before 1.0.2.64, EX7500 before 1.0.0.68, EAX80 before 1.0.1.62, EAX20 before 1.0.0.36, RBK752 before 3.2.16.6, RBK753 before 3.2.16.6, RBK753S before 3.2.16.6, RBK754 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBK853 before 3.2.16.6, RBK854 before 3.2.16.6, RBR850 before 3.2.16.6, RBS850 before 3.2.16.6, RBR840 before 3.2.16.6, RBS840 before 3.2.16.6, R6120 before 1.0.0.70, R6220 before 1.1.0.100, R6230 before 1.1.0.100, R6260 before 1.1.0.76, R6850 before 1.1.0.76, R6350 before 1.1.0.76, R6330 before 1.1.0.76, D7800 before 1.0.1.58, RBK50 before 2.6.1.40, RBR50 before 2.6.1.40, RBS50 before 2.6.1.40, RBK40 before 2.6.1.36, RBR40 before 2.6.1.36, RBS40 before 2.6.1.38, RBK23 before 2.6.1.36, RBR20 before 2.6.1.38, RBS20 before 2.6.1.38, RBK12 before 2.6.1.44, RBK13 before 2.6.1.44, RBK14 before 2.6.1.44, RBK15 before 2.6.1.44, RBR10 before 2.6.1.44, RBS10 before 2.6.1.44, R6800 before 1.2.0.72, R6900v2 before 1.2.0.72, R6700v2 before 1.2.0.72, R7200 before 1.2.0.72, R7350 before 1.2.0.72, R7400 before 1.2.0.72, R7450 before 1.2.0.72, AC2100 before 1.2.0.72, AC2400 before 1.2.0.72, AC2600 before 1.2.0.72, R7800 before 1.0.2.74, R8900 before 1.0.5.24, R9000 before 1.0.5.24, RAX120 before 1.0.1.136, XR450 before 2.3.2.66, XR500 before 2.3.2.66, XR700 before 1.0.1.34, and XR300 before 1.0.3.50.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:55:12.644Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.netgear.com/000063021/Security-Advisory-for-Post-Authentication-Buffer-Overflow-on-Some-Routers-Extenders-and-WiFi-Systems-PSV-2020-0155"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. This affects R6700v3 before 1.0.4.98, R6400v2 before 1.0.4.98, R7000 before 1.0.11.106, R6900P before 1.3.2.124, R7000P before 1.3.2.124, R7900 before 1.0.4.26, R7850 before 1.0.5.60, R8000 before 1.0.4.58, RS400 before 1.5.0.48, R6400 before 1.0.1.62, R6700 before 1.0.2.16, R6900 before 1.0.2.16, MK60 before 1.0.5.102, MR60 before 1.0.5.102, MS60 before 1.0.5.102, CBR40 before 2.5.0.10, R8000P before 1.4.1.62, R7960P before 1.4.1.62, R7900P before 1.4.1.62, RAX15 before 1.0.1.64, RAX20 before 1.0.1.64, RAX75 before 1.0.3.102, RAX80 before 1.0.3.102, RAX200 before 1.0.2.102, RAX45 before 1.0.2.64, RAX50 before 1.0.2.64, EX7500 before 1.0.0.68, EAX80 before 1.0.1.62, EAX20 before 1.0.0.36, RBK752 before 3.2.16.6, RBK753 before 3.2.16.6, RBK753S before 3.2.16.6, RBK754 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBK853 before 3.2.16.6, RBK854 before 3.2.16.6, RBR850 before 3.2.16.6, RBS850 before 3.2.16.6, RBR840 before 3.2.16.6, RBS840 before 3.2.16.6, R6120 before 1.0.0.70, R6220 before 1.1.0.100, R6230 before 1.1.0.100, R6260 before 1.1.0.76, R6850 before 1.1.0.76, R6350 before 1.1.0.76, R6330 before 1.1.0.76, D7800 before 1.0.1.58, RBK50 before 2.6.1.40, RBR50 before 2.6.1.40, RBS50 before 2.6.1.40, RBK40 before 2.6.1.36, RBR40 before 2.6.1.36, RBS40 before 2.6.1.38, RBK23 before 2.6.1.36, RBR20 before 2.6.1.38, RBS20 before 2.6.1.38, RBK12 before 2.6.1.44, RBK13 before 2.6.1.44, RBK14 before 2.6.1.44, RBK15 before 2.6.1.44, RBR10 before 2.6.1.44, RBS10 before 2.6.1.44, R6800 before 1.2.0.72, R6900v2 before 1.2.0.72, R6700v2 before 1.2.0.72, R7200 before 1.2.0.72, R7350 before 1.2.0.72, R7400 before 1.2.0.72, R7450 before 1.2.0.72, AC2100 before 1.2.0.72, AC2400 before 1.2.0.72, AC2600 before 1.2.0.72, R7800 before 1.0.2.74, R8900 before 1.0.5.24, R9000 before 1.0.5.24, RAX120 before 1.0.1.136, XR450 before 2.3.2.66, XR500 before 2.3.2.66, XR700 before 1.0.1.34, and XR300 before 1.0.3.50."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:N/A:H/C:H/I:H/PR:L/S:C/UI:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-23T07:04:52",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.netgear.com/000063021/Security-Advisory-for-Post-Authentication-Buffer-Overflow-on-Some-Routers-Extenders-and-WiFi-Systems-PSV-2020-0155"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-29068",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. This affects R6700v3 before 1.0.4.98, R6400v2 before 1.0.4.98, R7000 before 1.0.11.106, R6900P before 1.3.2.124, R7000P before 1.3.2.124, R7900 before 1.0.4.26, R7850 before 1.0.5.60, R8000 before 1.0.4.58, RS400 before 1.5.0.48, R6400 before 1.0.1.62, R6700 before 1.0.2.16, R6900 before 1.0.2.16, MK60 before 1.0.5.102, MR60 before 1.0.5.102, MS60 before 1.0.5.102, CBR40 before 2.5.0.10, R8000P before 1.4.1.62, R7960P before 1.4.1.62, R7900P before 1.4.1.62, RAX15 before 1.0.1.64, RAX20 before 1.0.1.64, RAX75 before 1.0.3.102, RAX80 before 1.0.3.102, RAX200 before 1.0.2.102, RAX45 before 1.0.2.64, RAX50 before 1.0.2.64, EX7500 before 1.0.0.68, EAX80 before 1.0.1.62, EAX20 before 1.0.0.36, RBK752 before 3.2.16.6, RBK753 before 3.2.16.6, RBK753S before 3.2.16.6, RBK754 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBK853 before 3.2.16.6, RBK854 before 3.2.16.6, RBR850 before 3.2.16.6, RBS850 before 3.2.16.6, RBR840 before 3.2.16.6, RBS840 before 3.2.16.6, R6120 before 1.0.0.70, R6220 before 1.1.0.100, R6230 before 1.1.0.100, R6260 before 1.1.0.76, R6850 before 1.1.0.76, R6350 before 1.1.0.76, R6330 before 1.1.0.76, D7800 before 1.0.1.58, RBK50 before 2.6.1.40, RBR50 before 2.6.1.40, RBS50 before 2.6.1.40, RBK40 before 2.6.1.36, RBR40 before 2.6.1.36, RBS40 before 2.6.1.38, RBK23 before 2.6.1.36, RBR20 before 2.6.1.38, RBS20 before 2.6.1.38, RBK12 before 2.6.1.44, RBK13 before 2.6.1.44, RBK14 before 2.6.1.44, RBK15 before 2.6.1.44, RBR10 before 2.6.1.44, RBS10 before 2.6.1.44, R6800 before 1.2.0.72, R6900v2 before 1.2.0.72, R6700v2 before 1.2.0.72, R7200 before 1.2.0.72, R7350 before 1.2.0.72, R7400 before 1.2.0.72, R7450 before 1.2.0.72, AC2100 before 1.2.0.72, AC2400 before 1.2.0.72, AC2600 before 1.2.0.72, R7800 before 1.0.2.74, R8900 before 1.0.5.24, R9000 before 1.0.5.24, RAX120 before 1.0.1.136, XR450 before 2.3.2.66, XR500 before 2.3.2.66, XR700 before 1.0.1.34, and XR300 before 1.0.3.50."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:N/A:H/C:H/I:H/PR:L/S:C/UI:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.netgear.com/000063021/Security-Advisory-for-Post-Authentication-Buffer-Overflow-on-Some-Routers-Extenders-and-WiFi-Systems-PSV-2020-0155",
"refsource": "MISC",
"url": "https://kb.netgear.com/000063021/Security-Advisory-for-Post-Authentication-Buffer-Overflow-on-Some-Routers-Extenders-and-WiFi-Systems-PSV-2020-0155"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-29068",
"datePublished": "2021-03-23T06:57:00",
"dateReserved": "2021-03-23T00:00:00",
"dateUpdated": "2024-08-03T21:55:12.644Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-45672
Vulnerability from cvelistv5
Published
2021-12-26 00:24
Modified
2024-08-04 04:47
Severity ?
EPSS score ?
Summary
Certain NETGEAR devices are affected by Stored XSS. This affects D6200 before 1.1.00.40, D7000 before 1.0.1.78, R6020 before 1.0.0.48, R6080 before 1.0.0.48, R6120 before 1.0.0.76, R6220 before 1.1.0.110, R6230 before 1.1.0.110, R6260 before 1.1.0.78, R6800 before 1.2.0.76, R6900v2 before 1.2.0.76, R6700v2 before 1.2.0.76, R6850 before 1.1.0.78, R7200 before 1.2.0.76, R7350 before 1.2.0.76, R7400 before 1.2.0.76, R7450 before 1.2.0.76, AC2100 before 1.2.0.76, AC2400 before 1.2.0.76, AC2600 before 1.2.0.76, and RAX40 before 1.0.3.62.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:47:02.449Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.netgear.com/000064075/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-PSV-2019-0244"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Certain NETGEAR devices are affected by Stored XSS. This affects D6200 before 1.1.00.40, D7000 before 1.0.1.78, R6020 before 1.0.0.48, R6080 before 1.0.0.48, R6120 before 1.0.0.76, R6220 before 1.1.0.110, R6230 before 1.1.0.110, R6260 before 1.1.0.78, R6800 before 1.2.0.76, R6900v2 before 1.2.0.76, R6700v2 before 1.2.0.76, R6850 before 1.1.0.78, R7200 before 1.2.0.76, R7350 before 1.2.0.76, R7400 before 1.2.0.76, R7450 before 1.2.0.76, AC2100 before 1.2.0.76, AC2400 before 1.2.0.76, AC2600 before 1.2.0.76, and RAX40 before 1.0.3.62."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AC:L/AV:L/A:N/C:L/I:L/PR:H/S:C/UI:R",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-26T00:24:54",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.netgear.com/000064075/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-PSV-2019-0244"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-45672",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Certain NETGEAR devices are affected by Stored XSS. This affects D6200 before 1.1.00.40, D7000 before 1.0.1.78, R6020 before 1.0.0.48, R6080 before 1.0.0.48, R6120 before 1.0.0.76, R6220 before 1.1.0.110, R6230 before 1.1.0.110, R6260 before 1.1.0.78, R6800 before 1.2.0.76, R6900v2 before 1.2.0.76, R6700v2 before 1.2.0.76, R6850 before 1.1.0.78, R7200 before 1.2.0.76, R7350 before 1.2.0.76, R7400 before 1.2.0.76, R7450 before 1.2.0.76, AC2100 before 1.2.0.76, AC2400 before 1.2.0.76, AC2600 before 1.2.0.76, and RAX40 before 1.0.3.62."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AC:L/AV:L/A:N/C:L/I:L/PR:H/S:C/UI:R",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.netgear.com/000064075/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-PSV-2019-0244",
"refsource": "MISC",
"url": "https://kb.netgear.com/000064075/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-PSV-2019-0244"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-45672",
"datePublished": "2021-12-26T00:24:54",
"dateReserved": "2021-12-25T00:00:00",
"dateUpdated": "2024-08-04T04:47:02.449Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-45675
Vulnerability from cvelistv5
Published
2021-12-26 00:24
Modified
2024-08-04 04:47
Severity ?
EPSS score ?
Summary
Certain NETGEAR devices are affected by stored XSS. This affects R6120 before 1.0.0.76, R6260 before 1.1.0.78, R6850 before 1.1.0.78, R6350 before 1.1.0.78, R6330 before 1.1.0.78, R6800 before 1.2.0.76, R6700v2 before 1.2.0.76, R6900v2 before 1.2.0.76, R7200 before 1.2.0.76, R7350 before 1.2.0.76, R7400 before 1.2.0.76, R7450 before 1.2.0.76, AC2100 before 1.2.0.76, AC2400 before 1.2.0.76, and AC2600 before 1.2.0.76.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:47:01.691Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.netgear.com/000064116/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-PSV-2020-0128"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Certain NETGEAR devices are affected by stored XSS. This affects R6120 before 1.0.0.76, R6260 before 1.1.0.78, R6850 before 1.1.0.78, R6350 before 1.1.0.78, R6330 before 1.1.0.78, R6800 before 1.2.0.76, R6700v2 before 1.2.0.76, R6900v2 before 1.2.0.76, R7200 before 1.2.0.76, R7350 before 1.2.0.76, R7400 before 1.2.0.76, R7450 before 1.2.0.76, AC2100 before 1.2.0.76, AC2400 before 1.2.0.76, and AC2600 before 1.2.0.76."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AC:H/AV:L/A:N/C:H/I:L/PR:H/S:C/UI:R",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-26T00:24:03",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.netgear.com/000064116/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-PSV-2020-0128"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-45675",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Certain NETGEAR devices are affected by stored XSS. This affects R6120 before 1.0.0.76, R6260 before 1.1.0.78, R6850 before 1.1.0.78, R6350 before 1.1.0.78, R6330 before 1.1.0.78, R6800 before 1.2.0.76, R6700v2 before 1.2.0.76, R6900v2 before 1.2.0.76, R7200 before 1.2.0.76, R7350 before 1.2.0.76, R7400 before 1.2.0.76, R7450 before 1.2.0.76, AC2100 before 1.2.0.76, AC2400 before 1.2.0.76, and AC2600 before 1.2.0.76."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AC:H/AV:L/A:N/C:H/I:L/PR:H/S:C/UI:R",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.netgear.com/000064116/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-PSV-2020-0128",
"refsource": "MISC",
"url": "https://kb.netgear.com/000064116/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-PSV-2020-0128"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-45675",
"datePublished": "2021-12-26T00:24:03",
"dateReserved": "2021-12-25T00:00:00",
"dateUpdated": "2024-08-04T04:47:01.691Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-38535
Vulnerability from cvelistv5
Published
2021-08-10 23:59
Modified
2024-08-04 01:44
Severity ?
EPSS score ?
Summary
Certain NETGEAR devices are affected by stored XSS. This affects D6200 before 1.1.00.40, D7000 before 1.0.1.78, R6020 before 1.0.0.48, R6080 before 1.0.0.48, R6120 before 1.0.0.76, R6260 before 1.1.0.78, R6700v2 before 1.2.0.76, R6800 before 1.2.0.76, R6900v2 before 1.2.0.76, R6850 before 1.1.0.78, R7200 before 1.2.0.76, R7350 before 1.2.0.76, R7400 before 1.2.0.76, R7450 before 1.2.0.76, AC2100 before 1.2.0.76, AC2400 before 1.2.0.76, AC2600 before 1.2.0.76, RAX35 before 1.0.3.62, and RAX40 before 1.0.3.62.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:44:23.440Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.netgear.com/000063773/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-and-Gateways-PSV-2019-0192"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Certain NETGEAR devices are affected by stored XSS. This affects D6200 before 1.1.00.40, D7000 before 1.0.1.78, R6020 before 1.0.0.48, R6080 before 1.0.0.48, R6120 before 1.0.0.76, R6260 before 1.1.0.78, R6700v2 before 1.2.0.76, R6800 before 1.2.0.76, R6900v2 before 1.2.0.76, R6850 before 1.1.0.78, R7200 before 1.2.0.76, R7350 before 1.2.0.76, R7400 before 1.2.0.76, R7450 before 1.2.0.76, AC2100 before 1.2.0.76, AC2400 before 1.2.0.76, AC2600 before 1.2.0.76, RAX35 before 1.0.3.62, and RAX40 before 1.0.3.62."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AC:L/AV:A/A:N/C:L/I:L/PR:H/S:C/UI:R",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-10T23:59:23",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.netgear.com/000063773/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-and-Gateways-PSV-2019-0192"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-38535",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Certain NETGEAR devices are affected by stored XSS. This affects D6200 before 1.1.00.40, D7000 before 1.0.1.78, R6020 before 1.0.0.48, R6080 before 1.0.0.48, R6120 before 1.0.0.76, R6260 before 1.1.0.78, R6700v2 before 1.2.0.76, R6800 before 1.2.0.76, R6900v2 before 1.2.0.76, R6850 before 1.1.0.78, R7200 before 1.2.0.76, R7350 before 1.2.0.76, R7400 before 1.2.0.76, R7450 before 1.2.0.76, AC2100 before 1.2.0.76, AC2400 before 1.2.0.76, AC2600 before 1.2.0.76, RAX35 before 1.0.3.62, and RAX40 before 1.0.3.62."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"availabilityImpact": "NONE",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AC:L/AV:A/A:N/C:L/I:L/PR:H/S:C/UI:R",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.netgear.com/000063773/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-and-Gateways-PSV-2019-0192",
"refsource": "MISC",
"url": "https://kb.netgear.com/000063773/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-and-Gateways-PSV-2019-0192"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-38535",
"datePublished": "2021-08-10T23:59:23",
"dateReserved": "2021-08-10T00:00:00",
"dateUpdated": "2024-08-04T01:44:23.440Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-17409
Vulnerability from cvelistv5
Published
2020-10-13 17:10
Modified
2024-08-04 13:53
Severity ?
EPSS score ?
Summary
This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of NETGEAR R6120, R6080, R6260, R6220, R6020, JNR3210, and WNR2020 routers with firmware 1.0.66. Authentication is not required to exploit this vulnerability. The specific flaw exists within the mini_httpd service, which listens on TCP port 80 by default. The issue results from incorrect string matching logic when accessing protected pages. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-10754.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-20-1176/ | x_refsource_MISC | |
| https://kb.netgear.com/000062304/Security-Advisory-for-Authentication-Bypass-on-Some-Routers-PSV-2020-0258 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NETGEAR | Multiple Routers |
Version: 1.0.66 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:53:17.042Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1176/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.netgear.com/000062304/Security-Advisory-for-Authentication-Bypass-on-Some-Routers-PSV-2020-0258"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Multiple Routers",
"vendor": "NETGEAR",
"versions": [
{
"status": "affected",
"version": "1.0.66"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Anonymous"
}
],
"descriptions": [
{
"lang": "en",
"value": "This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of NETGEAR R6120, R6080, R6260, R6220, R6020, JNR3210, and WNR2020 routers with firmware 1.0.66. Authentication is not required to exploit this vulnerability. The specific flaw exists within the mini_httpd service, which listens on TCP port 80 by default. The issue results from incorrect string matching logic when accessing protected pages. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-10754."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "CWE-288: Authentication Bypass Using an Alternate Path or Channel",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-13T17:10:43",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1176/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.netgear.com/000062304/Security-Advisory-for-Authentication-Bypass-on-Some-Routers-PSV-2020-0258"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID": "CVE-2020-17409",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Multiple Routers",
"version": {
"version_data": [
{
"version_value": "1.0.66"
}
]
}
}
]
},
"vendor_name": "NETGEAR"
}
]
}
},
"credit": "Anonymous",
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of NETGEAR R6120, R6080, R6260, R6220, R6020, JNR3210, and WNR2020 routers with firmware 1.0.66. Authentication is not required to exploit this vulnerability. The specific flaw exists within the mini_httpd service, which listens on TCP port 80 by default. The issue results from incorrect string matching logic when accessing protected pages. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-10754."
}
]
},
"impact": {
"cvss": {
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-288: Authentication Bypass Using an Alternate Path or Channel"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-1176/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1176/"
},
{
"name": "https://kb.netgear.com/000062304/Security-Advisory-for-Authentication-Bypass-on-Some-Routers-PSV-2020-0258",
"refsource": "MISC",
"url": "https://kb.netgear.com/000062304/Security-Advisory-for-Authentication-Bypass-on-Some-Routers-PSV-2020-0258"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2020-17409",
"datePublished": "2020-10-13T17:10:43",
"dateReserved": "2020-08-07T00:00:00",
"dateUpdated": "2024-08-04T13:53:17.042Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-45534
Vulnerability from cvelistv5
Published
2021-12-26 00:55
Modified
2024-08-04 04:39
Severity ?
EPSS score ?
Summary
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects AC2100 before 1.2.0.88, AC2400 before 1.2.0.88, AC2600 before 1.2.0.88, D7000 before 1.0.1.82, R6220 before 1.1.0.110, R6230 before 1.1.0.110, R6260 before 1.1.0.84, R6330 before 1.1.0.84, R6350 before 1.1.0.84, R6700v2 before 1.2.0.88, R6800 before 1.2.0.88, R6850 before 1.1.0.84, R6900v2 before 1.2.0.88, R7200 before 1.2.0.88, R7350 before 1.2.0.88, R7400 before 1.2.0.88, and R7450 before 1.2.0.88.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:39:21.583Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.netgear.com/000064406/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Routers-and-DSL-Modem-Routers-PSV-2021-0172"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://immersivelabs.com/resources/blog/netgear-vulnerabilities-could-put-small-business-routers-at-risk/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Certain NETGEAR devices are affected by command injection by an authenticated user. This affects AC2100 before 1.2.0.88, AC2400 before 1.2.0.88, AC2600 before 1.2.0.88, D7000 before 1.0.1.82, R6220 before 1.1.0.110, R6230 before 1.1.0.110, R6260 before 1.1.0.84, R6330 before 1.1.0.84, R6350 before 1.1.0.84, R6700v2 before 1.2.0.88, R6800 before 1.2.0.88, R6850 before 1.1.0.84, R6900v2 before 1.2.0.88, R7200 before 1.2.0.88, R7350 before 1.2.0.88, R7400 before 1.2.0.88, and R7450 before 1.2.0.88."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:L/A:H/C:H/I:H/PR:L/S:U/UI:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-26T00:55:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.netgear.com/000064406/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Routers-and-DSL-Modem-Routers-PSV-2021-0172"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://immersivelabs.com/resources/blog/netgear-vulnerabilities-could-put-small-business-routers-at-risk/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-45534",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Certain NETGEAR devices are affected by command injection by an authenticated user. This affects AC2100 before 1.2.0.88, AC2400 before 1.2.0.88, AC2600 before 1.2.0.88, D7000 before 1.0.1.82, R6220 before 1.1.0.110, R6230 before 1.1.0.110, R6260 before 1.1.0.84, R6330 before 1.1.0.84, R6350 before 1.1.0.84, R6700v2 before 1.2.0.88, R6800 before 1.2.0.88, R6850 before 1.1.0.84, R6900v2 before 1.2.0.88, R7200 before 1.2.0.88, R7350 before 1.2.0.88, R7400 before 1.2.0.88, and R7450 before 1.2.0.88."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:L/A:H/C:H/I:H/PR:L/S:U/UI:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.netgear.com/000064406/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Routers-and-DSL-Modem-Routers-PSV-2021-0172",
"refsource": "MISC",
"url": "https://kb.netgear.com/000064406/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Routers-and-DSL-Modem-Routers-PSV-2021-0172"
},
{
"name": "https://immersivelabs.com/resources/blog/netgear-vulnerabilities-could-put-small-business-routers-at-risk/",
"refsource": "MISC",
"url": "https://immersivelabs.com/resources/blog/netgear-vulnerabilities-could-put-small-business-routers-at-risk/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-45534",
"datePublished": "2021-12-26T00:55:01",
"dateReserved": "2021-12-25T00:00:00",
"dateUpdated": "2024-08-04T04:39:21.583Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-35800
Vulnerability from cvelistv5
Published
2020-12-29 23:29
Modified
2024-08-04 17:09
Severity ?
EPSS score ?
Summary
Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects AC2100 before 1.2.0.72, AC2400 before 1.2.0.72, AC2600 before 1.2.0.72, CBK40 before 2.5.0.10, CBR40 before 2.5.0.10, D6000 before 1.0.0.80, D6220 before 1.0.0.60, D6400 before 1.0.0.94, D7000v2 before 1.0.0.62, D7800 before 1.0.3.48, D8500 before 1.0.3.50, DC112A before 1.0.0.48, DGN2200v4 before 1.0.0.114, DM200 before 1.0.0.66, EAX20 before 1.0.0.36, EAX80 before 1.0.1.62, EX2700 before 1.0.1.58, EX3110 before 1.0.1.68, EX3700 before 1.0.0.84, EX3800 before 1.0.0.84, EX3920 before 1.0.0.84, EX6000 before 1.0.0.44, EX6100v2 before 1.0.1.94, EX6110 before 1.0.1.68, EX6120 before 1.0.0.54, EX6130 before 1.0.0.36, EX6150v1 before 1.0.0.46, EX6150v2 before 1.0.1.94, EX6200v1 before 1.0.3.94, EX6250 before 1.0.0.128, EX6400 before 1.0.2.152, EX6400v2 before 1.0.0.128, EX6410 before 1.0.0.128, EX6920 before 1.0.0.54, EX7000 before 1.0.1.90, EX7300 before 1.0.2.152, EX7300v2 before 1.0.0.128, EX7320 before 1.0.0.128, EX7500 before 1.0.0.68, EX7700 before 1.0.0.210, EX8000 before 1.0.1.224, MK62 before 1.0.5.102, MR60 before 1.0.5.102, MS60 before 1.0.5.102, R6120 before 1.0.0.70, R6220 before 1.1.0.100, R6230 before 1.1.0.100, R6250 before 1.0.4.42, R6260 before 1.1.0.76, R6300v2 before 1.0.4.42, R6330 before 1.1.0.76, R6350 before 1.1.0.76, R6400v1 before 1.0.1.62, R6400v2 before 1.0.4.98, R6700v1 before 1.0.2.16, R6700v2 before 1.2.0.72, R6700v3 before 1.0.4.98, R6800 before 1.2.0.72, R6800 before 1.2.0.72, R6850 before 1.1.0.76, R6900 before 1.0.2.16, R6900P before 1.3.2.124, R6900v2 before 1.2.0.72, R7000 before 1.0.11.106, R7000P before 1.3.2.124, R7100LG before 1.0.0.56, R7200 before 1.2.0.72, R7350 before 1.2.0.72, R7400 before 1.2.0.72, R7450 before 1.2.0.72, R7500v2 before 1.0.3.48, R7800 before 1.0.2.74, R7850 before 1.0.5.60, R7900 before 1.0.4.26, R7900P before 1.4.1.62, R7960P before 1.4.1.62, R8000 before 1.0.4.58, R8000P before 1.4.1.62, R8300 before 1.0.2.134, R8500 before 1.0.2.134, R8900 before 1.0.5.24, R9000 before 1.0.5.24, RAX120 before 1.0.1.136, RAX15 before 1.0.1.64, RAX20 before 1.0.1.64, RAX200 before 1.0.5.24, RAX35 before 1.0.3.80, RAX40 before 1.0.3.80, RAX45 before 1.0.2.64, RAX50 before 1.0.2.64, RAX75 before 1.0.3.102, RAX80 before 1.0.3.102, RBK12 before 2.6.1.44, RBR10 before 2.6.1.44, RBS10 before 2.6.1.44, RBK20 before 2.6.1.38, RBR20 before 2.6.1.36, RBS20 before 2.6.1.38, RBK40 before 2.6.1.38, RBR40 before 2.6.1.38, RBS40 before 2.6.1.38, RBK50 before 2.6.1.40, RBR50 before 2.6.1.40, RBS50 before 2.6.1.40, RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK842 before 3.2.16.6, RBR840 before 3.2.16.6, RBS840 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, RBS850 before 3.2.16.6, RBS40V before 2.5.1.6, RBS40V-200 before 1.0.0.46, RBS50Y before 2.6.1.40, RBW30 before 2.5.0.4, RS400 before 1.5.0.48, WN2500RPv2 before 1.0.1.56, WN3000RPv3 before 1.0.2.86, WN3500RPv1 before 1.0.0.28, WNDR3400v3 before 1.0.1.32, WNR1000v3 before 1.0.2.78, WNR2000v2 before 1.2.0.12, XR300 before 1.0.3.50, XR450 before 2.3.2.66, XR500 before 2.3.2.66, and XR700 before 1.0.1.34.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:09:15.177Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.netgear.com/000062733/Security-Advisory-for-Security-Misconfiguration-on-Some-Routers-Range-Extenders-and-Orbi-WiFi-Systems-PSV-2020-0112"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects AC2100 before 1.2.0.72, AC2400 before 1.2.0.72, AC2600 before 1.2.0.72, CBK40 before 2.5.0.10, CBR40 before 2.5.0.10, D6000 before 1.0.0.80, D6220 before 1.0.0.60, D6400 before 1.0.0.94, D7000v2 before 1.0.0.62, D7800 before 1.0.3.48, D8500 before 1.0.3.50, DC112A before 1.0.0.48, DGN2200v4 before 1.0.0.114, DM200 before 1.0.0.66, EAX20 before 1.0.0.36, EAX80 before 1.0.1.62, EX2700 before 1.0.1.58, EX3110 before 1.0.1.68, EX3700 before 1.0.0.84, EX3800 before 1.0.0.84, EX3920 before 1.0.0.84, EX6000 before 1.0.0.44, EX6100v2 before 1.0.1.94, EX6110 before 1.0.1.68, EX6120 before 1.0.0.54, EX6130 before 1.0.0.36, EX6150v1 before 1.0.0.46, EX6150v2 before 1.0.1.94, EX6200v1 before 1.0.3.94, EX6250 before 1.0.0.128, EX6400 before 1.0.2.152, EX6400v2 before 1.0.0.128, EX6410 before 1.0.0.128, EX6920 before 1.0.0.54, EX7000 before 1.0.1.90, EX7300 before 1.0.2.152, EX7300v2 before 1.0.0.128, EX7320 before 1.0.0.128, EX7500 before 1.0.0.68, EX7700 before 1.0.0.210, EX8000 before 1.0.1.224, MK62 before 1.0.5.102, MR60 before 1.0.5.102, MS60 before 1.0.5.102, R6120 before 1.0.0.70, R6220 before 1.1.0.100, R6230 before 1.1.0.100, R6250 before 1.0.4.42, R6260 before 1.1.0.76, R6300v2 before 1.0.4.42, R6330 before 1.1.0.76, R6350 before 1.1.0.76, R6400v1 before 1.0.1.62, R6400v2 before 1.0.4.98, R6700v1 before 1.0.2.16, R6700v2 before 1.2.0.72, R6700v3 before 1.0.4.98, R6800 before 1.2.0.72, R6800 before 1.2.0.72, R6850 before 1.1.0.76, R6900 before 1.0.2.16, R6900P before 1.3.2.124, R6900v2 before 1.2.0.72, R7000 before 1.0.11.106, R7000P before 1.3.2.124, R7100LG before 1.0.0.56, R7200 before 1.2.0.72, R7350 before 1.2.0.72, R7400 before 1.2.0.72, R7450 before 1.2.0.72, R7500v2 before 1.0.3.48, R7800 before 1.0.2.74, R7850 before 1.0.5.60, R7900 before 1.0.4.26, R7900P before 1.4.1.62, R7960P before 1.4.1.62, R8000 before 1.0.4.58, R8000P before 1.4.1.62, R8300 before 1.0.2.134, R8500 before 1.0.2.134, R8900 before 1.0.5.24, R9000 before 1.0.5.24, RAX120 before 1.0.1.136, RAX15 before 1.0.1.64, RAX20 before 1.0.1.64, RAX200 before 1.0.5.24, RAX35 before 1.0.3.80, RAX40 before 1.0.3.80, RAX45 before 1.0.2.64, RAX50 before 1.0.2.64, RAX75 before 1.0.3.102, RAX80 before 1.0.3.102, RBK12 before 2.6.1.44, RBR10 before 2.6.1.44, RBS10 before 2.6.1.44, RBK20 before 2.6.1.38, RBR20 before 2.6.1.36, RBS20 before 2.6.1.38, RBK40 before 2.6.1.38, RBR40 before 2.6.1.38, RBS40 before 2.6.1.38, RBK50 before 2.6.1.40, RBR50 before 2.6.1.40, RBS50 before 2.6.1.40, RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK842 before 3.2.16.6, RBR840 before 3.2.16.6, RBS840 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, RBS850 before 3.2.16.6, RBS40V before 2.5.1.6, RBS40V-200 before 1.0.0.46, RBS50Y before 2.6.1.40, RBW30 before 2.5.0.4, RS400 before 1.5.0.48, WN2500RPv2 before 1.0.1.56, WN3000RPv3 before 1.0.2.86, WN3500RPv1 before 1.0.0.28, WNDR3400v3 before 1.0.1.32, WNR1000v3 before 1.0.2.78, WNR2000v2 before 1.2.0.12, XR300 before 1.0.3.50, XR450 before 2.3.2.66, XR500 before 2.3.2.66, and XR700 before 1.0.1.34."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:N/A:L/C:H/I:H/PR:N/S:U/UI:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-29T23:29:39",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.netgear.com/000062733/Security-Advisory-for-Security-Misconfiguration-on-Some-Routers-Range-Extenders-and-Orbi-WiFi-Systems-PSV-2020-0112"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-35800",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects AC2100 before 1.2.0.72, AC2400 before 1.2.0.72, AC2600 before 1.2.0.72, CBK40 before 2.5.0.10, CBR40 before 2.5.0.10, D6000 before 1.0.0.80, D6220 before 1.0.0.60, D6400 before 1.0.0.94, D7000v2 before 1.0.0.62, D7800 before 1.0.3.48, D8500 before 1.0.3.50, DC112A before 1.0.0.48, DGN2200v4 before 1.0.0.114, DM200 before 1.0.0.66, EAX20 before 1.0.0.36, EAX80 before 1.0.1.62, EX2700 before 1.0.1.58, EX3110 before 1.0.1.68, EX3700 before 1.0.0.84, EX3800 before 1.0.0.84, EX3920 before 1.0.0.84, EX6000 before 1.0.0.44, EX6100v2 before 1.0.1.94, EX6110 before 1.0.1.68, EX6120 before 1.0.0.54, EX6130 before 1.0.0.36, EX6150v1 before 1.0.0.46, EX6150v2 before 1.0.1.94, EX6200v1 before 1.0.3.94, EX6250 before 1.0.0.128, EX6400 before 1.0.2.152, EX6400v2 before 1.0.0.128, EX6410 before 1.0.0.128, EX6920 before 1.0.0.54, EX7000 before 1.0.1.90, EX7300 before 1.0.2.152, EX7300v2 before 1.0.0.128, EX7320 before 1.0.0.128, EX7500 before 1.0.0.68, EX7700 before 1.0.0.210, EX8000 before 1.0.1.224, MK62 before 1.0.5.102, MR60 before 1.0.5.102, MS60 before 1.0.5.102, R6120 before 1.0.0.70, R6220 before 1.1.0.100, R6230 before 1.1.0.100, R6250 before 1.0.4.42, R6260 before 1.1.0.76, R6300v2 before 1.0.4.42, R6330 before 1.1.0.76, R6350 before 1.1.0.76, R6400v1 before 1.0.1.62, R6400v2 before 1.0.4.98, R6700v1 before 1.0.2.16, R6700v2 before 1.2.0.72, R6700v3 before 1.0.4.98, R6800 before 1.2.0.72, R6800 before 1.2.0.72, R6850 before 1.1.0.76, R6900 before 1.0.2.16, R6900P before 1.3.2.124, R6900v2 before 1.2.0.72, R7000 before 1.0.11.106, R7000P before 1.3.2.124, R7100LG before 1.0.0.56, R7200 before 1.2.0.72, R7350 before 1.2.0.72, R7400 before 1.2.0.72, R7450 before 1.2.0.72, R7500v2 before 1.0.3.48, R7800 before 1.0.2.74, R7850 before 1.0.5.60, R7900 before 1.0.4.26, R7900P before 1.4.1.62, R7960P before 1.4.1.62, R8000 before 1.0.4.58, R8000P before 1.4.1.62, R8300 before 1.0.2.134, R8500 before 1.0.2.134, R8900 before 1.0.5.24, R9000 before 1.0.5.24, RAX120 before 1.0.1.136, RAX15 before 1.0.1.64, RAX20 before 1.0.1.64, RAX200 before 1.0.5.24, RAX35 before 1.0.3.80, RAX40 before 1.0.3.80, RAX45 before 1.0.2.64, RAX50 before 1.0.2.64, RAX75 before 1.0.3.102, RAX80 before 1.0.3.102, RBK12 before 2.6.1.44, RBR10 before 2.6.1.44, RBS10 before 2.6.1.44, RBK20 before 2.6.1.38, RBR20 before 2.6.1.36, RBS20 before 2.6.1.38, RBK40 before 2.6.1.38, RBR40 before 2.6.1.38, RBS40 before 2.6.1.38, RBK50 before 2.6.1.40, RBR50 before 2.6.1.40, RBS50 before 2.6.1.40, RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK842 before 3.2.16.6, RBR840 before 3.2.16.6, RBS840 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, RBS850 before 3.2.16.6, RBS40V before 2.5.1.6, RBS40V-200 before 1.0.0.46, RBS50Y before 2.6.1.40, RBW30 before 2.5.0.4, RS400 before 1.5.0.48, WN2500RPv2 before 1.0.1.56, WN3000RPv3 before 1.0.2.86, WN3500RPv1 before 1.0.0.28, WNDR3400v3 before 1.0.1.32, WNR1000v3 before 1.0.2.78, WNR2000v2 before 1.2.0.12, XR300 before 1.0.3.50, XR450 before 2.3.2.66, XR500 before 2.3.2.66, and XR700 before 1.0.1.34."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:N/A:L/C:H/I:H/PR:N/S:U/UI:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.netgear.com/000062733/Security-Advisory-for-Security-Misconfiguration-on-Some-Routers-Range-Extenders-and-Orbi-WiFi-Systems-PSV-2020-0112",
"refsource": "MISC",
"url": "https://kb.netgear.com/000062733/Security-Advisory-for-Security-Misconfiguration-on-Some-Routers-Range-Extenders-and-Orbi-WiFi-Systems-PSV-2020-0112"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-35800",
"datePublished": "2020-12-29T23:29:39",
"dateReserved": "2020-12-29T00:00:00",
"dateUpdated": "2024-08-04T17:09:15.177Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-27872
Vulnerability from cvelistv5
Published
2021-02-04 16:45
Modified
2024-08-04 16:25
Severity ?
EPSS score ?
Summary
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R7450 1.2.0.62_1.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the mini_httpd service, which listens on TCP port 80 by default. The issue results from improper state tracking in the password recovery process. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-11365.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-21-071/ | x_refsource_MISC | |
| https://kb.netgear.com/000062641/Security-Advisory-for-Password-Recovery-Vulnerabilities-on-Some-Routers | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:25:43.683Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-071/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.netgear.com/000062641/Security-Advisory-for-Password-Recovery-Vulnerabilities-on-Some-Routers"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "R7450",
"vendor": "NETGEAR",
"versions": [
{
"status": "affected",
"version": "1.2.0.62_1.0.1"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "1sd3d of Viettel Cyber Security"
}
],
"descriptions": [
{
"lang": "en",
"value": "This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R7450 1.2.0.62_1.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the mini_httpd service, which listens on TCP port 80 by default. The issue results from improper state tracking in the password recovery process. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-11365."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-642",
"description": "CWE-642: External Control of Critical State Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-04T16:45:17",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-071/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.netgear.com/000062641/Security-Advisory-for-Password-Recovery-Vulnerabilities-on-Some-Routers"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID": "CVE-2020-27872",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "R7450",
"version": {
"version_data": [
{
"version_value": "1.2.0.62_1.0.1"
}
]
}
}
]
},
"vendor_name": "NETGEAR"
}
]
}
},
"credit": "1sd3d of Viettel Cyber Security",
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R7450 1.2.0.62_1.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the mini_httpd service, which listens on TCP port 80 by default. The issue results from improper state tracking in the password recovery process. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-11365."
}
]
},
"impact": {
"cvss": {
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-642: External Control of Critical State Data"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-071/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-071/"
},
{
"name": "https://kb.netgear.com/000062641/Security-Advisory-for-Password-Recovery-Vulnerabilities-on-Some-Routers",
"refsource": "MISC",
"url": "https://kb.netgear.com/000062641/Security-Advisory-for-Password-Recovery-Vulnerabilities-on-Some-Routers"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2020-27872",
"datePublished": "2021-02-04T16:45:17",
"dateReserved": "2020-10-27T00:00:00",
"dateUpdated": "2024-08-04T16:25:43.683Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-27866
Vulnerability from cvelistv5
Published
2021-02-11 23:35
Modified
2024-08-04 16:25
Severity ?
EPSS score ?
Summary
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6020, R6080, R6120, R6220, R6260, R6700v2, R6800, R6900v2, R7450, JNR3210, WNR2020, Nighthawk AC2100, and Nighthawk AC2400 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the mini_httpd service, which listens on TCP port 80 by default. The issue results from incorrect string matching logic when accessing protected pages. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-11355.
References
| ▼ | URL | Tags |
|---|---|---|
| https://kb.netgear.com/000062641/Security-Advisory-for-Password-Recovery-Vulnerabilities-on-Some-Routers | x_refsource_MISC | |
| https://www.zerodayinitiative.com/advisories/ZDI-20-1451/ | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NETGEAR | Multiple Routers |
Version: firmware version 1.2.0.62_1.0.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:25:43.625Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.netgear.com/000062641/Security-Advisory-for-Password-Recovery-Vulnerabilities-on-Some-Routers"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1451/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Multiple Routers",
"vendor": "NETGEAR",
"versions": [
{
"status": "affected",
"version": "firmware version 1.2.0.62_1.0.1"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "1sd3d of Viettel Cyber Security"
}
],
"descriptions": [
{
"lang": "en",
"value": "This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6020, R6080, R6120, R6220, R6260, R6700v2, R6800, R6900v2, R7450, JNR3210, WNR2020, Nighthawk AC2100, and Nighthawk AC2400 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the mini_httpd service, which listens on TCP port 80 by default. The issue results from incorrect string matching logic when accessing protected pages. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-11355."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "CWE-288: Authentication Bypass Using an Alternate Path or Channel",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-12T13:57:34",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.netgear.com/000062641/Security-Advisory-for-Password-Recovery-Vulnerabilities-on-Some-Routers"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1451/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID": "CVE-2020-27866",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Multiple Routers",
"version": {
"version_data": [
{
"version_value": "firmware version 1.2.0.62_1.0.1"
}
]
}
}
]
},
"vendor_name": "NETGEAR"
}
]
}
},
"credit": "1sd3d of Viettel Cyber Security",
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6020, R6080, R6120, R6220, R6260, R6700v2, R6800, R6900v2, R7450, JNR3210, WNR2020, Nighthawk AC2100, and Nighthawk AC2400 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the mini_httpd service, which listens on TCP port 80 by default. The issue results from incorrect string matching logic when accessing protected pages. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-11355."
}
]
},
"impact": {
"cvss": {
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-288: Authentication Bypass Using an Alternate Path or Channel"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.netgear.com/000062641/Security-Advisory-for-Password-Recovery-Vulnerabilities-on-Some-Routers",
"refsource": "MISC",
"url": "https://kb.netgear.com/000062641/Security-Advisory-for-Password-Recovery-Vulnerabilities-on-Some-Routers"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-1451/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1451/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2020-27866",
"datePublished": "2021-02-11T23:35:39",
"dateReserved": "2020-10-27T00:00:00",
"dateUpdated": "2024-08-04T16:25:43.625Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-38516
Vulnerability from cvelistv5
Published
2021-08-11 00:03
Modified
2024-08-04 01:44
Severity ?
EPSS score ?
Summary
Certain NETGEAR devices are affected by lack of access control at the function level. This affects D6220 before 1.0.0.48, D6400 before 1.0.0.82, D7000v2 before 1.0.0.52, D7800 before 1.0.1.44, D8500 before 1.0.3.43, DC112A before 1.0.0.40, DGN2200v4 before 1.0.0.108, RBK50 before 2.3.0.32, RBR50 before 2.3.0.32, RBS50 before 2.3.0.32, RBK20 before 2.3.0.28, RBR20 before 2.3.0.28, RBS20 before 2.3.0.28, RBK40 before 2.3.0.28, RBR40 before 2.3.0.28, RBS40 before 2.3.0.28, R6020 before 1.0.0.34, R6080 before 1.0.0.34, R6120 before 1.0.0.44, R6220 before 1.1.0.80, R6230 before 1.1.0.80, R6250 before 1.0.4.34, R6260 before 1.1.0.40, R6850 before 1.1.0.40, R6350 before 1.1.0.40, R6400v2 before 1.0.2.62, R6700v3 before 1.0.2.62, R6700v2 before 1.2.0.36, R6800 before 1.2.0.36, R6900v2 before 1.2.0.36, R7000 before 1.0.9.34, R6900P before 1.3.1.44, R7000P before 1.3.1.44, R7100LG before 1.0.0.48, R7200 before 1.2.0.48, R7350 before 1.2.0.48, R7400 before 1.2.0.48, R7450 before 1.2.0.36, AC2100 before 1.2.0.36, AC2400 before 1.2.0.36, AC2600 before 1.2.0.36, R7500v2 before 1.0.3.38, R7800 before 1.0.2.58, R7900 before 1.0.3.8, R7960P before 1.4.1.44, R8000 before 1.0.4.28, R7900P before 1.4.1.30, R8000P before 1.4.1.30, R8900 before 1.0.4.2, R9000 before 1.0.4.2, RAX120 before 1.0.0.74, RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, RBS850 before 3.2.16.6, WNR3500Lv2 before 1.2.0.56, XR450 before 2.3.2.32, and XR500 before 2.3.2.32.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:44:23.403Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.netgear.com/000063780/Security-Advisory-for-Missing-Function-Level-Access-Control-on-Some-Routers-Gateways-and-WiFi-Systems-PSV-2020-0273"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Certain NETGEAR devices are affected by lack of access control at the function level. This affects D6220 before 1.0.0.48, D6400 before 1.0.0.82, D7000v2 before 1.0.0.52, D7800 before 1.0.1.44, D8500 before 1.0.3.43, DC112A before 1.0.0.40, DGN2200v4 before 1.0.0.108, RBK50 before 2.3.0.32, RBR50 before 2.3.0.32, RBS50 before 2.3.0.32, RBK20 before 2.3.0.28, RBR20 before 2.3.0.28, RBS20 before 2.3.0.28, RBK40 before 2.3.0.28, RBR40 before 2.3.0.28, RBS40 before 2.3.0.28, R6020 before 1.0.0.34, R6080 before 1.0.0.34, R6120 before 1.0.0.44, R6220 before 1.1.0.80, R6230 before 1.1.0.80, R6250 before 1.0.4.34, R6260 before 1.1.0.40, R6850 before 1.1.0.40, R6350 before 1.1.0.40, R6400v2 before 1.0.2.62, R6700v3 before 1.0.2.62, R6700v2 before 1.2.0.36, R6800 before 1.2.0.36, R6900v2 before 1.2.0.36, R7000 before 1.0.9.34, R6900P before 1.3.1.44, R7000P before 1.3.1.44, R7100LG before 1.0.0.48, R7200 before 1.2.0.48, R7350 before 1.2.0.48, R7400 before 1.2.0.48, R7450 before 1.2.0.36, AC2100 before 1.2.0.36, AC2400 before 1.2.0.36, AC2600 before 1.2.0.36, R7500v2 before 1.0.3.38, R7800 before 1.0.2.58, R7900 before 1.0.3.8, R7960P before 1.4.1.44, R8000 before 1.0.4.28, R7900P before 1.4.1.30, R8000P before 1.4.1.30, R8900 before 1.0.4.2, R9000 before 1.0.4.2, RAX120 before 1.0.0.74, RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, RBS850 before 3.2.16.6, WNR3500Lv2 before 1.2.0.56, XR450 before 2.3.2.32, and XR500 before 2.3.2.32."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:N/A:H/C:H/I:H/PR:N/S:C/UI:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-11T00:03:18",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.netgear.com/000063780/Security-Advisory-for-Missing-Function-Level-Access-Control-on-Some-Routers-Gateways-and-WiFi-Systems-PSV-2020-0273"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-38516",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Certain NETGEAR devices are affected by lack of access control at the function level. This affects D6220 before 1.0.0.48, D6400 before 1.0.0.82, D7000v2 before 1.0.0.52, D7800 before 1.0.1.44, D8500 before 1.0.3.43, DC112A before 1.0.0.40, DGN2200v4 before 1.0.0.108, RBK50 before 2.3.0.32, RBR50 before 2.3.0.32, RBS50 before 2.3.0.32, RBK20 before 2.3.0.28, RBR20 before 2.3.0.28, RBS20 before 2.3.0.28, RBK40 before 2.3.0.28, RBR40 before 2.3.0.28, RBS40 before 2.3.0.28, R6020 before 1.0.0.34, R6080 before 1.0.0.34, R6120 before 1.0.0.44, R6220 before 1.1.0.80, R6230 before 1.1.0.80, R6250 before 1.0.4.34, R6260 before 1.1.0.40, R6850 before 1.1.0.40, R6350 before 1.1.0.40, R6400v2 before 1.0.2.62, R6700v3 before 1.0.2.62, R6700v2 before 1.2.0.36, R6800 before 1.2.0.36, R6900v2 before 1.2.0.36, R7000 before 1.0.9.34, R6900P before 1.3.1.44, R7000P before 1.3.1.44, R7100LG before 1.0.0.48, R7200 before 1.2.0.48, R7350 before 1.2.0.48, R7400 before 1.2.0.48, R7450 before 1.2.0.36, AC2100 before 1.2.0.36, AC2400 before 1.2.0.36, AC2600 before 1.2.0.36, R7500v2 before 1.0.3.38, R7800 before 1.0.2.58, R7900 before 1.0.3.8, R7960P before 1.4.1.44, R8000 before 1.0.4.28, R7900P before 1.4.1.30, R8000P before 1.4.1.30, R8900 before 1.0.4.2, R9000 before 1.0.4.2, RAX120 before 1.0.0.74, RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, RBS850 before 3.2.16.6, WNR3500Lv2 before 1.2.0.56, XR450 before 2.3.2.32, and XR500 before 2.3.2.32."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:N/A:H/C:H/I:H/PR:N/S:C/UI:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.netgear.com/000063780/Security-Advisory-for-Missing-Function-Level-Access-Control-on-Some-Routers-Gateways-and-WiFi-Systems-PSV-2020-0273",
"refsource": "MISC",
"url": "https://kb.netgear.com/000063780/Security-Advisory-for-Missing-Function-Level-Access-Control-on-Some-Routers-Gateways-and-WiFi-Systems-PSV-2020-0273"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-38516",
"datePublished": "2021-08-11T00:03:18",
"dateReserved": "2021-08-10T00:00:00",
"dateUpdated": "2024-08-04T01:44:23.403Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-13245
Vulnerability from cvelistv5
Published
2020-05-28 18:06
Modified
2024-08-04 12:11
Severity ?
EPSS score ?
Summary
Certain NETGEAR devices are affected by Missing SSL Certificate Validation. This affects R7000 1.0.9.6_1.2.19 through 1.0.11.100_10.2.10, and possibly R6120, R7800, R6220, R8000, R6350, R9000, R6400, RAX120, R6400v2, RBR20, R6800, XR300, R6850, XR500, and R7000P.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.netgear.com/about/security/ | x_refsource_MISC | |
| https://iot-lab-fh-ooe.github.io/netgear_update_vulnerability/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:11:19.449Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.netgear.com/about/security/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://iot-lab-fh-ooe.github.io/netgear_update_vulnerability/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Certain NETGEAR devices are affected by Missing SSL Certificate Validation. This affects R7000 1.0.9.6_1.2.19 through 1.0.11.100_10.2.10, and possibly R6120, R7800, R6220, R8000, R6350, R9000, R6400, RAX120, R6400v2, RBR20, R6800, XR300, R6850, XR500, and R7000P."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-28T18:06:42",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.netgear.com/about/security/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://iot-lab-fh-ooe.github.io/netgear_update_vulnerability/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-13245",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Certain NETGEAR devices are affected by Missing SSL Certificate Validation. This affects R7000 1.0.9.6_1.2.19 through 1.0.11.100_10.2.10, and possibly R6120, R7800, R6220, R8000, R6350, R9000, R6400, RAX120, R6400v2, RBR20, R6800, XR300, R6850, XR500, and R7000P."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.netgear.com/about/security/",
"refsource": "MISC",
"url": "https://www.netgear.com/about/security/"
},
{
"name": "https://iot-lab-fh-ooe.github.io/netgear_update_vulnerability/",
"refsource": "MISC",
"url": "https://iot-lab-fh-ooe.github.io/netgear_update_vulnerability/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-13245",
"datePublished": "2020-05-28T18:06:42",
"dateReserved": "2020-05-20T00:00:00",
"dateUpdated": "2024-08-04T12:11:19.449Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-45644
Vulnerability from cvelistv5
Published
2021-12-26 00:30
Modified
2024-08-04 04:47
Severity ?
EPSS score ?
Summary
Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects AC2100 before 1.2.0.88, AC2400 before 1.2.0.88, AC2600 before 1.2.0.88, R6220 before 1.1.0.110, R6230 before 1.1.0.110, R6260 before 1.1.0.84, R6330 before 1.1.0.84, R6350 before 1.1.0.84, R6700v2 before 1.2.0.88, R6800 before 1.2.0.88, R6850 before 1.1.0.84, R6900v2 before 1.2.0.88, R7200 before 1.2.0.88, R7350 before 1.2.0.88, R7400 before 1.2.0.88, and R7450 before 1.2.0.88.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:47:01.674Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.netgear.com/000064162/Security-Advisory-for-Security-Misconfiguration-on-Some-Routers-PSV-2021-0046"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects AC2100 before 1.2.0.88, AC2400 before 1.2.0.88, AC2600 before 1.2.0.88, R6220 before 1.1.0.110, R6230 before 1.1.0.110, R6260 before 1.1.0.84, R6330 before 1.1.0.84, R6350 before 1.1.0.84, R6700v2 before 1.2.0.88, R6800 before 1.2.0.88, R6850 before 1.1.0.84, R6900v2 before 1.2.0.88, R7200 before 1.2.0.88, R7350 before 1.2.0.88, R7400 before 1.2.0.88, and R7450 before 1.2.0.88."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:A/A:H/C:H/I:H/PR:H/S:U/UI:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-26T00:30:18",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.netgear.com/000064162/Security-Advisory-for-Security-Misconfiguration-on-Some-Routers-PSV-2021-0046"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-45644",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects AC2100 before 1.2.0.88, AC2400 before 1.2.0.88, AC2600 before 1.2.0.88, R6220 before 1.1.0.110, R6230 before 1.1.0.110, R6260 before 1.1.0.84, R6330 before 1.1.0.84, R6350 before 1.1.0.84, R6700v2 before 1.2.0.88, R6800 before 1.2.0.88, R6850 before 1.1.0.84, R6900v2 before 1.2.0.88, R7200 before 1.2.0.88, R7350 before 1.2.0.88, R7400 before 1.2.0.88, and R7450 before 1.2.0.88."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"availabilityImpact": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:A/A:H/C:H/I:H/PR:H/S:U/UI:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.netgear.com/000064162/Security-Advisory-for-Security-Misconfiguration-on-Some-Routers-PSV-2021-0046",
"refsource": "MISC",
"url": "https://kb.netgear.com/000064162/Security-Advisory-for-Security-Misconfiguration-on-Some-Routers-PSV-2021-0046"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-45644",
"datePublished": "2021-12-26T00:30:18",
"dateReserved": "2021-12-25T00:00:00",
"dateUpdated": "2024-08-04T04:47:01.674Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-34865
Vulnerability from cvelistv5
Published
2022-01-25 15:30
Modified
2024-08-04 00:26
Severity ?
EPSS score ?
Summary
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of multiple NETGEAR routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the mini_httpd service, which listens on TCP port 80 by default. The issue results from incorrect string matching logic when accessing protected pages. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. Was ZDI-CAN-13313.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NETGEAR | Multiple Routers |
Version: 1.2.0.76_1.0.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:26:54.213Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1051/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.netgear.com/000063955/Security-Advisory-for-Authentication-Bypass-Vulnerability-on-Some-Routers-PSV-2021-0083?article=000063955"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Multiple Routers",
"vendor": "NETGEAR",
"versions": [
{
"status": "affected",
"version": "1.2.0.76_1.0.1"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "1sd3d of VCS"
}
],
"descriptions": [
{
"lang": "en",
"value": "This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of multiple NETGEAR routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the mini_httpd service, which listens on TCP port 80 by default. The issue results from incorrect string matching logic when accessing protected pages. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. Was ZDI-CAN-13313."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287: Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-25T15:30:34",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1051/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.netgear.com/000063955/Security-Advisory-for-Authentication-Bypass-Vulnerability-on-Some-Routers-PSV-2021-0083?article=000063955"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID": "CVE-2021-34865",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Multiple Routers",
"version": {
"version_data": [
{
"version_value": "1.2.0.76_1.0.1"
}
]
}
}
]
},
"vendor_name": "NETGEAR"
}
]
}
},
"credit": "1sd3d of VCS",
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of multiple NETGEAR routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the mini_httpd service, which listens on TCP port 80 by default. The issue results from incorrect string matching logic when accessing protected pages. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. Was ZDI-CAN-13313."
}
]
},
"impact": {
"cvss": {
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-287: Improper Authentication"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-1051/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1051/"
},
{
"name": "https://kb.netgear.com/000063955/Security-Advisory-for-Authentication-Bypass-Vulnerability-on-Some-Routers-PSV-2021-0083?article=000063955",
"refsource": "MISC",
"url": "https://kb.netgear.com/000063955/Security-Advisory-for-Authentication-Bypass-Vulnerability-on-Some-Routers-PSV-2021-0083?article=000063955"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2021-34865",
"datePublished": "2022-01-25T15:30:34",
"dateReserved": "2021-06-17T00:00:00",
"dateUpdated": "2024-08-04T00:26:54.213Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-35795
Vulnerability from cvelistv5
Published
2020-12-29 23:29
Modified
2024-08-04 17:09
Severity ?
EPSS score ?
Summary
Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects AC2100 before 1.2.0.72, AC2400 before 1.2.0.72, AC2600 before 1.2.0.72, CBK40 before 2.5.0.10, CBR40 before 2.5.0.10, D7800 before 1.0.1.58, EAX20 before 1.0.0.36, EAX80 before 1.0.1.62, EX7500 before 1.0.0.68, MK62 before 1.0.5.102, MR60 before 1.0.5.102, MS60 before 1.0.5.102, R6120 before 1.0.0.70, R6220 before 1.1.0.100, R6230 before 1.1.0.100, R6260 before 1.1.0.76, R6330 before 1.1.0.76, R6350 before 1.1.0.76, R6400 before 1.0.1.62, R6400v2 before 1.0.4.98, R6700 before 1.0.2.16, R6700v2 before 1.2.0.72, R6700v3 before 1.0.4.98, R6800 before 1.2.0.72, R6850 before 1.1.0.76, R6900P before 1.3.2.124, R6900 before 1.0.2.16, R6900v2 before 1.2.0.72, R7000 before 1.0.11.106, R7000P before 1.3.2.124, R7200 before 1.2.0.72, R7350 before 1.2.0.72, R7400 before 1.2.0.72, R7450 before 1.2.0.72, R7800 before 1.0.2.74, R7850 before 1.0.5.60, R7900 before 1.0.4.26, R7900P before 1.4.1.62, R7960P before 1.4.1.62, R8000 before 1.0.4.58, R8000P before 1.4.1.62, R8900 before 1.0.5.24, R9000 before 1.0.5.24, RAX120 before 1.0.1.136, RAX15 before 1.0.1.64, RAX20 before 1.0.1.64, RAX200 before 1.0.2.102, RAX45 before 1.0.2.64, RAX50 before 1.0.2.64, RAX75 before 1.0.3.102, RAX80 before 1.0.3.102, RBK12 before 2.6.1.44, RBR10 before 2.6.1.44, RBS10 before 2.6.1.44, RBK20 before 2.6.1.38, RBR20 before 2.6.1.36, RBS20 before 2.6.1.38, RBK40 before 2.6.1.38, RBR40 before 2.6.1.36, RBS40 before 2.6.1.38, RBK50 before 2.6.1.40, RBR50 before 2.6.1.40, RBS50 before 2.6.1.40, RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK842 before 3.2.16.6, RBR840 before 3.2.16.6, RBS840 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, RBS850 before 3.2.16.6, RS400 before 1.5.0.48, XR300 before 1.0.3.50, XR450 before 2.3.2.66, XR500 before 2.3.2.66, and XR700 before 1.0.1.34.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:09:15.223Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.netgear.com/000062735/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Routers-Range-Extenders-and-Orbi-WiFi-Systems-PSV-2020-0154"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects AC2100 before 1.2.0.72, AC2400 before 1.2.0.72, AC2600 before 1.2.0.72, CBK40 before 2.5.0.10, CBR40 before 2.5.0.10, D7800 before 1.0.1.58, EAX20 before 1.0.0.36, EAX80 before 1.0.1.62, EX7500 before 1.0.0.68, MK62 before 1.0.5.102, MR60 before 1.0.5.102, MS60 before 1.0.5.102, R6120 before 1.0.0.70, R6220 before 1.1.0.100, R6230 before 1.1.0.100, R6260 before 1.1.0.76, R6330 before 1.1.0.76, R6350 before 1.1.0.76, R6400 before 1.0.1.62, R6400v2 before 1.0.4.98, R6700 before 1.0.2.16, R6700v2 before 1.2.0.72, R6700v3 before 1.0.4.98, R6800 before 1.2.0.72, R6850 before 1.1.0.76, R6900P before 1.3.2.124, R6900 before 1.0.2.16, R6900v2 before 1.2.0.72, R7000 before 1.0.11.106, R7000P before 1.3.2.124, R7200 before 1.2.0.72, R7350 before 1.2.0.72, R7400 before 1.2.0.72, R7450 before 1.2.0.72, R7800 before 1.0.2.74, R7850 before 1.0.5.60, R7900 before 1.0.4.26, R7900P before 1.4.1.62, R7960P before 1.4.1.62, R8000 before 1.0.4.58, R8000P before 1.4.1.62, R8900 before 1.0.5.24, R9000 before 1.0.5.24, RAX120 before 1.0.1.136, RAX15 before 1.0.1.64, RAX20 before 1.0.1.64, RAX200 before 1.0.2.102, RAX45 before 1.0.2.64, RAX50 before 1.0.2.64, RAX75 before 1.0.3.102, RAX80 before 1.0.3.102, RBK12 before 2.6.1.44, RBR10 before 2.6.1.44, RBS10 before 2.6.1.44, RBK20 before 2.6.1.38, RBR20 before 2.6.1.36, RBS20 before 2.6.1.38, RBK40 before 2.6.1.38, RBR40 before 2.6.1.36, RBS40 before 2.6.1.38, RBK50 before 2.6.1.40, RBR50 before 2.6.1.40, RBS50 before 2.6.1.40, RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK842 before 3.2.16.6, RBR840 before 3.2.16.6, RBS840 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, RBS850 before 3.2.16.6, RS400 before 1.5.0.48, XR300 before 1.0.3.50, XR450 before 2.3.2.66, XR500 before 2.3.2.66, and XR700 before 1.0.1.34."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:N/A:H/C:H/I:H/PR:N/S:U/UI:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-29T23:29:56",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.netgear.com/000062735/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Routers-Range-Extenders-and-Orbi-WiFi-Systems-PSV-2020-0154"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-35795",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects AC2100 before 1.2.0.72, AC2400 before 1.2.0.72, AC2600 before 1.2.0.72, CBK40 before 2.5.0.10, CBR40 before 2.5.0.10, D7800 before 1.0.1.58, EAX20 before 1.0.0.36, EAX80 before 1.0.1.62, EX7500 before 1.0.0.68, MK62 before 1.0.5.102, MR60 before 1.0.5.102, MS60 before 1.0.5.102, R6120 before 1.0.0.70, R6220 before 1.1.0.100, R6230 before 1.1.0.100, R6260 before 1.1.0.76, R6330 before 1.1.0.76, R6350 before 1.1.0.76, R6400 before 1.0.1.62, R6400v2 before 1.0.4.98, R6700 before 1.0.2.16, R6700v2 before 1.2.0.72, R6700v3 before 1.0.4.98, R6800 before 1.2.0.72, R6850 before 1.1.0.76, R6900P before 1.3.2.124, R6900 before 1.0.2.16, R6900v2 before 1.2.0.72, R7000 before 1.0.11.106, R7000P before 1.3.2.124, R7200 before 1.2.0.72, R7350 before 1.2.0.72, R7400 before 1.2.0.72, R7450 before 1.2.0.72, R7800 before 1.0.2.74, R7850 before 1.0.5.60, R7900 before 1.0.4.26, R7900P before 1.4.1.62, R7960P before 1.4.1.62, R8000 before 1.0.4.58, R8000P before 1.4.1.62, R8900 before 1.0.5.24, R9000 before 1.0.5.24, RAX120 before 1.0.1.136, RAX15 before 1.0.1.64, RAX20 before 1.0.1.64, RAX200 before 1.0.2.102, RAX45 before 1.0.2.64, RAX50 before 1.0.2.64, RAX75 before 1.0.3.102, RAX80 before 1.0.3.102, RBK12 before 2.6.1.44, RBR10 before 2.6.1.44, RBS10 before 2.6.1.44, RBK20 before 2.6.1.38, RBR20 before 2.6.1.36, RBS20 before 2.6.1.38, RBK40 before 2.6.1.38, RBR40 before 2.6.1.36, RBS40 before 2.6.1.38, RBK50 before 2.6.1.40, RBR50 before 2.6.1.40, RBS50 before 2.6.1.40, RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK842 before 3.2.16.6, RBR840 before 3.2.16.6, RBS840 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, RBS850 before 3.2.16.6, RS400 before 1.5.0.48, XR300 before 1.0.3.50, XR450 before 2.3.2.66, XR500 before 2.3.2.66, and XR700 before 1.0.1.34."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:N/A:H/C:H/I:H/PR:N/S:U/UI:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.netgear.com/000062735/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Routers-Range-Extenders-and-Orbi-WiFi-Systems-PSV-2020-0154",
"refsource": "MISC",
"url": "https://kb.netgear.com/000062735/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Routers-Range-Extenders-and-Orbi-WiFi-Systems-PSV-2020-0154"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-35795",
"datePublished": "2020-12-29T23:29:56",
"dateReserved": "2020-12-29T00:00:00",
"dateUpdated": "2024-08-04T17:09:15.223Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-45501
Vulnerability from cvelistv5
Published
2021-12-26 01:03
Modified
2024-08-04 04:39
Severity ?
EPSS score ?
Summary
Certain NETGEAR devices are affected by authentication bypass. This affects AC2400 before 1.1.0.84, AC2600 before 1.1.0.84, D7000 before 1.0.1.82, R6020 before 1.0.0.52, R6080 before 1.0.0.52, R6120 before 1.0.0.80, R6220 before 1.1.0.110, R6230 before 1.1.0.110, R6260 before 1.1.0.84, R6330 before 1.1.0.84, R6350 before 1.1.0.84, R6700v2 before 1.1.0.84, R6800 before 1.1.0.84, R6850 before 1.1.0.84, R6900v2 before 1.1.0.84, R7200 before 1.1.0.84, R7350 before 1.1.0.84, R7400 before 1.1.0.84, and R7450 before 1.1.0.84.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:39:21.276Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.netgear.com/000064532/Security-Advisory-for-Authentication-Bypass-on-Some-Routers-PSV-2021-0154"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Certain NETGEAR devices are affected by authentication bypass. This affects AC2400 before 1.1.0.84, AC2600 before 1.1.0.84, D7000 before 1.0.1.82, R6020 before 1.0.0.52, R6080 before 1.0.0.52, R6120 before 1.0.0.80, R6220 before 1.1.0.110, R6230 before 1.1.0.110, R6260 before 1.1.0.84, R6330 before 1.1.0.84, R6350 before 1.1.0.84, R6700v2 before 1.1.0.84, R6800 before 1.1.0.84, R6850 before 1.1.0.84, R6900v2 before 1.1.0.84, R7200 before 1.1.0.84, R7350 before 1.1.0.84, R7400 before 1.1.0.84, and R7450 before 1.1.0.84."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:N/A:L/C:H/I:H/PR:N/S:U/UI:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-26T01:03:14",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.netgear.com/000064532/Security-Advisory-for-Authentication-Bypass-on-Some-Routers-PSV-2021-0154"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-45501",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Certain NETGEAR devices are affected by authentication bypass. This affects AC2400 before 1.1.0.84, AC2600 before 1.1.0.84, D7000 before 1.0.1.82, R6020 before 1.0.0.52, R6080 before 1.0.0.52, R6120 before 1.0.0.80, R6220 before 1.1.0.110, R6230 before 1.1.0.110, R6260 before 1.1.0.84, R6330 before 1.1.0.84, R6350 before 1.1.0.84, R6700v2 before 1.1.0.84, R6800 before 1.1.0.84, R6850 before 1.1.0.84, R6900v2 before 1.1.0.84, R7200 before 1.1.0.84, R7350 before 1.1.0.84, R7400 before 1.1.0.84, and R7450 before 1.1.0.84."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:N/A:L/C:H/I:H/PR:N/S:U/UI:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.netgear.com/000064532/Security-Advisory-for-Authentication-Bypass-on-Some-Routers-PSV-2021-0154",
"refsource": "MISC",
"url": "https://kb.netgear.com/000064532/Security-Advisory-for-Authentication-Bypass-on-Some-Routers-PSV-2021-0154"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-45501",
"datePublished": "2021-12-26T01:03:14",
"dateReserved": "2021-12-25T00:00:00",
"dateUpdated": "2024-08-04T04:39:21.276Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-45511
Vulnerability from cvelistv5
Published
2021-12-26 01:01
Modified
2024-08-04 04:39
Severity ?
EPSS score ?
Summary
Certain NETGEAR devices are affected by authentication bypass. This affects AC2100 before 2021-08-27, AC2400 before 2021-08-27, AC2600 before 2021-08-27, D7000 before 2021-08-27, R6220 before 2021-08-27, R6230 before 2021-08-27, R6260 before 2021-08-27, R6330 before 2021-08-27, R6350 before 2021-08-27, R6700v2 before 2021-08-27, R6800 before 2021-08-27, R6850 before 2021-08-27, R6900v2 before 2021-08-27, R7200 before 2021-08-27, R7350 before 2021-08-27, R7400 before 2021-08-27, and R7450 before 2021-08-27.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:39:21.462Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.netgear.com/000063961/Security-Advisory-for-Authentication-Bypass-Vulnerability-on-the-D7000-and-Some-Routers-PSV-2021-0133"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Certain NETGEAR devices are affected by authentication bypass. This affects AC2100 before 2021-08-27, AC2400 before 2021-08-27, AC2600 before 2021-08-27, D7000 before 2021-08-27, R6220 before 2021-08-27, R6230 before 2021-08-27, R6260 before 2021-08-27, R6330 before 2021-08-27, R6350 before 2021-08-27, R6700v2 before 2021-08-27, R6800 before 2021-08-27, R6850 before 2021-08-27, R6900v2 before 2021-08-27, R7200 before 2021-08-27, R7350 before 2021-08-27, R7400 before 2021-08-27, and R7450 before 2021-08-27."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:A/A:H/C:H/I:H/PR:H/S:U/UI:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-26T01:01:27",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.netgear.com/000063961/Security-Advisory-for-Authentication-Bypass-Vulnerability-on-the-D7000-and-Some-Routers-PSV-2021-0133"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-45511",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Certain NETGEAR devices are affected by authentication bypass. This affects AC2100 before 2021-08-27, AC2400 before 2021-08-27, AC2600 before 2021-08-27, D7000 before 2021-08-27, R6220 before 2021-08-27, R6230 before 2021-08-27, R6260 before 2021-08-27, R6330 before 2021-08-27, R6350 before 2021-08-27, R6700v2 before 2021-08-27, R6800 before 2021-08-27, R6850 before 2021-08-27, R6900v2 before 2021-08-27, R7200 before 2021-08-27, R7350 before 2021-08-27, R7400 before 2021-08-27, and R7450 before 2021-08-27."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"availabilityImpact": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:A/A:H/C:H/I:H/PR:H/S:U/UI:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.netgear.com/000063961/Security-Advisory-for-Authentication-Bypass-Vulnerability-on-the-D7000-and-Some-Routers-PSV-2021-0133",
"refsource": "MISC",
"url": "https://kb.netgear.com/000063961/Security-Advisory-for-Authentication-Bypass-Vulnerability-on-the-D7000-and-Some-Routers-PSV-2021-0133"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-45511",
"datePublished": "2021-12-26T01:01:27",
"dateReserved": "2021-12-25T00:00:00",
"dateUpdated": "2024-08-04T04:39:21.462Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-45647
Vulnerability from cvelistv5
Published
2021-12-26 00:29
Modified
2024-08-04 04:47
Severity ?
EPSS score ?
Summary
Certain NETGEAR devices are affected by disclosure of sensitive information. This affects EAX80 before 1.0.1.62, EX7000 before 1.0.1.104, R6120 before 1.0.0.76, R6220 before 1.1.0.110, R6230 before 1.1.0.110, R6260 before 1.1.0.78, R6850 before 1.1.0.78, R6350 before 1.1.0.78, R6330 before 1.1.0.78, R6800 before 1.2.0.76, R6900v2 before 1.2.0.76, R6700v2 before 1.2.0.76, R7000 before 1.0.11.116, R6900P before 1.3.3.140, R7000P before 1.3.3.140, R7200 before 1.2.0.76, R7350 before 1.2.0.76, R7400 before 1.2.0.76, R7450 before 1.2.0.76, AC2100 before 1.2.0.76, AC2400 before 1.2.0.76, AC2600 before 1.2.0.76, R7900 before 1.0.4.38, R7960P before 1.4.1.66, R8000 before 1.0.4.68, R7900P before 1.4.1.66, R8000P before 1.4.1.66, RAX15 before 1.0.2.82, RAX20 before 1.0.2.82, RAX200 before 1.0.3.106, RAX45 before 1.0.2.72, RAX50 before 1.0.2.72, RAX75 before 1.0.3.106, and RAX80 before 1.0.3.106.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:47:01.824Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.netgear.com/000064118/Security-Advisory-for-Sensitive-Information-Disclosure-on-Some-Routers-and-Extenders-PSV-2020-0184"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Certain NETGEAR devices are affected by disclosure of sensitive information. This affects EAX80 before 1.0.1.62, EX7000 before 1.0.1.104, R6120 before 1.0.0.76, R6220 before 1.1.0.110, R6230 before 1.1.0.110, R6260 before 1.1.0.78, R6850 before 1.1.0.78, R6350 before 1.1.0.78, R6330 before 1.1.0.78, R6800 before 1.2.0.76, R6900v2 before 1.2.0.76, R6700v2 before 1.2.0.76, R7000 before 1.0.11.116, R6900P before 1.3.3.140, R7000P before 1.3.3.140, R7200 before 1.2.0.76, R7350 before 1.2.0.76, R7400 before 1.2.0.76, R7450 before 1.2.0.76, AC2100 before 1.2.0.76, AC2400 before 1.2.0.76, AC2600 before 1.2.0.76, R7900 before 1.0.4.38, R7960P before 1.4.1.66, R8000 before 1.0.4.68, R7900P before 1.4.1.66, R8000P before 1.4.1.66, RAX15 before 1.0.2.82, RAX20 before 1.0.2.82, RAX200 before 1.0.3.106, RAX45 before 1.0.2.72, RAX50 before 1.0.2.72, RAX75 before 1.0.3.106, and RAX80 before 1.0.3.106."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:A/A:N/C:H/I:N/PR:N/S:U/UI:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-26T00:29:47",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.netgear.com/000064118/Security-Advisory-for-Sensitive-Information-Disclosure-on-Some-Routers-and-Extenders-PSV-2020-0184"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-45647",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Certain NETGEAR devices are affected by disclosure of sensitive information. This affects EAX80 before 1.0.1.62, EX7000 before 1.0.1.104, R6120 before 1.0.0.76, R6220 before 1.1.0.110, R6230 before 1.1.0.110, R6260 before 1.1.0.78, R6850 before 1.1.0.78, R6350 before 1.1.0.78, R6330 before 1.1.0.78, R6800 before 1.2.0.76, R6900v2 before 1.2.0.76, R6700v2 before 1.2.0.76, R7000 before 1.0.11.116, R6900P before 1.3.3.140, R7000P before 1.3.3.140, R7200 before 1.2.0.76, R7350 before 1.2.0.76, R7400 before 1.2.0.76, R7450 before 1.2.0.76, AC2100 before 1.2.0.76, AC2400 before 1.2.0.76, AC2600 before 1.2.0.76, R7900 before 1.0.4.38, R7960P before 1.4.1.66, R8000 before 1.0.4.68, R7900P before 1.4.1.66, R8000P before 1.4.1.66, RAX15 before 1.0.2.82, RAX20 before 1.0.2.82, RAX200 before 1.0.3.106, RAX45 before 1.0.2.72, RAX50 before 1.0.2.72, RAX75 before 1.0.3.106, and RAX80 before 1.0.3.106."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"availabilityImpact": "NONE",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:A/A:N/C:H/I:N/PR:N/S:U/UI:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.netgear.com/000064118/Security-Advisory-for-Sensitive-Information-Disclosure-on-Some-Routers-and-Extenders-PSV-2020-0184",
"refsource": "MISC",
"url": "https://kb.netgear.com/000064118/Security-Advisory-for-Sensitive-Information-Disclosure-on-Some-Routers-and-Extenders-PSV-2020-0184"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-45647",
"datePublished": "2021-12-26T00:29:47",
"dateReserved": "2021-12-25T00:00:00",
"dateUpdated": "2024-08-04T04:47:01.824Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}