Vulnerabilites related to netgear - lbr20
CVE-2022-27644 (GCVE-0-2022-27644)
Vulnerability from cvelistv5
Published
2023-03-29 00:00
Modified
2025-02-18 17:48
Severity ?
EPSS score ?
Summary
This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the downloading of files via HTTPS. The issue results from the lack of proper validation of the certificate presented by the server. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-15797.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T05:32:59.965Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-22-520/", }, { tags: [ "x_transferred", ], url: "https://kb.netgear.com/000064721/Security-Advisory-for-Multiple-Vulnerabilities-on-Multiple-Products-PSV-2021-0324", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2022-27644", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-02-18T17:48:29.884992Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-18T17:48:57.562Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "R6700v3", vendor: "NETGEAR", versions: [ { status: "affected", version: "1.0.4.120_10.0.91", }, ], }, ], credits: [ { lang: "en", value: "Kevin Denis (@0xmitsurugi) and Antide Petit (@xarkes_) from @Synacktiv", }, ], descriptions: [ { lang: "en", value: "This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the downloading of files via HTTPS. The issue results from the lack of proper validation of the certificate presented by the server. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-15797.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "HIGH", attackVector: "ADJACENT_NETWORK", availabilityImpact: "LOW", baseScore: 5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-295", description: "CWE-295: Improper Certificate Validation", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-03-29T00:00:00.000Z", orgId: "99f1926a-a320-47d8-bbb5-42feb611262e", shortName: "zdi", }, references: [ { url: "https://www.zerodayinitiative.com/advisories/ZDI-22-520/", }, { url: "https://kb.netgear.com/000064721/Security-Advisory-for-Multiple-Vulnerabilities-on-Multiple-Products-PSV-2021-0324", }, ], }, }, cveMetadata: { assignerOrgId: "99f1926a-a320-47d8-bbb5-42feb611262e", assignerShortName: "zdi", cveId: "CVE-2022-27644", datePublished: "2023-03-29T00:00:00.000Z", dateReserved: "2022-03-22T00:00:00.000Z", dateUpdated: "2025-02-18T17:48:57.562Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2021-27253 (GCVE-0-2021-27253)
Vulnerability from cvelistv5
Published
2021-04-14 15:45
Modified
2024-08-03 20:48
Severity ?
EPSS score ?
Summary
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR Nighthawk R7800. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of the rc_service parameter provided to apply_bind.cgi. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-12303.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T20:48:16.037Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://kb.netgear.com/000062883/Security-Advisory-for-Multiple-Vulnerabilities-on-Some-Routers-Satellites-and-Extenders", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-21-249/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "R7800", vendor: "NETGEAR", versions: [ { status: "affected", version: "firmware version 1.0.2.76", }, ], }, ], credits: [ { lang: "en", value: "Ho\\xc3\\xa0ng Th\\xe1\\xba\\xa1ch Nguy\\xe1\\xbb\\x85n, Lucas Tay", }, ], descriptions: [ { lang: "en", value: "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR Nighthawk R7800. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of the rc_service parameter provided to apply_bind.cgi. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-12303.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-04-14T15:45:57", orgId: "99f1926a-a320-47d8-bbb5-42feb611262e", shortName: "zdi", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://kb.netgear.com/000062883/Security-Advisory-for-Multiple-Vulnerabilities-on-Some-Routers-Satellites-and-Extenders", }, { tags: [ "x_refsource_MISC", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-21-249/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "zdi-disclosures@trendmicro.com", ID: "CVE-2021-27253", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "R7800", version: { version_data: [ { version_value: "firmware version 1.0.2.76", }, ], }, }, ], }, vendor_name: "NETGEAR", }, ], }, }, credit: "Ho\\xc3\\xa0ng Th\\xe1\\xba\\xa1ch Nguy\\xe1\\xbb\\x85n, Lucas Tay", data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR Nighthawk R7800. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of the rc_service parameter provided to apply_bind.cgi. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-12303.", }, ], }, impact: { cvss: { vectorString: "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-122: Heap-based Buffer Overflow", }, ], }, ], }, references: { reference_data: [ { name: "https://kb.netgear.com/000062883/Security-Advisory-for-Multiple-Vulnerabilities-on-Some-Routers-Satellites-and-Extenders", refsource: "MISC", url: "https://kb.netgear.com/000062883/Security-Advisory-for-Multiple-Vulnerabilities-on-Some-Routers-Satellites-and-Extenders", }, { name: "https://www.zerodayinitiative.com/advisories/ZDI-21-249/", refsource: "MISC", url: "https://www.zerodayinitiative.com/advisories/ZDI-21-249/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "99f1926a-a320-47d8-bbb5-42feb611262e", assignerShortName: "zdi", cveId: "CVE-2021-27253", datePublished: "2021-04-14T15:45:58", dateReserved: "2021-02-16T00:00:00", dateUpdated: "2024-08-03T20:48:16.037Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2021-27252 (GCVE-0-2021-27252)
Vulnerability from cvelistv5
Published
2021-04-14 15:45
Modified
2024-08-03 20:48
Severity ?
EPSS score ?
Summary
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R7800 firmware version 1.0.2.76. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the vendor_specific DHCP opcode. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-12216.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T20:48:16.107Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://kb.netgear.com/000062883/Security-Advisory-for-Multiple-Vulnerabilities-on-Some-Routers-Satellites-and-Extenders", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-21-248/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "R7800", vendor: "NETGEAR", versions: [ { status: "affected", version: "firmware version 1.0.2.76", }, ], }, ], credits: [ { lang: "en", value: "atdog (@atdog_tw)", }, ], descriptions: [ { lang: "en", value: "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R7800 firmware version 1.0.2.76. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the vendor_specific DHCP opcode. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-12216.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-78", description: "CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-04-14T15:45:57", orgId: "99f1926a-a320-47d8-bbb5-42feb611262e", shortName: "zdi", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://kb.netgear.com/000062883/Security-Advisory-for-Multiple-Vulnerabilities-on-Some-Routers-Satellites-and-Extenders", }, { tags: [ "x_refsource_MISC", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-21-248/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "zdi-disclosures@trendmicro.com", ID: "CVE-2021-27252", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "R7800", version: { version_data: [ { version_value: "firmware version 1.0.2.76", }, ], }, }, ], }, vendor_name: "NETGEAR", }, ], }, }, credit: "atdog (@atdog_tw)", data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R7800 firmware version 1.0.2.76. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the vendor_specific DHCP opcode. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-12216.", }, ], }, impact: { cvss: { vectorString: "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", }, ], }, ], }, references: { reference_data: [ { name: "https://kb.netgear.com/000062883/Security-Advisory-for-Multiple-Vulnerabilities-on-Some-Routers-Satellites-and-Extenders", refsource: "MISC", url: "https://kb.netgear.com/000062883/Security-Advisory-for-Multiple-Vulnerabilities-on-Some-Routers-Satellites-and-Extenders", }, { name: "https://www.zerodayinitiative.com/advisories/ZDI-21-248/", refsource: "MISC", url: "https://www.zerodayinitiative.com/advisories/ZDI-21-248/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "99f1926a-a320-47d8-bbb5-42feb611262e", assignerShortName: "zdi", cveId: "CVE-2021-27252", datePublished: "2021-04-14T15:45:57", dateReserved: "2021-02-16T00:00:00", dateUpdated: "2024-08-03T20:48:16.107Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2021-27254 (GCVE-0-2021-27254)
Vulnerability from cvelistv5
Published
2021-03-05 20:00
Modified
2024-08-03 20:48
Severity ?
EPSS score ?
Summary
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R7800. Authentication is not required to exploit this vulnerability. The specific flaw exists within the apply_save.cgi endpoint. This issue results from the use of hard-coded encryption key. An attacker can leverage this vulnerability to execute arbitrary code in the context of root. Was ZDI-CAN-12287.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T20:48:15.867Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-21-252/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://kb.netgear.com/000062883/Security-Advisory-for-Multiple-Vulnerabilities-on-Some-Routers-Satellites-and-Extenders", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "R7800", vendor: "NETGEAR", versions: [ { status: "affected", version: "firmware version 1.0.2.76", }, ], }, ], credits: [ { lang: "en", value: "84c0", }, ], descriptions: [ { lang: "en", value: "This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R7800. Authentication is not required to exploit this vulnerability. The specific flaw exists within the apply_save.cgi endpoint. This issue results from the use of hard-coded encryption key. An attacker can leverage this vulnerability to execute arbitrary code in the context of root. Was ZDI-CAN-12287.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "LOW", baseScore: 6.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-259", description: "CWE-259: Use of Hard-coded Password", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-03-05T20:00:23", orgId: "99f1926a-a320-47d8-bbb5-42feb611262e", shortName: "zdi", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-21-252/", }, { tags: [ "x_refsource_MISC", ], url: "https://kb.netgear.com/000062883/Security-Advisory-for-Multiple-Vulnerabilities-on-Some-Routers-Satellites-and-Extenders", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "zdi-disclosures@trendmicro.com", ID: "CVE-2021-27254", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "R7800", version: { version_data: [ { version_value: "firmware version 1.0.2.76", }, ], }, }, ], }, vendor_name: "NETGEAR", }, ], }, }, credit: "84c0", data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R7800. Authentication is not required to exploit this vulnerability. The specific flaw exists within the apply_save.cgi endpoint. This issue results from the use of hard-coded encryption key. An attacker can leverage this vulnerability to execute arbitrary code in the context of root. Was ZDI-CAN-12287.", }, ], }, impact: { cvss: { vectorString: "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-259: Use of Hard-coded Password", }, ], }, ], }, references: { reference_data: [ { name: "https://www.zerodayinitiative.com/advisories/ZDI-21-252/", refsource: "MISC", url: "https://www.zerodayinitiative.com/advisories/ZDI-21-252/", }, { name: "https://kb.netgear.com/000062883/Security-Advisory-for-Multiple-Vulnerabilities-on-Some-Routers-Satellites-and-Extenders", refsource: "MISC", url: "https://kb.netgear.com/000062883/Security-Advisory-for-Multiple-Vulnerabilities-on-Some-Routers-Satellites-and-Extenders", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "99f1926a-a320-47d8-bbb5-42feb611262e", assignerShortName: "zdi", cveId: "CVE-2021-27254", datePublished: "2021-03-05T20:00:23", dateReserved: "2021-02-16T00:00:00", dateUpdated: "2024-08-03T20:48:15.867Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2021-45602 (GCVE-0-2021-45602)
Vulnerability from cvelistv5
Published
2021-12-26 00:38
Modified
2024-08-04 04:47
Severity ?
EPSS score ?
Summary
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D7800 before 1.0.1.66, EX2700 before 1.0.1.68, WN3000RPv2 before 1.0.0.90, WN3000RPv3 before 1.0.2.100, LBR1020 before 2.6.5.20, LBR20 before 2.6.5.32, R6700AX before 1.0.10.110, R7800 before 1.0.2.86, R8900 before 1.0.5.38, R9000 before 1.0.5.38, RAX10 before 1.0.10.110, RAX120v1 before 1.2.3.28, RAX120v2 before 1.2.3.28, RAX70 before 1.0.10.110, RAX78 before 1.0.10.110, XR450 before 2.3.2.130, XR500 before 2.3.2.130, and XR700 before 1.0.1.46.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T04:47:00.867Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://immersivelabs.com/resources/blog/netgear-vulnerabilities-could-put-small-business-routers-at-risk/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://kb.netgear.com/000064407/Security-Advisory-for-Post-Authentication-Command-Injection-Sensitive-Information-Disclosure-on-Multiple-Products-PSV-2021-0169-PSV-2021-0171", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D7800 before 1.0.1.66, EX2700 before 1.0.1.68, WN3000RPv2 before 1.0.0.90, WN3000RPv3 before 1.0.2.100, LBR1020 before 2.6.5.20, LBR20 before 2.6.5.32, R6700AX before 1.0.10.110, R7800 before 1.0.2.86, R8900 before 1.0.5.38, R9000 before 1.0.5.38, RAX10 before 1.0.10.110, RAX120v1 before 1.2.3.28, RAX120v2 before 1.2.3.28, RAX70 before 1.0.10.110, RAX78 before 1.0.10.110, XR450 before 2.3.2.130, XR500 before 2.3.2.130, and XR700 before 1.0.1.46.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AC:L/AV:L/A:L/C:H/I:N/PR:L/S:U/UI:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-12-26T00:38:46", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://immersivelabs.com/resources/blog/netgear-vulnerabilities-could-put-small-business-routers-at-risk/", }, { tags: [ "x_refsource_MISC", ], url: "https://kb.netgear.com/000064407/Security-Advisory-for-Post-Authentication-Command-Injection-Sensitive-Information-Disclosure-on-Multiple-Products-PSV-2021-0169-PSV-2021-0171", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2021-45602", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D7800 before 1.0.1.66, EX2700 before 1.0.1.68, WN3000RPv2 before 1.0.0.90, WN3000RPv3 before 1.0.2.100, LBR1020 before 2.6.5.20, LBR20 before 2.6.5.32, R6700AX before 1.0.10.110, R7800 before 1.0.2.86, R8900 before 1.0.5.38, R9000 before 1.0.5.38, RAX10 before 1.0.10.110, RAX120v1 before 1.2.3.28, RAX120v2 before 1.2.3.28, RAX70 before 1.0.10.110, RAX78 before 1.0.10.110, XR450 before 2.3.2.130, XR500 before 2.3.2.130, and XR700 before 1.0.1.46.", }, ], }, impact: { cvss: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "LOW", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AC:L/AV:L/A:L/C:H/I:N/PR:L/S:U/UI:N", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://immersivelabs.com/resources/blog/netgear-vulnerabilities-could-put-small-business-routers-at-risk/", refsource: "MISC", url: "https://immersivelabs.com/resources/blog/netgear-vulnerabilities-could-put-small-business-routers-at-risk/", }, { name: "https://kb.netgear.com/000064407/Security-Advisory-for-Post-Authentication-Command-Injection-Sensitive-Information-Disclosure-on-Multiple-Products-PSV-2021-0169-PSV-2021-0171", refsource: "MISC", url: "https://kb.netgear.com/000064407/Security-Advisory-for-Post-Authentication-Command-Injection-Sensitive-Information-Disclosure-on-Multiple-Products-PSV-2021-0169-PSV-2021-0171", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2021-45602", datePublished: "2021-12-26T00:38:46", dateReserved: "2021-12-25T00:00:00", dateUpdated: "2024-08-04T04:47:00.867Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2021-27256 (GCVE-0-2021-27256)
Vulnerability from cvelistv5
Published
2021-03-05 20:00
Modified
2024-08-03 20:48
Severity ?
EPSS score ?
Summary
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R7800 firmware version 1.0.2.76. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of the rc_service parameter provided to apply_save.cgi. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-12355.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T20:48:16.076Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://kb.netgear.com/000062883/Security-Advisory-for-Multiple-Vulnerabilities-on-Some-Routers-Satellites-and-Extenders", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-21-262/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "R7800", vendor: "NETGEAR", versions: [ { status: "affected", version: "firmware version 1.0.2.76", }, ], }, ], credits: [ { lang: "en", value: "takeshi", }, ], descriptions: [ { lang: "en", value: "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R7800 firmware version 1.0.2.76. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of the rc_service parameter provided to apply_save.cgi. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-12355.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-78", description: "CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-03-05T20:00:25", orgId: "99f1926a-a320-47d8-bbb5-42feb611262e", shortName: "zdi", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://kb.netgear.com/000062883/Security-Advisory-for-Multiple-Vulnerabilities-on-Some-Routers-Satellites-and-Extenders", }, { tags: [ "x_refsource_MISC", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-21-262/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "zdi-disclosures@trendmicro.com", ID: "CVE-2021-27256", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "R7800", version: { version_data: [ { version_value: "firmware version 1.0.2.76", }, ], }, }, ], }, vendor_name: "NETGEAR", }, ], }, }, credit: "takeshi", data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R7800 firmware version 1.0.2.76. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of the rc_service parameter provided to apply_save.cgi. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-12355.", }, ], }, impact: { cvss: { vectorString: "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", }, ], }, ], }, references: { reference_data: [ { name: "https://kb.netgear.com/000062883/Security-Advisory-for-Multiple-Vulnerabilities-on-Some-Routers-Satellites-and-Extenders", refsource: "MISC", url: "https://kb.netgear.com/000062883/Security-Advisory-for-Multiple-Vulnerabilities-on-Some-Routers-Satellites-and-Extenders", }, { name: "https://www.zerodayinitiative.com/advisories/ZDI-21-262/", refsource: "MISC", url: "https://www.zerodayinitiative.com/advisories/ZDI-21-262/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "99f1926a-a320-47d8-bbb5-42feb611262e", assignerShortName: "zdi", cveId: "CVE-2021-27256", datePublished: "2021-03-05T20:00:25", dateReserved: "2021-02-16T00:00:00", dateUpdated: "2024-08-03T20:48:16.076Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2021-45648 (GCVE-0-2021-45648)
Vulnerability from cvelistv5
Published
2021-12-26 00:29
Modified
2024-08-04 04:47
Severity ?
EPSS score ?
Summary
Certain NETGEAR devices are affected by disclosure of sensitive information. This affects EX6100v2 before 1.0.1.106, EX6150v2 before 1.0.1.106, EX6250 before 1.0.0.146, EX6400 before 1.0.2.164, EX6400v2 before 1.0.0.146, EX6410 before 1.0.0.146, EX6420 before 1.0.0.146, EX7300 before 1.0.2.164, EX7300v2 before 1.0.0.146, EX7320 before 1.0.0.146, EX7700 before 1.0.0.222, LBR1020 before 2.6.5.16, LBR20 before 2.6.5.2, RBK352 before 4.3.4.7, RBK50 before 2.7.3.22, RBR350 before 4.3.4.7, RBR50 before 2.7.3.22, and RBS350 before 4.3.4.7.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T04:47:01.772Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://kb.netgear.com/000064494/Security-Advisory-for-Sensitive-Information-Disclosure-on-Some-Routers-Extenders-and-WiFi-Systems-PSV-2020-0453", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by disclosure of sensitive information. This affects EX6100v2 before 1.0.1.106, EX6150v2 before 1.0.1.106, EX6250 before 1.0.0.146, EX6400 before 1.0.2.164, EX6400v2 before 1.0.0.146, EX6410 before 1.0.0.146, EX6420 before 1.0.0.146, EX7300 before 1.0.2.164, EX7300v2 before 1.0.0.146, EX7320 before 1.0.0.146, EX7700 before 1.0.0.222, LBR1020 before 2.6.5.16, LBR20 before 2.6.5.2, RBK352 before 4.3.4.7, RBK50 before 2.7.3.22, RBR350 before 4.3.4.7, RBR50 before 2.7.3.22, and RBS350 before 4.3.4.7.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "ADJACENT_NETWORK", availabilityImpact: "NONE", baseScore: 3.1, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AC:H/AV:A/A:N/C:L/I:N/PR:N/S:U/UI:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-12-26T00:29:37", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://kb.netgear.com/000064494/Security-Advisory-for-Sensitive-Information-Disclosure-on-Some-Routers-Extenders-and-WiFi-Systems-PSV-2020-0453", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2021-45648", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Certain NETGEAR devices are affected by disclosure of sensitive information. This affects EX6100v2 before 1.0.1.106, EX6150v2 before 1.0.1.106, EX6250 before 1.0.0.146, EX6400 before 1.0.2.164, EX6400v2 before 1.0.0.146, EX6410 before 1.0.0.146, EX6420 before 1.0.0.146, EX7300 before 1.0.2.164, EX7300v2 before 1.0.0.146, EX7320 before 1.0.0.146, EX7700 before 1.0.0.222, LBR1020 before 2.6.5.16, LBR20 before 2.6.5.2, RBK352 before 4.3.4.7, RBK50 before 2.7.3.22, RBR350 before 4.3.4.7, RBR50 before 2.7.3.22, and RBS350 before 4.3.4.7.", }, ], }, impact: { cvss: { attackComplexity: "HIGH", attackVector: "ADJACENT", availabilityImpact: "NONE", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AC:H/AV:A/A:N/C:L/I:N/PR:N/S:U/UI:N", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://kb.netgear.com/000064494/Security-Advisory-for-Sensitive-Information-Disclosure-on-Some-Routers-Extenders-and-WiFi-Systems-PSV-2020-0453", refsource: "MISC", url: "https://kb.netgear.com/000064494/Security-Advisory-for-Sensitive-Information-Disclosure-on-Some-Routers-Extenders-and-WiFi-Systems-PSV-2020-0453", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2021-45648", datePublished: "2021-12-26T00:29:37", dateReserved: "2021-12-25T00:00:00", dateUpdated: "2024-08-04T04:47:01.772Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2021-27251 (GCVE-0-2021-27251)
Vulnerability from cvelistv5
Published
2021-04-14 15:45
Modified
2024-08-03 20:48
Severity ?
EPSS score ?
Summary
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR Nighthawk R7800. Authentication is not required to exploit this vulnerability The specific flaw exists within handling of firmware updates. The issue results from a fallback to a insecure protocol to deliver updates. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-12308.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T20:48:15.869Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://kb.netgear.com/000062883/Security-Advisory-for-Multiple-Vulnerabilities-on-Some-Routers-Satellites-and-Extenders", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-21-247/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "R7800", vendor: "NETGEAR", versions: [ { status: "affected", version: "1.0.2.76", }, ], }, ], credits: [ { lang: "en", value: "Team FLASHBACK: Pedro Ribeiro (@pedrib1337 | pedrib@gmail.com) + Radek Domanski (@RabbitPro)", }, ], descriptions: [ { lang: "en", value: "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR Nighthawk R7800. Authentication is not required to exploit this vulnerability The specific flaw exists within handling of firmware updates. The issue results from a fallback to a insecure protocol to deliver updates. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-12308.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-319", description: "CWE-319: Cleartext Transmission of Sensitive Information", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-04-14T15:45:56", orgId: "99f1926a-a320-47d8-bbb5-42feb611262e", shortName: "zdi", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://kb.netgear.com/000062883/Security-Advisory-for-Multiple-Vulnerabilities-on-Some-Routers-Satellites-and-Extenders", }, { tags: [ "x_refsource_MISC", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-21-247/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "zdi-disclosures@trendmicro.com", ID: "CVE-2021-27251", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "R7800", version: { version_data: [ { version_value: "1.0.2.76", }, ], }, }, ], }, vendor_name: "NETGEAR", }, ], }, }, credit: "Team FLASHBACK: Pedro Ribeiro (@pedrib1337 | pedrib@gmail.com) + Radek Domanski (@RabbitPro)", data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR Nighthawk R7800. Authentication is not required to exploit this vulnerability The specific flaw exists within handling of firmware updates. The issue results from a fallback to a insecure protocol to deliver updates. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-12308.", }, ], }, impact: { cvss: { vectorString: "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-319: Cleartext Transmission of Sensitive Information", }, ], }, ], }, references: { reference_data: [ { name: "https://kb.netgear.com/000062883/Security-Advisory-for-Multiple-Vulnerabilities-on-Some-Routers-Satellites-and-Extenders", refsource: "MISC", url: "https://kb.netgear.com/000062883/Security-Advisory-for-Multiple-Vulnerabilities-on-Some-Routers-Satellites-and-Extenders", }, { name: "https://www.zerodayinitiative.com/advisories/ZDI-21-247/", refsource: "MISC", url: "https://www.zerodayinitiative.com/advisories/ZDI-21-247/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "99f1926a-a320-47d8-bbb5-42feb611262e", assignerShortName: "zdi", cveId: "CVE-2021-27251", datePublished: "2021-04-14T15:45:56", dateReserved: "2021-02-16T00:00:00", dateUpdated: "2024-08-03T20:48:15.869Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2021-45603 (GCVE-0-2021-45603)
Vulnerability from cvelistv5
Published
2021-12-26 00:38
Modified
2024-08-04 04:47
Severity ?
EPSS score ?
Summary
Certain NETGEAR devices are affected by disclosure of sensitive information. A UPnP request reveals a device's serial number, which can be used for a password reset. This affects D7800 before 1.0.1.66, EX2700 before 1.0.1.68, WN3000RPv2 before 1.0.0.90, WN3000RPv3 before 1.0.2.100, LBR1020 before 2.6.5.20, LBR20 before 2.6.5.32, R6700AX before 1.0.10.110, R7800 before 1.0.2.86, R8900 before 1.0.5.38, R9000 before 1.0.5.38, RAX10 before 1.0.10.110, RAX120v1 before 1.2.3.28, RAX120v2 before 1.2.3.28, RAX70 before 1.0.10.110, RAX78 before 1.0.10.110, XR450 before 2.3.2.130, XR500 before 2.3.2.130, and XR700 before 1.0.1.46.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T04:47:00.858Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://immersivelabs.com/resources/blog/netgear-vulnerabilities-could-put-small-business-routers-at-risk/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://kb.netgear.com/000064407/Security-Advisory-for-Post-Authentication-Command-Injection-Sensitive-Information-Disclosure-on-Multiple-Products-PSV-2021-0169-PSV-2021-0171", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by disclosure of sensitive information. A UPnP request reveals a device's serial number, which can be used for a password reset. This affects D7800 before 1.0.1.66, EX2700 before 1.0.1.68, WN3000RPv2 before 1.0.0.90, WN3000RPv3 before 1.0.2.100, LBR1020 before 2.6.5.20, LBR20 before 2.6.5.32, R6700AX before 1.0.10.110, R7800 before 1.0.2.86, R8900 before 1.0.5.38, R9000 before 1.0.5.38, RAX10 before 1.0.10.110, RAX120v1 before 1.2.3.28, RAX120v2 before 1.2.3.28, RAX70 before 1.0.10.110, RAX78 before 1.0.10.110, XR450 before 2.3.2.130, XR500 before 2.3.2.130, and XR700 before 1.0.1.46.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AC:L/AV:L/A:L/C:H/I:N/PR:L/S:U/UI:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-12-26T00:38:30", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://immersivelabs.com/resources/blog/netgear-vulnerabilities-could-put-small-business-routers-at-risk/", }, { tags: [ "x_refsource_MISC", ], url: "https://kb.netgear.com/000064407/Security-Advisory-for-Post-Authentication-Command-Injection-Sensitive-Information-Disclosure-on-Multiple-Products-PSV-2021-0169-PSV-2021-0171", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2021-45603", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Certain NETGEAR devices are affected by disclosure of sensitive information. A UPnP request reveals a device's serial number, which can be used for a password reset. This affects D7800 before 1.0.1.66, EX2700 before 1.0.1.68, WN3000RPv2 before 1.0.0.90, WN3000RPv3 before 1.0.2.100, LBR1020 before 2.6.5.20, LBR20 before 2.6.5.32, R6700AX before 1.0.10.110, R7800 before 1.0.2.86, R8900 before 1.0.5.38, R9000 before 1.0.5.38, RAX10 before 1.0.10.110, RAX120v1 before 1.2.3.28, RAX120v2 before 1.2.3.28, RAX70 before 1.0.10.110, RAX78 before 1.0.10.110, XR450 before 2.3.2.130, XR500 before 2.3.2.130, and XR700 before 1.0.1.46.", }, ], }, impact: { cvss: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "LOW", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AC:L/AV:L/A:L/C:H/I:N/PR:L/S:U/UI:N", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://immersivelabs.com/resources/blog/netgear-vulnerabilities-could-put-small-business-routers-at-risk/", refsource: "MISC", url: "https://immersivelabs.com/resources/blog/netgear-vulnerabilities-could-put-small-business-routers-at-risk/", }, { name: "https://kb.netgear.com/000064407/Security-Advisory-for-Post-Authentication-Command-Injection-Sensitive-Information-Disclosure-on-Multiple-Products-PSV-2021-0169-PSV-2021-0171", refsource: "MISC", url: "https://kb.netgear.com/000064407/Security-Advisory-for-Post-Authentication-Command-Injection-Sensitive-Information-Disclosure-on-Multiple-Products-PSV-2021-0169-PSV-2021-0171", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2021-45603", datePublished: "2021-12-26T00:38:30", dateReserved: "2021-12-25T00:00:00", dateUpdated: "2024-08-04T04:47:00.858Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2021-45618 (GCVE-0-2021-45618)
Vulnerability from cvelistv5
Published
2021-12-26 00:35
Modified
2024-08-04 04:47
Severity ?
EPSS score ?
Summary
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects D7800 before 1.0.1.64, EX6200v2 before 1.0.1.86, EX6250 before 1.0.0.134, EX7700 before 1.0.0.216, EX8000 before 1.0.1.232, LBR20 before 2.6.3.50, R7800 before 1.0.2.80, R8900 before 1.0.5.26, R9000 before 1.0.5.26, RAX120 before 1.2.0.16, RBS50Y before 1.0.0.56, WNR2000v5 before 1.0.0.76, XR450 before 2.3.2.114, XR500 before 2.3.2.114, XR700 before 1.0.1.36, EX6150v2 before 1.0.1.98, EX7300 before 1.0.2.158, EX7320 before 1.0.0.134, EX6100v2 before 1.0.1.98, EX6400 before 1.0.2.158, EX7300v2 before 1.0.0.134, EX6410 before 1.0.0.134, RBR10 before 2.6.1.44, RBR20 before 2.6.2.104, RBR40 before 2.6.2.104, RBR50 before 2.7.2.102, EX6420 before 1.0.0.134, RBS10 before 2.6.1.44, RBS20 before 2.6.2.104, RBS40 before 2.6.2.104, RBS50 before 2.7.2.102, EX6400v2 before 1.0.0.134, RBK12 before 2.6.1.44, RBK20 before 2.6.2.104, RBK40 before 2.6.2.104, and RBK50 before 2.7.2.102.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T04:47:01.690Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://kb.netgear.com/000064490/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-Routers-Extenders-and-WiFi-Systems-PSV-2020-0422", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects D7800 before 1.0.1.64, EX6200v2 before 1.0.1.86, EX6250 before 1.0.0.134, EX7700 before 1.0.0.216, EX8000 before 1.0.1.232, LBR20 before 2.6.3.50, R7800 before 1.0.2.80, R8900 before 1.0.5.26, R9000 before 1.0.5.26, RAX120 before 1.2.0.16, RBS50Y before 1.0.0.56, WNR2000v5 before 1.0.0.76, XR450 before 2.3.2.114, XR500 before 2.3.2.114, XR700 before 1.0.1.36, EX6150v2 before 1.0.1.98, EX7300 before 1.0.2.158, EX7320 before 1.0.0.134, EX6100v2 before 1.0.1.98, EX6400 before 1.0.2.158, EX7300v2 before 1.0.0.134, EX6410 before 1.0.0.134, RBR10 before 2.6.1.44, RBR20 before 2.6.2.104, RBR40 before 2.6.2.104, RBR50 before 2.7.2.102, EX6420 before 1.0.0.134, RBS10 before 2.6.1.44, RBS20 before 2.6.2.104, RBS40 before 2.6.2.104, RBS50 before 2.7.2.102, EX6400v2 before 1.0.0.134, RBK12 before 2.6.1.44, RBK20 before 2.6.2.104, RBK40 before 2.6.2.104, and RBK50 before 2.7.2.102.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 9.6, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AC:L/AV:A/A:H/C:H/I:H/PR:N/S:C/UI:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-12-26T00:35:27", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://kb.netgear.com/000064490/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-Routers-Extenders-and-WiFi-Systems-PSV-2020-0422", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2021-45618", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects D7800 before 1.0.1.64, EX6200v2 before 1.0.1.86, EX6250 before 1.0.0.134, EX7700 before 1.0.0.216, EX8000 before 1.0.1.232, LBR20 before 2.6.3.50, R7800 before 1.0.2.80, R8900 before 1.0.5.26, R9000 before 1.0.5.26, RAX120 before 1.2.0.16, RBS50Y before 1.0.0.56, WNR2000v5 before 1.0.0.76, XR450 before 2.3.2.114, XR500 before 2.3.2.114, XR700 before 1.0.1.36, EX6150v2 before 1.0.1.98, EX7300 before 1.0.2.158, EX7320 before 1.0.0.134, EX6100v2 before 1.0.1.98, EX6400 before 1.0.2.158, EX7300v2 before 1.0.0.134, EX6410 before 1.0.0.134, RBR10 before 2.6.1.44, RBR20 before 2.6.2.104, RBR40 before 2.6.2.104, RBR50 before 2.7.2.102, EX6420 before 1.0.0.134, RBS10 before 2.6.1.44, RBS20 before 2.6.2.104, RBS40 before 2.6.2.104, RBS50 before 2.7.2.102, EX6400v2 before 1.0.0.134, RBK12 before 2.6.1.44, RBK20 before 2.6.2.104, RBK40 before 2.6.2.104, and RBK50 before 2.7.2.102.", }, ], }, impact: { cvss: { attackComplexity: "LOW", attackVector: "ADJACENT", availabilityImpact: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AC:L/AV:A/A:H/C:H/I:H/PR:N/S:C/UI:N", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://kb.netgear.com/000064490/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-Routers-Extenders-and-WiFi-Systems-PSV-2020-0422", refsource: "MISC", url: "https://kb.netgear.com/000064490/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-Routers-Extenders-and-WiFi-Systems-PSV-2020-0422", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2021-45618", datePublished: "2021-12-26T00:35:27", dateReserved: "2021-12-25T00:00:00", dateUpdated: "2024-08-04T04:47:01.690Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2021-45642 (GCVE-0-2021-45642)
Vulnerability from cvelistv5
Published
2021-12-26 00:30
Modified
2024-08-04 04:47
Severity ?
EPSS score ?
Summary
Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D7800 before 1.0.1.64, EX6250 before 1.0.0.134, EX7700 before 1.0.0.222, LBR20 before 2.6.3.50, RBS50Y before 2.7.3.22, R8900 before 1.0.5.26, R9000 before 1.0.5.26, XR450 before 2.3.2.66, XR500 before 2.3.2.66, XR700 before 1.0.1.36, EX7320 before 1.0.0.134, RAX120 before 1.2.2.24, EX7300v2 before 1.0.0.134, RAX120v2 before 1.2.2.24, EX6410 before 1.0.0.134, RBR10 before 2.7.3.22, RBR20 before 2.7.3.22, RBR40 before 2.7.3.22, RBR50 before 2.7.3.22, EX6420 before 1.0.0.134, RBS10 before 2.7.3.22, RBS20 before 2.7.3.22, RBS40 before 2.7.3.22, RBS50 before 2.7.3.22, EX6400v2 before 1.0.0.134, RBK12 before 2.7.3.22, RBK20 before 2.7.3.22, RBK40 before 2.7.3.22, and RBK50 before 2.7.3.22.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T04:47:01.773Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://kb.netgear.com/000064491/Security-Advisory-for-Security-Misconfiguration-on-Some-Routers-Extenders-and-WiFi-Systems-PSV-2020-0427", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D7800 before 1.0.1.64, EX6250 before 1.0.0.134, EX7700 before 1.0.0.222, LBR20 before 2.6.3.50, RBS50Y before 2.7.3.22, R8900 before 1.0.5.26, R9000 before 1.0.5.26, XR450 before 2.3.2.66, XR500 before 2.3.2.66, XR700 before 1.0.1.36, EX7320 before 1.0.0.134, RAX120 before 1.2.2.24, EX7300v2 before 1.0.0.134, RAX120v2 before 1.2.2.24, EX6410 before 1.0.0.134, RBR10 before 2.7.3.22, RBR20 before 2.7.3.22, RBR40 before 2.7.3.22, RBR50 before 2.7.3.22, EX6420 before 1.0.0.134, RBS10 before 2.7.3.22, RBS20 before 2.7.3.22, RBS40 before 2.7.3.22, RBS50 before 2.7.3.22, EX6400v2 before 1.0.0.134, RBK12 before 2.7.3.22, RBK20 before 2.7.3.22, RBK40 before 2.7.3.22, and RBK50 before 2.7.3.22.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "LOW", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AC:L/AV:A/A:L/C:L/I:H/PR:H/S:C/UI:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-12-26T00:30:40", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://kb.netgear.com/000064491/Security-Advisory-for-Security-Misconfiguration-on-Some-Routers-Extenders-and-WiFi-Systems-PSV-2020-0427", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2021-45642", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D7800 before 1.0.1.64, EX6250 before 1.0.0.134, EX7700 before 1.0.0.222, LBR20 before 2.6.3.50, RBS50Y before 2.7.3.22, R8900 before 1.0.5.26, R9000 before 1.0.5.26, XR450 before 2.3.2.66, XR500 before 2.3.2.66, XR700 before 1.0.1.36, EX7320 before 1.0.0.134, RAX120 before 1.2.2.24, EX7300v2 before 1.0.0.134, RAX120v2 before 1.2.2.24, EX6410 before 1.0.0.134, RBR10 before 2.7.3.22, RBR20 before 2.7.3.22, RBR40 before 2.7.3.22, RBR50 before 2.7.3.22, EX6420 before 1.0.0.134, RBS10 before 2.7.3.22, RBS20 before 2.7.3.22, RBS40 before 2.7.3.22, RBS50 before 2.7.3.22, EX6400v2 before 1.0.0.134, RBK12 before 2.7.3.22, RBK20 before 2.7.3.22, RBK40 before 2.7.3.22, and RBK50 before 2.7.3.22.", }, ], }, impact: { cvss: { attackComplexity: "LOW", attackVector: "ADJACENT", availabilityImpact: "LOW", confidentialityImpact: "LOW", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AC:L/AV:A/A:L/C:L/I:H/PR:H/S:C/UI:N", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://kb.netgear.com/000064491/Security-Advisory-for-Security-Misconfiguration-on-Some-Routers-Extenders-and-WiFi-Systems-PSV-2020-0427", refsource: "MISC", url: "https://kb.netgear.com/000064491/Security-Advisory-for-Security-Misconfiguration-on-Some-Routers-Extenders-and-WiFi-Systems-PSV-2020-0427", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2021-45642", datePublished: "2021-12-26T00:30:40", dateReserved: "2021-12-25T00:00:00", dateUpdated: "2024-08-04T04:47:01.773Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2021-27255 (GCVE-0-2021-27255)
Vulnerability from cvelistv5
Published
2021-03-05 20:00
Modified
2024-08-03 20:48
Severity ?
EPSS score ?
Summary
This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR R7800 firmware version 1.0.2.76. Authentication is not required to exploit this vulnerability. The specific flaw exists within the refresh_status.aspx endpoint. The issue results from a lack of authentication required to start a service on the server. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-12360.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T20:48:16.644Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://kb.netgear.com/000062883/Security-Advisory-for-Multiple-Vulnerabilities-on-Some-Routers-Satellites-and-Extenders", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-21-263/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "R7800", vendor: "NETGEAR", versions: [ { status: "affected", version: "firmware version 1.0.2.76", }, ], }, ], credits: [ { lang: "en", value: "STARLabs", }, ], descriptions: [ { lang: "en", value: "This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR R7800 firmware version 1.0.2.76. Authentication is not required to exploit this vulnerability. The specific flaw exists within the refresh_status.aspx endpoint. The issue results from a lack of authentication required to start a service on the server. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-12360.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "LOW", baseScore: 6.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-306", description: "CWE-306: Missing Authentication for Critical Function", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-03-05T20:00:24", orgId: "99f1926a-a320-47d8-bbb5-42feb611262e", shortName: "zdi", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://kb.netgear.com/000062883/Security-Advisory-for-Multiple-Vulnerabilities-on-Some-Routers-Satellites-and-Extenders", }, { tags: [ "x_refsource_MISC", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-21-263/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "zdi-disclosures@trendmicro.com", ID: "CVE-2021-27255", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "R7800", version: { version_data: [ { version_value: "firmware version 1.0.2.76", }, ], }, }, ], }, vendor_name: "NETGEAR", }, ], }, }, credit: "STARLabs", data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR R7800 firmware version 1.0.2.76. Authentication is not required to exploit this vulnerability. The specific flaw exists within the refresh_status.aspx endpoint. The issue results from a lack of authentication required to start a service on the server. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-12360.", }, ], }, impact: { cvss: { vectorString: "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-306: Missing Authentication for Critical Function", }, ], }, ], }, references: { reference_data: [ { name: "https://kb.netgear.com/000062883/Security-Advisory-for-Multiple-Vulnerabilities-on-Some-Routers-Satellites-and-Extenders", refsource: "MISC", url: "https://kb.netgear.com/000062883/Security-Advisory-for-Multiple-Vulnerabilities-on-Some-Routers-Satellites-and-Extenders", }, { name: "https://www.zerodayinitiative.com/advisories/ZDI-21-263/", refsource: "MISC", url: "https://www.zerodayinitiative.com/advisories/ZDI-21-263/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "99f1926a-a320-47d8-bbb5-42feb611262e", assignerShortName: "zdi", cveId: "CVE-2021-27255", datePublished: "2021-03-05T20:00:24", dateReserved: "2021-02-16T00:00:00", dateUpdated: "2024-08-03T20:48:16.644Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2021-45595 (GCVE-0-2021-45595)
Vulnerability from cvelistv5
Published
2021-12-26 00:41
Modified
2024-08-04 04:47
Severity ?
EPSS score ?
Summary
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects LBR20 before 2.6.3.50, RBS50Y before 2.7.3.22, RBR10 before 2.7.3.22, RBR20 before 2.7.3.22, RBR40 before 2.7.3.22, RBR50 before 2.7.3.22, RBS10 before 2.7.3.22, RBS20 before 2.7.3.22, RBS40 before 2.7.3.22, RBS50 before 2.7.3.22, RBK12 before 2.7.3.22, RBK20 before 2.7.3.22, RBK40 before 2.7.3.22, and RBK50 before 2.7.3.22.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T04:47:01.030Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://kb.netgear.com/000064495/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-WiFi-Systems-PSV-2020-0462", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by command injection by an authenticated user. This affects LBR20 before 2.6.3.50, RBS50Y before 2.7.3.22, RBR10 before 2.7.3.22, RBR20 before 2.7.3.22, RBR40 before 2.7.3.22, RBR50 before 2.7.3.22, RBS10 before 2.7.3.22, RBS20 before 2.7.3.22, RBS40 before 2.7.3.22, RBS50 before 2.7.3.22, RBK12 before 2.7.3.22, RBK20 before 2.7.3.22, RBK40 before 2.7.3.22, and RBK50 before 2.7.3.22.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 7.6, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AC:H/AV:A/A:H/C:H/I:H/PR:H/S:C/UI:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-12-26T00:41:03", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://kb.netgear.com/000064495/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-WiFi-Systems-PSV-2020-0462", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2021-45595", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Certain NETGEAR devices are affected by command injection by an authenticated user. This affects LBR20 before 2.6.3.50, RBS50Y before 2.7.3.22, RBR10 before 2.7.3.22, RBR20 before 2.7.3.22, RBR40 before 2.7.3.22, RBR50 before 2.7.3.22, RBS10 before 2.7.3.22, RBS20 before 2.7.3.22, RBS40 before 2.7.3.22, RBS50 before 2.7.3.22, RBK12 before 2.7.3.22, RBK20 before 2.7.3.22, RBK40 before 2.7.3.22, and RBK50 before 2.7.3.22.", }, ], }, impact: { cvss: { attackComplexity: "HIGH", attackVector: "ADJACENT", availabilityImpact: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AC:H/AV:A/A:H/C:H/I:H/PR:H/S:C/UI:N", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://kb.netgear.com/000064495/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-WiFi-Systems-PSV-2020-0462", refsource: "MISC", url: "https://kb.netgear.com/000064495/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-WiFi-Systems-PSV-2020-0462", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2021-45595", datePublished: "2021-12-26T00:41:03", dateReserved: "2021-12-25T00:00:00", dateUpdated: "2024-08-04T04:47:01.030Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2021-27257 (GCVE-0-2021-27257)
Vulnerability from cvelistv5
Published
2021-03-05 20:00
Modified
2024-08-03 20:48
Severity ?
EPSS score ?
Summary
This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of NETGEAR R7800 firmware version 1.0.2.76. Authentication is not required to exploit this vulnerability. The specific flaw exists within the downloading of files via FTP. The issue results from the lack of proper validation of the certificate presented by the server. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-12362.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T20:48:15.995Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://kb.netgear.com/000062883/Security-Advisory-for-Multiple-Vulnerabilities-on-Some-Routers-Satellites-and-Extenders", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-21-264/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "R7800", vendor: "NETGEAR", versions: [ { status: "affected", version: "firmware version 1.0.2.76", }, ], }, ], credits: [ { lang: "en", value: "botto", }, ], descriptions: [ { lang: "en", value: "This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of NETGEAR R7800 firmware version 1.0.2.76. Authentication is not required to exploit this vulnerability. The specific flaw exists within the downloading of files via FTP. The issue results from the lack of proper validation of the certificate presented by the server. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-12362.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-295", description: "CWE-295: Improper Certificate Validation", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-03-05T20:00:26", orgId: "99f1926a-a320-47d8-bbb5-42feb611262e", shortName: "zdi", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://kb.netgear.com/000062883/Security-Advisory-for-Multiple-Vulnerabilities-on-Some-Routers-Satellites-and-Extenders", }, { tags: [ "x_refsource_MISC", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-21-264/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "zdi-disclosures@trendmicro.com", ID: "CVE-2021-27257", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "R7800", version: { version_data: [ { version_value: "firmware version 1.0.2.76", }, ], }, }, ], }, vendor_name: "NETGEAR", }, ], }, }, credit: "botto", data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of NETGEAR R7800 firmware version 1.0.2.76. Authentication is not required to exploit this vulnerability. The specific flaw exists within the downloading of files via FTP. The issue results from the lack of proper validation of the certificate presented by the server. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-12362.", }, ], }, impact: { cvss: { vectorString: "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-295: Improper Certificate Validation", }, ], }, ], }, references: { reference_data: [ { name: "https://kb.netgear.com/000062883/Security-Advisory-for-Multiple-Vulnerabilities-on-Some-Routers-Satellites-and-Extenders", refsource: "MISC", url: "https://kb.netgear.com/000062883/Security-Advisory-for-Multiple-Vulnerabilities-on-Some-Routers-Satellites-and-Extenders", }, { name: "https://www.zerodayinitiative.com/advisories/ZDI-21-264/", refsource: "MISC", url: "https://www.zerodayinitiative.com/advisories/ZDI-21-264/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "99f1926a-a320-47d8-bbb5-42feb611262e", assignerShortName: "zdi", cveId: "CVE-2021-27257", datePublished: "2021-03-05T20:00:26", dateReserved: "2021-02-16T00:00:00", dateUpdated: "2024-08-03T20:48:15.995Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2022-27646 (GCVE-0-2022-27646)
Vulnerability from cvelistv5
Published
2023-03-29 00:00
Modified
2025-02-18 17:47
Severity ?
EPSS score ?
Summary
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the circled daemon. A crafted circleinfo.txt file can trigger an overflow of a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15879.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T05:32:59.786Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://kb.netgear.com/000064721/Security-Advisory-for-Multiple-Vulnerabilities-on-Multiple-Products-PSV-2021-0324", }, { tags: [ "x_transferred", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-22-523/", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2022-27646", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-18T17:44:39.122282Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-18T17:47:05.390Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "R6700v3", vendor: "NETGEAR", versions: [ { status: "affected", version: "1.0.4.120_10.0.91", }, ], }, ], credits: [ { lang: "en", value: "Kevin Denis (@0xmitsurugi) and Antide Petit (@xarkes_) from @Synacktiv", }, ], descriptions: [ { lang: "en", value: "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the circled daemon. A crafted circleinfo.txt file can trigger an overflow of a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15879.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-121", description: "CWE-121: Stack-based Buffer Overflow", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-03-29T00:00:00.000Z", orgId: "99f1926a-a320-47d8-bbb5-42feb611262e", shortName: "zdi", }, references: [ { url: "https://kb.netgear.com/000064721/Security-Advisory-for-Multiple-Vulnerabilities-on-Multiple-Products-PSV-2021-0324", }, { url: "https://www.zerodayinitiative.com/advisories/ZDI-22-523/", }, ], }, }, cveMetadata: { assignerOrgId: "99f1926a-a320-47d8-bbb5-42feb611262e", assignerShortName: "zdi", cveId: "CVE-2022-27646", datePublished: "2023-03-29T00:00:00.000Z", dateReserved: "2022-03-22T00:00:00.000Z", dateUpdated: "2025-02-18T17:47:05.390Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2021-45619 (GCVE-0-2021-45619)
Vulnerability from cvelistv5
Published
2021-12-26 00:35
Modified
2024-08-04 04:47
Severity ?
EPSS score ?
Summary
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects EX6200v2 before 1.0.1.86, EX6250 before 1.0.0.134, EX7700 before 1.0.0.216, EX8000 before 1.0.1.232, LBR1020 before 2.6.3.58, LBR20 before 2.6.3.50, R7800 before 1.0.2.80, R8900 before 1.0.5.26, R9000 before 1.0.5.26, RBS50Y before 2.7.3.22, WNR2000v5 before 1.0.0.76, XR700 before 1.0.1.36, EX6150v2 before 1.0.1.98, EX7300 before 1.0.2.158, EX7320 before 1.0.0.134, RAX10 before 1.0.2.88, RAX120 before 1.2.0.16, RAX70 before 1.0.2.88, EX6100v2 before 1.0.1.98, EX6400 before 1.0.2.158, EX7300v2 before 1.0.0.134, R6700AX before 1.0.2.88, RAX120v2 before 1.2.0.16, RAX78 before 1.0.2.88, EX6410 before 1.0.0.134, RBR10 before 2.7.3.22, RBR20 before 2.7.3.22, RBR350 before 4.3.4.7, RBR40 before 2.7.3.22, RBR50 before 2.7.3.22, EX6420 before 1.0.0.134, RBS10 before 2.7.3.22, RBS20 before 2.7.3.22, RBS350 before 4.3.4.7, RBS40 before 2.7.3.22, RBS50 before 2.7.3.22, EX6400v2 before 1.0.0.134, RBK12 before 2.7.3.22, RBK20 before 2.7.3.22, RBK352 before 4.3.4.7, RBK40 before 2.7.3.22, and RBK50 before 2.7.3.22.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T04:47:01.689Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://kb.netgear.com/000064492/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-Routers-Extenders-and-WiFi-Systems-PSV-2020-0435", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects EX6200v2 before 1.0.1.86, EX6250 before 1.0.0.134, EX7700 before 1.0.0.216, EX8000 before 1.0.1.232, LBR1020 before 2.6.3.58, LBR20 before 2.6.3.50, R7800 before 1.0.2.80, R8900 before 1.0.5.26, R9000 before 1.0.5.26, RBS50Y before 2.7.3.22, WNR2000v5 before 1.0.0.76, XR700 before 1.0.1.36, EX6150v2 before 1.0.1.98, EX7300 before 1.0.2.158, EX7320 before 1.0.0.134, RAX10 before 1.0.2.88, RAX120 before 1.2.0.16, RAX70 before 1.0.2.88, EX6100v2 before 1.0.1.98, EX6400 before 1.0.2.158, EX7300v2 before 1.0.0.134, R6700AX before 1.0.2.88, RAX120v2 before 1.2.0.16, RAX78 before 1.0.2.88, EX6410 before 1.0.0.134, RBR10 before 2.7.3.22, RBR20 before 2.7.3.22, RBR350 before 4.3.4.7, RBR40 before 2.7.3.22, RBR50 before 2.7.3.22, EX6420 before 1.0.0.134, RBS10 before 2.7.3.22, RBS20 before 2.7.3.22, RBS350 before 4.3.4.7, RBS40 before 2.7.3.22, RBS50 before 2.7.3.22, EX6400v2 before 1.0.0.134, RBK12 before 2.7.3.22, RBK20 before 2.7.3.22, RBK352 before 4.3.4.7, RBK40 before 2.7.3.22, and RBK50 before 2.7.3.22.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 9.6, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AC:L/AV:A/A:H/C:H/I:H/PR:N/S:C/UI:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-12-26T00:35:12", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://kb.netgear.com/000064492/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-Routers-Extenders-and-WiFi-Systems-PSV-2020-0435", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2021-45619", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects EX6200v2 before 1.0.1.86, EX6250 before 1.0.0.134, EX7700 before 1.0.0.216, EX8000 before 1.0.1.232, LBR1020 before 2.6.3.58, LBR20 before 2.6.3.50, R7800 before 1.0.2.80, R8900 before 1.0.5.26, R9000 before 1.0.5.26, RBS50Y before 2.7.3.22, WNR2000v5 before 1.0.0.76, XR700 before 1.0.1.36, EX6150v2 before 1.0.1.98, EX7300 before 1.0.2.158, EX7320 before 1.0.0.134, RAX10 before 1.0.2.88, RAX120 before 1.2.0.16, RAX70 before 1.0.2.88, EX6100v2 before 1.0.1.98, EX6400 before 1.0.2.158, EX7300v2 before 1.0.0.134, R6700AX before 1.0.2.88, RAX120v2 before 1.2.0.16, RAX78 before 1.0.2.88, EX6410 before 1.0.0.134, RBR10 before 2.7.3.22, RBR20 before 2.7.3.22, RBR350 before 4.3.4.7, RBR40 before 2.7.3.22, RBR50 before 2.7.3.22, EX6420 before 1.0.0.134, RBS10 before 2.7.3.22, RBS20 before 2.7.3.22, RBS350 before 4.3.4.7, RBS40 before 2.7.3.22, RBS50 before 2.7.3.22, EX6400v2 before 1.0.0.134, RBK12 before 2.7.3.22, RBK20 before 2.7.3.22, RBK352 before 4.3.4.7, RBK40 before 2.7.3.22, and RBK50 before 2.7.3.22.", }, ], }, impact: { cvss: { attackComplexity: "LOW", attackVector: "ADJACENT", availabilityImpact: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AC:L/AV:A/A:H/C:H/I:H/PR:N/S:C/UI:N", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://kb.netgear.com/000064492/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-Routers-Extenders-and-WiFi-Systems-PSV-2020-0435", refsource: "MISC", url: "https://kb.netgear.com/000064492/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-Routers-Extenders-and-WiFi-Systems-PSV-2020-0435", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2021-45619", datePublished: "2021-12-26T00:35:12", dateReserved: "2021-12-25T00:00:00", dateUpdated: "2024-08-04T04:47:01.689Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
var-202112-2330
Vulnerability from variot
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects EX6200v2 before 1.0.1.86, EX6250 before 1.0.0.134, EX7700 before 1.0.0.216, EX8000 before 1.0.1.232, LBR1020 before 2.6.3.58, LBR20 before 2.6.3.50, R7800 before 1.0.2.80, R8900 before 1.0.5.26, R9000 before 1.0.5.26, RBS50Y before 2.7.3.22, WNR2000v5 before 1.0.0.76, XR700 before 1.0.1.36, EX6150v2 before 1.0.1.98, EX7300 before 1.0.2.158, EX7320 before 1.0.0.134, RAX10 before 1.0.2.88, RAX120 before 1.2.0.16, RAX70 before 1.0.2.88, EX6100v2 before 1.0.1.98, EX6400 before 1.0.2.158, EX7300v2 before 1.0.0.134, R6700AX before 1.0.2.88, RAX120v2 before 1.2.0.16, RAX78 before 1.0.2.88, EX6410 before 1.0.0.134, RBR10 before 2.7.3.22, RBR20 before 2.7.3.22, RBR350 before 4.3.4.7, RBR40 before 2.7.3.22, RBR50 before 2.7.3.22, EX6420 before 1.0.0.134, RBS10 before 2.7.3.22, RBS20 before 2.7.3.22, RBS350 before 4.3.4.7, RBS40 before 2.7.3.22, RBS50 before 2.7.3.22, EX6400v2 before 1.0.0.134, RBK12 before 2.7.3.22, RBK20 before 2.7.3.22, RBK352 before 4.3.4.7, RBK40 before 2.7.3.22, and RBK50 before 2.7.3.22. plural NETGEAR A command injection vulnerability exists in the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This affects EX6200v2 prior to 1.0.1.86, EX6250 prior to 1.0.0.134, EX7700 prior to 1.0.0.216, EX8000 prior to 1.0.1.232, LBR1020 prior to 2.6.3.58, LBR20 prior to 2.6.3.50, R7800 prior to 1.0.2.80, R8900 prior to 1.0.5.26, R9000 prior to 1.0.5.26, RBS50Y prior to 2.7.3.22, WNR2000v5 prior to 1.0.0.76, XR700 prior to 1.0.1.36, EX6150v2 prior to 1.0.1.98, EX7300 prior to 1.0.2.158, EX7320 prior to 1.0.0.134, RAX10 prior to 1.0.2.88, RAX120 prior to 1.2.0.16, RAX70 prior to 1.0.2.88, EX6100v2 prior to 1.0.1.98, EX6400 prior to 1.0.2.158, EX7300v2 prior to 1.0.0.134, R6700AX prior to 1.0.2.88, RAX120v2 prior to 1.2.0.16, RAX78 prior to 1.0.2.88, EX6410 prior to 1.0.0.134, RBR10 prior to 2.7.3.22, RBR20 prior to 2.7.3.22, RBR350 prior to 4.3.4.7, RBR40 prior to 2.7.3.22, RBR50 prior to 2.7.3.22, EX6420 prior to 1.0.0.134, RBS10 prior to 2.7.3.22, RBS20 prior to 2.7.3.22, RBS350 prior to 4.3.4.7, RBS40 prior to 2.7.3.22, RBS50 prior to 2.7.3.22, EX6400v2 prior to 1.0.0.134, RBK12 prior to 2.7.3.22, RBK20 prior to 2.7.3.22, RBK352 prior to 4.3.4.7, RBK40 prior to 2.7.3.22, and RBK50 prior to 2.7.3.22
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202112-2330", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "rax10", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.88", }, { model: "rbk20", scope: "lt", trust: 1, vendor: "netgear", version: "2.7.3.22", }, { model: "ex6200v2", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1.86", }, { model: "ex7700", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.216", }, { model: "rbs50y", scope: "lt", trust: 1, vendor: "netgear", version: "2.7.3.22", }, { model: "rbs10", scope: "lt", trust: 1, vendor: "netgear", version: "2.7.3.22", }, { model: "rbk50", scope: "lt", trust: 1, vendor: "netgear", version: "2.7.3.22", }, { model: "lbr1020", scope: "lt", trust: 1, vendor: "netgear", version: "2.6.3.58", }, { model: "ex6400v2", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.134", }, { model: "rbs40", scope: "lt", trust: 1, vendor: "netgear", version: "2.7.3.22", }, { model: "rbr50", scope: "lt", trust: 1, vendor: "netgear", version: "2.7.3.22", }, { model: "ex6150v2", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1.98", }, { model: "rbs350", scope: "lt", trust: 1, vendor: "netgear", version: "4.3.4.7", }, { model: "ex7300", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.158", }, { model: "ex7300v2", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.134", }, { model: "ex7320", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.134", }, { model: "ex6100v2", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1.98", }, { model: "rbk352", scope: "lt", trust: 1, vendor: "netgear", version: "4.3.4.7", }, { model: "rbr10", scope: "lt", trust: 1, vendor: "netgear", version: "2.7.3.22", }, { model: "xr700", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1.36", }, { model: "rbr350", scope: "lt", trust: 1, vendor: "netgear", version: "4.3.4.7", }, { model: "ex6410", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.134", }, { model: "rbr40", scope: "lt", trust: 1, vendor: "netgear", version: "2.7.3.22", }, { model: "rax120v2", scope: "lt", trust: 1, vendor: "netgear", version: "1.2.0.16", }, { model: "rbk12", scope: "lt", trust: 1, vendor: "netgear", version: "2.7.3.22", }, { model: "rax78", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.88", }, { model: "rbr20", scope: "lt", trust: 1, vendor: "netgear", version: "2.7.3.22", }, { model: "ex6250", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.134", }, { model: "rbk40", scope: "lt", trust: 1, vendor: "netgear", version: "2.7.3.22", }, { model: "wnr2000v5", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.76", }, { model: "lbr20", scope: "lt", trust: 1, vendor: "netgear", version: "2.6.3.50", }, { model: "rax120", scope: "lt", trust: 1, vendor: "netgear", version: "1.2.0.16", }, { model: "r8900", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.5.26", }, { model: "ex8000", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1.232", }, { model: "ex6420", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.134", }, { model: "r7800", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.80", }, { model: "rax70", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.88", }, { model: "ex6400", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.158", }, { model: "rbs20", scope: "lt", trust: 1, vendor: "netgear", version: "2.7.3.22", }, { model: "r9000", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.5.26", }, { model: "rbs50", scope: "lt", trust: 1, vendor: "netgear", version: "2.7.3.22", }, { model: "r6700ax", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.88", }, { model: "r8900", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "xr700", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "rbs50y", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "lbr20", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "ex7700", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "wnr2000v5", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "ex6250", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "r7800", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "lbr1020", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "ex8000", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-017545", }, { db: "NVD", id: "CVE-2021-45619", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:ex6250_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.0.134", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:ex6250:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:ex7700_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.0.216", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:ex7700:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:ex8000_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.1.232", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:ex8000:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:lbr1020_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.6.3.58", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:lbr1020:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:lbr20_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.6.3.50", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:lbr20:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:r7800_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.2.80", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:r7800:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:r8900_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.5.26", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:r8900:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbs50y_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.7.3.22", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbs50y:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:wnr2000v5_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.0.76", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:wnr2000v5:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:xr700_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.1.36", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:xr700:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:ex6150v2_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.1.98", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:ex6150v2:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:ex7300_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.2.158", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:ex7300:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:ex7320_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.0.134", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:ex7320:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rax10_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.2.88", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rax10:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rax120_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.2.0.16", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rax120:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rax70_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.2.88", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rax70:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:ex6100v2_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.1.98", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:ex6100v2:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:ex6400_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.2.158", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:ex6400:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:ex7300v2_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.0.134", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:ex7300v2:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:r6700ax_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.2.88", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:r6700ax:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rax120v2_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.2.0.16", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rax120v2:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rax78_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.2.88", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rax78:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:ex6410_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.0.134", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:ex6410:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbr10_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.7.3.22", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbr10:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbr20_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.7.3.22", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbr20:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbr350_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "4.3.4.7", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbr350:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbr40_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.7.3.22", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbr40:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbr50_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.7.3.22", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbr50:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:ex6420_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.0.134", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:ex6420:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbs10_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.7.3.22", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbs10:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbs20_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.7.3.22", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbs20:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbs350_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "4.3.4.7", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbs350:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbs40_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.7.3.22", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbs40:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbs50_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.7.3.22", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbs50:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:ex6400v2_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.0.134", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:ex6400v2:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbk12_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.7.3.22", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbk12:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbk20_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.7.3.22", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbk20:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbk352_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "4.3.4.7", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbk352:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbk40_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.7.3.22", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbk40:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbk50_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.7.3.22", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbk50:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:ex6200v2_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.1.86", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:ex6200v2:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:r9000_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.5.26", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:r9000:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2021-45619", }, ], }, cve: "CVE-2021-45619", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "NVD", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", exploitabilityScore: 10, impactScore: 10, integrityImpact: "COMPLETE", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "HIGH", trust: 1, userInteractionRequired: false, vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Network", authentication: "None", author: "NVD", availabilityImpact: "Complete", baseScore: 10, confidentialityImpact: "Complete", exploitabilityScore: null, id: "CVE-2021-45619", impactScore: null, integrityImpact: "Complete", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "High", trust: 0.8, userInteractionRequired: null, vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "NVD", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", exploitabilityScore: 3.9, impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", author: "cve@mitre.org", availabilityImpact: "HIGH", baseScore: 9.6, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", exploitabilityScore: 2.8, impactScore: 6, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "High", baseScore: 9.8, baseSeverity: "Critical", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2021-45619", impactScore: null, integrityImpact: "High", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2021-45619", trust: 1.8, value: "CRITICAL", }, { author: "cve@mitre.org", id: "CVE-2021-45619", trust: 1, value: "CRITICAL", }, { author: "CNNVD", id: "CNNVD-202112-2413", trust: 0.6, value: "CRITICAL", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-017545", }, { db: "NVD", id: "CVE-2021-45619", }, { db: "NVD", id: "CVE-2021-45619", }, { db: "CNNVD", id: "CNNVD-202112-2413", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects EX6200v2 before 1.0.1.86, EX6250 before 1.0.0.134, EX7700 before 1.0.0.216, EX8000 before 1.0.1.232, LBR1020 before 2.6.3.58, LBR20 before 2.6.3.50, R7800 before 1.0.2.80, R8900 before 1.0.5.26, R9000 before 1.0.5.26, RBS50Y before 2.7.3.22, WNR2000v5 before 1.0.0.76, XR700 before 1.0.1.36, EX6150v2 before 1.0.1.98, EX7300 before 1.0.2.158, EX7320 before 1.0.0.134, RAX10 before 1.0.2.88, RAX120 before 1.2.0.16, RAX70 before 1.0.2.88, EX6100v2 before 1.0.1.98, EX6400 before 1.0.2.158, EX7300v2 before 1.0.0.134, R6700AX before 1.0.2.88, RAX120v2 before 1.2.0.16, RAX78 before 1.0.2.88, EX6410 before 1.0.0.134, RBR10 before 2.7.3.22, RBR20 before 2.7.3.22, RBR350 before 4.3.4.7, RBR40 before 2.7.3.22, RBR50 before 2.7.3.22, EX6420 before 1.0.0.134, RBS10 before 2.7.3.22, RBS20 before 2.7.3.22, RBS350 before 4.3.4.7, RBS40 before 2.7.3.22, RBS50 before 2.7.3.22, EX6400v2 before 1.0.0.134, RBK12 before 2.7.3.22, RBK20 before 2.7.3.22, RBK352 before 4.3.4.7, RBK40 before 2.7.3.22, and RBK50 before 2.7.3.22. plural NETGEAR A command injection vulnerability exists in the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This affects EX6200v2 prior to 1.0.1.86, EX6250 prior to 1.0.0.134, EX7700 prior to 1.0.0.216, EX8000 prior to 1.0.1.232, LBR1020 prior to 2.6.3.58, LBR20 prior to 2.6.3.50, R7800 prior to 1.0.2.80, R8900 prior to 1.0.5.26, R9000 prior to 1.0.5.26, RBS50Y prior to 2.7.3.22, WNR2000v5 prior to 1.0.0.76, XR700 prior to 1.0.1.36, EX6150v2 prior to 1.0.1.98, EX7300 prior to 1.0.2.158, EX7320 prior to 1.0.0.134, RAX10 prior to 1.0.2.88, RAX120 prior to 1.2.0.16, RAX70 prior to 1.0.2.88, EX6100v2 prior to 1.0.1.98, EX6400 prior to 1.0.2.158, EX7300v2 prior to 1.0.0.134, R6700AX prior to 1.0.2.88, RAX120v2 prior to 1.2.0.16, RAX78 prior to 1.0.2.88, EX6410 prior to 1.0.0.134, RBR10 prior to 2.7.3.22, RBR20 prior to 2.7.3.22, RBR350 prior to 4.3.4.7, RBR40 prior to 2.7.3.22, RBR50 prior to 2.7.3.22, EX6420 prior to 1.0.0.134, RBS10 prior to 2.7.3.22, RBS20 prior to 2.7.3.22, RBS350 prior to 4.3.4.7, RBS40 prior to 2.7.3.22, RBS50 prior to 2.7.3.22, EX6400v2 prior to 1.0.0.134, RBK12 prior to 2.7.3.22, RBK20 prior to 2.7.3.22, RBK352 prior to 4.3.4.7, RBK40 prior to 2.7.3.22, and RBK50 prior to 2.7.3.22", sources: [ { db: "NVD", id: "CVE-2021-45619", }, { db: "JVNDB", id: "JVNDB-2021-017545", }, { db: "VULMON", id: "CVE-2021-45619", }, ], trust: 1.71, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2021-45619", trust: 3.3, }, { db: "JVNDB", id: "JVNDB-2021-017545", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-202112-2413", trust: 0.6, }, { db: "VULMON", id: "CVE-2021-45619", trust: 0.1, }, ], sources: [ { db: "VULMON", id: "CVE-2021-45619", }, { db: "JVNDB", id: "JVNDB-2021-017545", }, { db: "NVD", id: "CVE-2021-45619", }, { db: "CNNVD", id: "CNNVD-202112-2413", }, ], }, id: "VAR-202112-2330", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.34071181, }, last_update_date: "2023-12-18T13:37:09.669000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Security Advisory for Pre-Authentication Command Injection on Some Routers, Extenders, and WiFi Systems, PSV-2020-0435", trust: 0.8, url: "https://kb.netgear.com/000064492/security-advisory-for-pre-authentication-command-injection-on-some-routers-extenders-and-wifi-systems-psv-2020-0435", }, { title: "Netgear NETGEAR Security vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=176392", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-017545", }, { db: "CNNVD", id: "CNNVD-202112-2413", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-77", trust: 1, }, { problemtype: "Command injection (CWE-77) [NVD evaluation ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-017545", }, { db: "NVD", id: "CVE-2021-45619", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.7, url: "https://kb.netgear.com/000064492/security-advisory-for-pre-authentication-command-injection-on-some-routers-extenders-and-wifi-systems-psv-2020-0435", }, { trust: 1.4, url: "https://nvd.nist.gov/vuln/detail/cve-2021-45619", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "VULMON", id: "CVE-2021-45619", }, { db: "JVNDB", id: "JVNDB-2021-017545", }, { db: "NVD", id: "CVE-2021-45619", }, { db: "CNNVD", id: "CNNVD-202112-2413", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULMON", id: "CVE-2021-45619", }, { db: "JVNDB", id: "JVNDB-2021-017545", }, { db: "NVD", id: "CVE-2021-45619", }, { db: "CNNVD", id: "CNNVD-202112-2413", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-12-26T00:00:00", db: "VULMON", id: "CVE-2021-45619", }, { date: "2023-01-25T00:00:00", db: "JVNDB", id: "JVNDB-2021-017545", }, { date: "2021-12-26T01:15:18.657000", db: "NVD", id: "CVE-2021-45619", }, { date: "2021-12-26T00:00:00", db: "CNNVD", id: "CNNVD-202112-2413", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-12-27T00:00:00", db: "VULMON", id: "CVE-2021-45619", }, { date: "2023-01-25T02:07:00", db: "JVNDB", id: "JVNDB-2021-017545", }, { date: "2022-01-10T16:20:15.603000", db: "NVD", id: "CVE-2021-45619", }, { date: "2022-01-11T00:00:00", db: "CNNVD", id: "CNNVD-202112-2413", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202112-2413", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "plural NETGEAR Command injection vulnerability in device", sources: [ { db: "JVNDB", id: "JVNDB-2021-017545", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "command injection", sources: [ { db: "CNNVD", id: "CNNVD-202112-2413", }, ], trust: 0.6, }, }
var-202203-1672
Vulnerability from variot
This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the downloading of files via HTTPS. The issue results from the lack of proper validation of the certificate presented by the server. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-15797. R6400 firmware, R6700 firmware, R6900P Multiple Netgear products, including firmware, contain vulnerabilities related to certificate validation.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202203-1672", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "r6400", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.4.126", }, { model: "rax200", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.6.138", }, { model: "lbr1020", scope: "lt", trust: 1, vendor: "netgear", version: "2.7.4.2", }, { model: "rbs10", scope: "lt", trust: 1, vendor: "netgear", version: "2.7.4.24", }, { model: "r8000", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.4.84", }, { model: "rbr20", scope: "lt", trust: 1, vendor: "netgear", version: "2.7.4.24", }, { model: "rax80", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.6.138", }, { model: "rbs40", scope: "lt", trust: 1, vendor: "netgear", version: "2.7.4.24", }, { model: "r7850", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.5.84", }, { model: "r8000p", scope: "lt", trust: 1, vendor: "netgear", version: "1.4.3.88", }, { model: "rbr50", scope: "lt", trust: 1, vendor: "netgear", version: "2.7.4.24", }, { model: "cbr40", scope: "lt", trust: 1, vendor: "netgear", version: "2.5.0.28", }, { model: "r7000", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.11.134", }, { model: "lbr20", scope: "lt", trust: 1, vendor: "netgear", version: "2.7.4.2", }, { model: "r6700", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.4.126", }, { model: "rbs20", scope: "lt", trust: 1, vendor: "netgear", version: "2.7.4.24", }, { model: "rax75", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.6.138", }, { model: "rbr10", scope: "lt", trust: 1, vendor: "netgear", version: "2.7.4.24", }, { model: "r6900p", scope: "lt", trust: 1, vendor: "netgear", version: "1.3.3.148", }, { model: "r7960p", scope: "lt", trust: 1, vendor: "netgear", version: "1.4.3.88", }, { model: "rbs50", scope: "lt", trust: 1, vendor: "netgear", version: "2.7.4.24", }, { model: "rbr40", scope: "lt", trust: 1, vendor: "netgear", version: "2.7.4.24", }, { model: "rs400", scope: "lt", trust: 1, vendor: "netgear", version: "1.5.1.86", }, { model: "r7000p", scope: "lt", trust: 1, vendor: "netgear", version: "1.3.3.148", }, { model: "rbr10", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "cbr40", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "r7960p", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "r8000", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "lbr1020", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "rbr20", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "r7850", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "r6700", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "rbr40", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "lbr20", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "rbr50", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "r6400", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "rs400", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "r6900p", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "r7000p", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "rax75", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "r7000", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "rax80", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "rax200", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "r8000p", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "r6700v3", scope: null, trust: 0.7, vendor: "netgear", version: null, }, ], sources: [ { db: "ZDI", id: "ZDI-22-520", }, { db: "JVNDB", id: "JVNDB-2022-021795", }, { db: "NVD", id: "CVE-2022-27644", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:r6400_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.4.126", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:r6400:v2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:r6700_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.4.126", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:r6700:v3:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:r6900p_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.3.3.148", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:r6900p:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:r7000_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.11.134", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:r7000:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:r7000p_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.3.3.148", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:r7000p:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:r7850_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.5.84", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:r7850:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:r7960p_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.4.3.88", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:r7960p:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:r8000_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.4.84", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:r8000:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:r8000p_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.4.3.88", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:r8000p:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rax200_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.6.138", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rax200:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rax75_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.6.138", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rax75:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rax80_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.6.138", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rax80:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rs400_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.5.1.86", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rs400:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:cbr40_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.5.0.28", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:cbr40:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:lbr1020_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.7.4.2", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:lbr1020:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:lbr20_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.7.4.2", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:lbr20:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbr10_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.7.4.24", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbr10:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbr20_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.7.4.24", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbr20:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbr40_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.7.4.24", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbr40:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbr50_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.7.4.24", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbr50:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbs10_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.7.4.24", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbs10:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbs20_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.7.4.24", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbs20:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbs40_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.7.4.24", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbs40:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbs50_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.7.4.24", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbs50:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2022-27644", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Kevin Denis (@0xmitsurugi) and Antide Petit (@xarkes_) from @Synacktiv", sources: [ { db: "ZDI", id: "ZDI-22-520", }, { db: "CNNVD", id: "CNNVD-202203-2057", }, ], trust: 1.3, }, cve: "CVE-2022-27644", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [], cvssV3: [ { attackComplexity: "HIGH", attackVector: "ADJACENT_NETWORK", author: "zdi-disclosures@trendmicro.com", availabilityImpact: "LOW", baseScore: 5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", exploitabilityScore: 1.6, impactScore: 3.4, integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", author: "NVD", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 2.8, impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "Low", attackVector: "Adjacent Network", author: "NVD", availabilityImpact: "High", baseScore: 8.8, baseSeverity: "High", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2022-27644", impactScore: null, integrityImpact: "High", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, { attackComplexity: "HIGH", attackVector: "ADJACENT", author: "ZDI", availabilityImpact: "LOW", baseScore: 5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", exploitabilityScore: 1.6, id: "CVE-2022-27644", impactScore: 3.4, integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 0.7, userInteraction: "NONE", vectorString: "AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2022-27644", trust: 1.8, value: "HIGH", }, { author: "zdi-disclosures@trendmicro.com", id: "CVE-2022-27644", trust: 1, value: "MEDIUM", }, { author: "ZDI", id: "CVE-2022-27644", trust: 0.7, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-202203-2057", trust: 0.6, value: "HIGH", }, ], }, ], sources: [ { db: "ZDI", id: "ZDI-22-520", }, { db: "JVNDB", id: "JVNDB-2022-021795", }, { db: "NVD", id: "CVE-2022-27644", }, { db: "NVD", id: "CVE-2022-27644", }, { db: "CNNVD", id: "CNNVD-202203-2057", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the downloading of files via HTTPS. The issue results from the lack of proper validation of the certificate presented by the server. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-15797. R6400 firmware, R6700 firmware, R6900P Multiple Netgear products, including firmware, contain vulnerabilities related to certificate validation.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state", sources: [ { db: "NVD", id: "CVE-2022-27644", }, { db: "JVNDB", id: "JVNDB-2022-021795", }, { db: "ZDI", id: "ZDI-22-520", }, { db: "VULMON", id: "CVE-2022-27644", }, ], trust: 2.34, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2022-27644", trust: 4, }, { db: "ZDI", id: "ZDI-22-520", trust: 3.2, }, { db: "JVNDB", id: "JVNDB-2022-021795", trust: 0.8, }, { db: "ZDI_CAN", id: "ZDI-CAN-15797", trust: 0.7, }, { db: "CS-HELP", id: "SB2022032410", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202203-2057", trust: 0.6, }, { db: "VULMON", id: "CVE-2022-27644", trust: 0.1, }, ], sources: [ { db: "ZDI", id: "ZDI-22-520", }, { db: "VULMON", id: "CVE-2022-27644", }, { db: "JVNDB", id: "JVNDB-2022-021795", }, { db: "NVD", id: "CVE-2022-27644", }, { db: "CNNVD", id: "CNNVD-202203-2057", }, ], }, id: "VAR-202203-1672", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.2929920506666666, }, last_update_date: "2023-12-18T11:56:24.164000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "NETGEAR has issued an update to correct this vulnerability.", trust: 0.7, url: "https://kb.netgear.com/000064721/security-advisory-for-multiple-vulnerabilities-on-multiple-products-psv-2021-0324", }, { title: "NETGEAR R6700v3 Repair measures for trust management problem vulnerabilities", trust: 0.6, url: "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=232029", }, ], sources: [ { db: "ZDI", id: "ZDI-22-520", }, { db: "CNNVD", id: "CNNVD-202203-2057", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-295", trust: 1, }, { problemtype: "Illegal certificate verification (CWE-295) [ others ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2022-021795", }, { db: "NVD", id: "CVE-2022-27644", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 3.2, url: "https://kb.netgear.com/000064721/security-advisory-for-multiple-vulnerabilities-on-multiple-products-psv-2021-0324", }, { trust: 3.2, url: "https://www.zerodayinitiative.com/advisories/zdi-22-520/", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2022-27644", }, { trust: 0.6, url: "https://cxsecurity.com/cveshow/cve-2022-27644/", }, { trust: 0.6, url: "https://www.cybersecurity-help.cz/vdb/sb2022032410", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/295.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "ZDI", id: "ZDI-22-520", }, { db: "VULMON", id: "CVE-2022-27644", }, { db: "JVNDB", id: "JVNDB-2022-021795", }, { db: "NVD", id: "CVE-2022-27644", }, { db: "CNNVD", id: "CNNVD-202203-2057", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "ZDI", id: "ZDI-22-520", }, { db: "VULMON", id: "CVE-2022-27644", }, { db: "JVNDB", id: "JVNDB-2022-021795", }, { db: "NVD", id: "CVE-2022-27644", }, { db: "CNNVD", id: "CNNVD-202203-2057", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-03-23T00:00:00", db: "ZDI", id: "ZDI-22-520", }, { date: "2023-03-29T00:00:00", db: "VULMON", id: "CVE-2022-27644", }, { date: "2023-11-14T00:00:00", db: "JVNDB", id: "JVNDB-2022-021795", }, { date: "2023-03-29T19:15:08.563000", db: "NVD", id: "CVE-2022-27644", }, { date: "2022-03-23T00:00:00", db: "CNNVD", id: "CNNVD-202203-2057", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-03-23T00:00:00", db: "ZDI", id: "ZDI-22-520", }, { date: "2023-03-30T00:00:00", db: "VULMON", id: "CVE-2022-27644", }, { date: "2023-11-14T04:15:00", db: "JVNDB", id: "JVNDB-2022-021795", }, { date: "2023-04-05T15:22:23.963000", db: "NVD", id: "CVE-2022-27644", }, { date: "2023-04-06T00:00:00", db: "CNNVD", id: "CNNVD-202203-2057", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote or local", sources: [ { db: "CNNVD", id: "CNNVD-202203-2057", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Certificate validation vulnerability in multiple Netgear products", sources: [ { db: "JVNDB", id: "JVNDB-2022-021795", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "trust management problem", sources: [ { db: "CNNVD", id: "CNNVD-202203-2057", }, ], trust: 0.6, }, }
var-202203-1670
Vulnerability from variot
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the circled daemon. A crafted circleinfo.txt file can trigger an overflow of a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15879. R6400 firmware, R6700 firmware, R6900P A stack-based buffer overflow vulnerability exists in multiple Netgear products, including firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202203-1670", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "r6400", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.4.126", }, { model: "rax200", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.6.138", }, { model: "lbr1020", scope: "lt", trust: 1, vendor: "netgear", version: "2.7.4.2", }, { model: "rbs10", scope: "lt", trust: 1, vendor: "netgear", version: "2.7.4.24", }, { model: "r8000", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.4.84", }, { model: "rbr20", scope: "lt", trust: 1, vendor: "netgear", version: "2.7.4.24", }, { model: "rax80", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.6.138", }, { model: "rbs40", scope: "lt", trust: 1, vendor: "netgear", version: "2.7.4.24", }, { model: "r7850", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.5.84", }, { model: "r8000p", scope: "lt", trust: 1, vendor: "netgear", version: "1.4.3.88", }, { model: "rbr50", scope: "lt", trust: 1, vendor: "netgear", version: "2.7.4.24", }, { model: "cbr40", scope: "lt", trust: 1, vendor: "netgear", version: "2.5.0.28", }, { model: "r7000", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.11.134", }, { model: "lbr20", scope: "lt", trust: 1, vendor: "netgear", version: "2.7.4.2", }, { model: "r6700", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.4.126", }, { model: "rbs20", scope: "lt", trust: 1, vendor: "netgear", version: "2.7.4.24", }, { model: "rax75", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.6.138", }, { model: "rbr10", scope: "lt", trust: 1, vendor: "netgear", version: "2.7.4.24", }, { model: "r6900p", scope: "lt", trust: 1, vendor: "netgear", version: "1.3.3.148", }, { model: "r7960p", scope: "lt", trust: 1, vendor: "netgear", version: "1.4.3.88", }, { model: "rbs50", scope: "lt", trust: 1, vendor: "netgear", version: "2.7.4.24", }, { model: "rbr40", scope: "lt", trust: 1, vendor: "netgear", version: "2.7.4.24", }, { model: "rs400", scope: "lt", trust: 1, vendor: "netgear", version: "1.5.1.86", }, { model: "r7000p", scope: "lt", trust: 1, vendor: "netgear", version: "1.3.3.148", }, { model: "rbr20", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "rs400", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "r6400", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "r7000", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "lbr1020", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "r8000", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "rax200", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "lbr20", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "r8000p", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "cbr40", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "r6900p", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "rax75", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "rbr40", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "rbr50", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "r7960p", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "r6700", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "rax80", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "rbr10", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "r7850", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "r7000p", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "r6700v3", scope: null, trust: 0.7, vendor: "netgear", version: null, }, ], sources: [ { db: "ZDI", id: "ZDI-22-523", }, { db: "JVNDB", id: "JVNDB-2022-022072", }, { db: "NVD", id: "CVE-2022-27646", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:r6400_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.4.126", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:r6400:v2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:r6700_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.4.126", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:r6700:v3:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:r6900p_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.3.3.148", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:r6900p:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:r7000_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.11.134", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:r7000:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:r7000p_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.3.3.148", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:r7000p:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:r7850_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.5.84", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:r7850:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:r7960p_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.4.3.88", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:r7960p:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:r8000_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.4.84", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:r8000:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:r8000p_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.4.3.88", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:r8000p:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rax200_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.6.138", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rax200:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rax75_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.6.138", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rax75:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rax80_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.6.138", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rax80:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rs400_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.5.1.86", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rs400:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:cbr40_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.5.0.28", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:cbr40:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:lbr1020_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.7.4.2", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:lbr1020:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:lbr20_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.7.4.2", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:lbr20:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbr10_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.7.4.24", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbr10:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbr20_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.7.4.24", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbr20:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbr40_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.7.4.24", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbr40:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbr50_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.7.4.24", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbr50:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbs10_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.7.4.24", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbs10:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbs20_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.7.4.24", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbs20:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbs40_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.7.4.24", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbs40:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbs50_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.7.4.24", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbs50:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2022-27646", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Kevin Denis (@0xmitsurugi) and Antide Petit (@xarkes_) from @Synacktiv", sources: [ { db: "ZDI", id: "ZDI-22-523", }, { db: "CNNVD", id: "CNNVD-202203-2060", }, ], trust: 1.3, }, cve: "CVE-2022-27646", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [], cvssV3: [ { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", author: "zdi-disclosures@trendmicro.com", availabilityImpact: "HIGH", baseScore: 8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 2.1, impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", author: "NVD", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 2.8, impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "Low", attackVector: "Adjacent Network", author: "NVD", availabilityImpact: "High", baseScore: 8.8, baseSeverity: "High", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2022-27646", impactScore: null, integrityImpact: "High", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, { attackComplexity: "LOW", attackVector: "ADJACENT", author: "ZDI", availabilityImpact: "HIGH", baseScore: 8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 2.1, id: "CVE-2022-27646", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", trust: 0.7, userInteraction: "NONE", vectorString: "AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2022-27646", trust: 1.8, value: "HIGH", }, { author: "zdi-disclosures@trendmicro.com", id: "CVE-2022-27646", trust: 1, value: "HIGH", }, { author: "ZDI", id: "CVE-2022-27646", trust: 0.7, value: "HIGH", }, { author: "CNNVD", id: "CNNVD-202203-2060", trust: 0.6, value: "HIGH", }, ], }, ], sources: [ { db: "ZDI", id: "ZDI-22-523", }, { db: "JVNDB", id: "JVNDB-2022-022072", }, { db: "NVD", id: "CVE-2022-27646", }, { db: "NVD", id: "CVE-2022-27646", }, { db: "CNNVD", id: "CNNVD-202203-2060", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the circled daemon. A crafted circleinfo.txt file can trigger an overflow of a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15879. R6400 firmware, R6700 firmware, R6900P A stack-based buffer overflow vulnerability exists in multiple Netgear products, including firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state", sources: [ { db: "NVD", id: "CVE-2022-27646", }, { db: "JVNDB", id: "JVNDB-2022-022072", }, { db: "ZDI", id: "ZDI-22-523", }, { db: "VULMON", id: "CVE-2022-27646", }, ], trust: 2.34, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2022-27646", trust: 4, }, { db: "ZDI", id: "ZDI-22-523", trust: 3.2, }, { db: "JVNDB", id: "JVNDB-2022-022072", trust: 0.8, }, { db: "ZDI_CAN", id: "ZDI-CAN-15879", trust: 0.7, }, { db: "CS-HELP", id: "SB2022032410", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202203-2060", trust: 0.6, }, { db: "VULMON", id: "CVE-2022-27646", trust: 0.1, }, ], sources: [ { db: "ZDI", id: "ZDI-22-523", }, { db: "VULMON", id: "CVE-2022-27646", }, { db: "JVNDB", id: "JVNDB-2022-022072", }, { db: "NVD", id: "CVE-2022-27646", }, { db: "CNNVD", id: "CNNVD-202203-2060", }, ], }, id: "VAR-202203-1670", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.2929920506666666, }, last_update_date: "2023-12-18T11:56:24.104000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "NETGEAR has issued an update to correct this vulnerability.", trust: 0.7, url: "https://kb.netgear.com/000064721/security-advisory-for-multiple-vulnerabilities-on-multiple-products-psv-2021-0324", }, { title: "NETGEAR R6700v3 Remediation measures for authorization problem vulnerabilities", trust: 0.6, url: "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=231215", }, ], sources: [ { db: "ZDI", id: "ZDI-22-523", }, { db: "CNNVD", id: "CNNVD-202203-2060", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-121", trust: 1, }, { problemtype: "Stack-based buffer overflow (CWE-121) [ others ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2022-022072", }, { db: "NVD", id: "CVE-2022-27646", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 3.2, url: "https://kb.netgear.com/000064721/security-advisory-for-multiple-vulnerabilities-on-multiple-products-psv-2021-0324", }, { trust: 3.2, url: "https://www.zerodayinitiative.com/advisories/zdi-22-523/", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2022-27646", }, { trust: 0.6, url: "https://cxsecurity.com/cveshow/cve-2022-27646/", }, { trust: 0.6, url: "https://www.cybersecurity-help.cz/vdb/sb2022032410", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/121.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "ZDI", id: "ZDI-22-523", }, { db: "VULMON", id: "CVE-2022-27646", }, { db: "JVNDB", id: "JVNDB-2022-022072", }, { db: "NVD", id: "CVE-2022-27646", }, { db: "CNNVD", id: "CNNVD-202203-2060", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "ZDI", id: "ZDI-22-523", }, { db: "VULMON", id: "CVE-2022-27646", }, { db: "JVNDB", id: "JVNDB-2022-022072", }, { db: "NVD", id: "CVE-2022-27646", }, { db: "CNNVD", id: "CNNVD-202203-2060", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-03-23T00:00:00", db: "ZDI", id: "ZDI-22-523", }, { date: "2023-03-29T00:00:00", db: "VULMON", id: "CVE-2022-27646", }, { date: "2023-11-15T00:00:00", db: "JVNDB", id: "JVNDB-2022-022072", }, { date: "2023-03-29T19:15:08.707000", db: "NVD", id: "CVE-2022-27646", }, { date: "2022-03-23T00:00:00", db: "CNNVD", id: "CNNVD-202203-2060", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-03-23T00:00:00", db: "ZDI", id: "ZDI-22-523", }, { date: "2023-03-30T00:00:00", db: "VULMON", id: "CVE-2022-27646", }, { date: "2023-11-15T03:22:00", db: "JVNDB", id: "JVNDB-2022-022072", }, { date: "2023-04-06T17:43:22.507000", db: "NVD", id: "CVE-2022-27646", }, { date: "2023-04-07T00:00:00", db: "CNNVD", id: "CNNVD-202203-2060", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote or local", sources: [ { db: "CNNVD", id: "CNNVD-202203-2060", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Stack-based buffer overflow vulnerability in multiple Netgear products", sources: [ { db: "JVNDB", id: "JVNDB-2022-022072", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "authorization issue", sources: [ { db: "CNNVD", id: "CNNVD-202203-2060", }, ], trust: 0.6, }, }
var-202104-1038
Vulnerability from variot
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R7800 firmware version 1.0.2.76. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the vendor_specific DHCP opcode. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-12216. NETGEAR R7800 For firmware, OS A command injection vulnerability exists. Zero Day Initiative To this vulnerability ZDI-CAN-12216 Was numbered.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202104-1038", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "rbr40", scope: "lt", trust: 1, vendor: "netgear", version: "2.6.2.104", }, { model: "ex7700", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.216", }, { model: "br200", scope: "lt", trust: 1, vendor: "netgear", version: "5.10.0.5", }, { model: "ex6400v2", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.134", }, { model: "xr450", scope: "lt", trust: 1, vendor: "netgear", version: "2.3.2.114", }, { model: "rbk15", scope: "lt", trust: 1, vendor: "netgear", version: "2.7.2.104", }, { model: "rbr20", scope: "lt", trust: 1, vendor: "netgear", version: "2.6.2.104", }, { model: "rbk40", scope: "lt", trust: 1, vendor: "netgear", version: "2.6.2.104", }, { model: "rbk53", scope: "lt", trust: 1, vendor: "netgear", version: "2.7.2.104", }, { model: "d7800", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1.60", }, { model: "br500", scope: "lt", trust: 1, vendor: "netgear", version: "5.10.0.5", }, { model: "rbk12", scope: "lt", trust: 1, vendor: "netgear", version: "2.7.2.104", }, { model: "ex7300", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.158", }, { model: "ex7300v2", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.134", }, { model: "rbk13", scope: "lt", trust: 1, vendor: "netgear", version: "2.7.2.104", }, { model: "ex7320", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.134", }, { model: "ex6100v2", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1.98", }, { model: "xr500", scope: "lt", trust: 1, vendor: "netgear", version: "2.3.2.114", }, { model: "rbs20", scope: "lt", trust: 1, vendor: "netgear", version: "2.6.2.104", }, { model: "rbk23", scope: "lt", trust: 1, vendor: "netgear", version: "2.7.2.104", }, { model: "ex6410", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.134", }, { model: "ex6150", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1.98", }, { model: "ex6250", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.134", }, { model: "rbk20", scope: "lt", trust: 1, vendor: "netgear", version: "2.6.2.104", }, { model: "rbs50", scope: "lt", trust: 1, vendor: "netgear", version: "2.7.2.104", }, { model: "rbs10", scope: "lt", trust: 1, vendor: "netgear", version: "2.6.2.104", }, { model: "rbs50y", scope: "lt", trust: 1, vendor: "netgear", version: "2.6.2.104", }, { model: "lbr20", scope: "lt", trust: 1, vendor: "netgear", version: "2.6.3.50", }, { model: "xr700", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1.38", }, { model: "rbs40", scope: "lt", trust: 1, vendor: "netgear", version: "2.6.2.104", }, { model: "rbk14", scope: "lt", trust: 1, vendor: "netgear", version: "2.7.2.104", }, { model: "ex8000", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1.232", }, { model: "ex6420", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.134", }, { model: "r7800", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.80", }, { model: "rbk50", scope: "lt", trust: 1, vendor: "netgear", version: "2.7.2.104", }, { model: "ex6400", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.158", }, { model: "r8900", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.5.28", }, { model: "rbk43", scope: "lt", trust: 1, vendor: "netgear", version: "2.6.2.104", }, { model: "rbr10", scope: "lt", trust: 1, vendor: "netgear", version: "2.6.2.104", }, { model: "rbr50", scope: "lt", trust: 1, vendor: "netgear", version: "2.7.2.104", }, { model: "rbk43s", scope: "lt", trust: 1, vendor: "netgear", version: "2.6.2.104", }, { model: "rbk44", scope: "lt", trust: 1, vendor: "netgear", version: "2.6.2.104", }, { model: "r9000", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.5.28", }, { model: "br500", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "r7800", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "ex6410", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "ex6150", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "d7800", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "ex6100v2", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "ex6400", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "ex6250", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "br200", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "ex6400v2", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "r7800", scope: null, trust: 0.7, vendor: "netgear", version: null, }, ], sources: [ { db: "ZDI", id: "ZDI-21-248", }, { db: "JVNDB", id: "JVNDB-2021-006382", }, { db: "NVD", id: "CVE-2021-27252", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:br200_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "5.10.0.5", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:br200:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:br500_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "5.10.0.5", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:br500:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:d7800_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.1.60", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:d7800:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:ex6100v2_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.1.98", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:ex6100:v2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:ex6150_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.1.98", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:ex6150:v2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:ex6250_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.0.134", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:ex6250:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:ex6400_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.2.158", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:ex6400:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:ex6400v2_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.0.134", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:ex6400:v2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:ex6410_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.0.134", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:ex6410:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:ex6420_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.0.134", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:ex6420:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:ex7300_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.2.158", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:ex7300:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:ex7300v2_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.0.134", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:ex7300:v2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:ex7320_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.0.134", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:ex7320:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:ex7700_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.0.216", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:ex7700:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:ex8000_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.1.232", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:ex8000:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:lbr20_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.6.3.50", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:lbr20:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:r7800_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.2.80", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:r7800:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:r8900_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.5.28", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:r8900:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:r9000_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.5.28", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:r9000:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbk12_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.7.2.104", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbk12:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbk13_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.7.2.104", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbk13:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbk14_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.7.2.104", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbk14:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbk15_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.7.2.104", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbk15:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbk20_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.6.2.104", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbk20:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbk23_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.7.2.104", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbk23:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbk40_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.6.2.104", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbk40:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbk43_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.6.2.104", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbk43:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbk43s_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.6.2.104", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbk43s:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbk44_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.6.2.104", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbk44:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbk50_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.7.2.104", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbk50:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbk53_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.7.2.104", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbk53:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbr10_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.6.2.104", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbr10:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbr20_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.6.2.104", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbr20:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbr40_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.6.2.104", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbr40:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbr50_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.7.2.104", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbr50:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbs10_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.6.2.104", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbs10:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbs20_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.6.2.104", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbs20:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbs40_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.6.2.104", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbs40:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbs50_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.7.2.104", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbs50:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbs50y_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.6.2.104", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbs50y:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:xr450_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.3.2.114", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:xr450:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:xr500_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.3.2.114", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:xr500:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:xr700_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.1.38", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:xr700:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2021-27252", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "atdog (@atdog_tw)", sources: [ { db: "ZDI", id: "ZDI-21-248", }, ], trust: 0.7, }, cve: "CVE-2021-27252", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "NONE", author: "NVD", availabilityImpact: "COMPLETE", baseScore: 8.3, confidentialityImpact: "COMPLETE", exploitabilityScore: 6.5, impactScore: 10, integrityImpact: "COMPLETE", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "HIGH", trust: 1, userInteractionRequired: false, vectorString: "AV:A/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Adjacent Network", authentication: "None", author: "NVD", availabilityImpact: "Complete", baseScore: 8.3, confidentialityImpact: "Complete", exploitabilityScore: null, id: "CVE-2021-27252", impactScore: null, integrityImpact: "Complete", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "High", trust: 0.8, userInteractionRequired: null, vectorString: "AV:A/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", author: "NVD", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 2.8, impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", author: "zdi-disclosures@trendmicro.com", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 2.8, impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, { attackComplexity: "Low", attackVector: "Adjacent Network", author: "NVD", availabilityImpact: "High", baseScore: 8.8, baseSeverity: "High", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2021-27252", impactScore: null, integrityImpact: "High", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, { attackComplexity: "LOW", attackVector: "ADJACENT", author: "ZDI", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 2.8, id: "CVE-2021-27252", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 0.7, userInteraction: "NONE", vectorString: "AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2021-27252", trust: 1.8, value: "HIGH", }, { author: "zdi-disclosures@trendmicro.com", id: "CVE-2021-27252", trust: 1, value: "HIGH", }, { author: "ZDI", id: "CVE-2021-27252", trust: 0.7, value: "HIGH", }, { author: "CNNVD", id: "CNNVD-202104-1073", trust: 0.6, value: "HIGH", }, ], }, ], sources: [ { db: "ZDI", id: "ZDI-21-248", }, { db: "JVNDB", id: "JVNDB-2021-006382", }, { db: "NVD", id: "CVE-2021-27252", }, { db: "NVD", id: "CVE-2021-27252", }, { db: "CNNVD", id: "CNNVD-202104-1073", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R7800 firmware version 1.0.2.76. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the vendor_specific DHCP opcode. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-12216. NETGEAR R7800 For firmware, OS A command injection vulnerability exists. Zero Day Initiative To this vulnerability ZDI-CAN-12216 Was numbered.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state", sources: [ { db: "NVD", id: "CVE-2021-27252", }, { db: "JVNDB", id: "JVNDB-2021-006382", }, { db: "ZDI", id: "ZDI-21-248", }, { db: "VULMON", id: "CVE-2021-27252", }, ], trust: 2.34, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2021-27252", trust: 4, }, { db: "ZDI", id: "ZDI-21-248", trust: 3.2, }, { db: "JVNDB", id: "JVNDB-2021-006382", trust: 0.8, }, { db: "ZDI_CAN", id: "ZDI-CAN-12216", trust: 0.7, }, { db: "CNNVD", id: "CNNVD-202104-1073", trust: 0.6, }, { db: "VULMON", id: "CVE-2021-27252", trust: 0.1, }, ], sources: [ { db: "ZDI", id: "ZDI-21-248", }, { db: "VULMON", id: "CVE-2021-27252", }, { db: "JVNDB", id: "JVNDB-2021-006382", }, { db: "NVD", id: "CVE-2021-27252", }, { db: "CNNVD", id: "CNNVD-202104-1073", }, ], }, id: "VAR-202104-1038", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.27871401555555564, }, last_update_date: "2023-12-18T13:12:33.847000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Security Advisory for Multiple Vulnerabilities on Some Routers, Satellites, and Extenders", trust: 1.5, url: "https://kb.netgear.com/000062883/security-advisory-for-multiple-vulnerabilities-on-some-routers-satellites-and-extenders", }, { title: "Netgear NETGEAR R7800 Fixes for operating system command injection vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=147594", }, ], sources: [ { db: "ZDI", id: "ZDI-21-248", }, { db: "JVNDB", id: "JVNDB-2021-006382", }, { db: "CNNVD", id: "CNNVD-202104-1073", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-78", trust: 1, }, { problemtype: "OS Command injection (CWE-78) [ Other ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-006382", }, { db: "NVD", id: "CVE-2021-27252", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2.6, url: "https://www.zerodayinitiative.com/advisories/zdi-21-248/", }, { trust: 2.4, url: "https://kb.netgear.com/000062883/security-advisory-for-multiple-vulnerabilities-on-some-routers-satellites-and-extenders", }, { trust: 1.4, url: "https://nvd.nist.gov/vuln/detail/cve-2021-27252", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/78.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "ZDI", id: "ZDI-21-248", }, { db: "VULMON", id: "CVE-2021-27252", }, { db: "JVNDB", id: "JVNDB-2021-006382", }, { db: "NVD", id: "CVE-2021-27252", }, { db: "CNNVD", id: "CNNVD-202104-1073", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "ZDI", id: "ZDI-21-248", }, { db: "VULMON", id: "CVE-2021-27252", }, { db: "JVNDB", id: "JVNDB-2021-006382", }, { db: "NVD", id: "CVE-2021-27252", }, { db: "CNNVD", id: "CNNVD-202104-1073", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-02-24T00:00:00", db: "ZDI", id: "ZDI-21-248", }, { date: "2021-04-14T00:00:00", db: "VULMON", id: "CVE-2021-27252", }, { date: "2022-01-06T00:00:00", db: "JVNDB", id: "JVNDB-2021-006382", }, { date: "2021-04-14T16:15:13.737000", db: "NVD", id: "CVE-2021-27252", }, { date: "2021-04-14T00:00:00", db: "CNNVD", id: "CNNVD-202104-1073", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-02-24T00:00:00", db: "ZDI", id: "ZDI-21-248", }, { date: "2021-04-27T00:00:00", db: "VULMON", id: "CVE-2021-27252", }, { date: "2022-01-06T05:00:00", db: "JVNDB", id: "JVNDB-2021-006382", }, { date: "2021-04-27T14:49:52.450000", db: "NVD", id: "CVE-2021-27252", }, { date: "2021-04-28T00:00:00", db: "CNNVD", id: "CNNVD-202104-1073", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote or local", sources: [ { db: "CNNVD", id: "CNNVD-202104-1073", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "NETGEAR R7800 In firmware OS Command injection vulnerability", sources: [ { db: "JVNDB", id: "JVNDB-2021-006382", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "operating system commend injection", sources: [ { db: "CNNVD", id: "CNNVD-202104-1073", }, ], trust: 0.6, }, }
var-202104-1039
Vulnerability from variot
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR Nighthawk R7800. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of the rc_service parameter provided to apply_bind.cgi. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-12303
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202104-1039", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "rbr40", scope: "lt", trust: 1, vendor: "netgear", version: "2.6.2.104", }, { model: "ex7700", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.216", }, { model: "br200", scope: "lt", trust: 1, vendor: "netgear", version: "5.10.0.5", }, { model: "ex6400v2", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.134", }, { model: "xr450", scope: "lt", trust: 1, vendor: "netgear", version: "2.3.2.114", }, { model: "rbk15", scope: "lt", trust: 1, vendor: "netgear", version: "2.7.2.104", }, { model: "rbr20", scope: "lt", trust: 1, vendor: "netgear", version: "2.6.2.104", }, { model: "rbk40", scope: "lt", trust: 1, vendor: "netgear", version: "2.6.2.104", }, { model: "rbk53", scope: "lt", trust: 1, vendor: "netgear", version: "2.7.2.104", }, { model: "d7800", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1.60", }, { model: "br500", scope: "lt", trust: 1, vendor: "netgear", version: "5.10.0.5", }, { model: "rbk12", scope: "lt", trust: 1, vendor: "netgear", version: "2.7.2.104", }, { model: "ex7300", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.158", }, { model: "ex7300v2", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.134", }, { model: "rbk13", scope: "lt", trust: 1, vendor: "netgear", version: "2.7.2.104", }, { model: "ex7320", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.134", }, { model: "ex6100v2", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1.98", }, { model: "xr500", scope: "lt", trust: 1, vendor: "netgear", version: "2.3.2.114", }, { model: "rbs20", scope: "lt", trust: 1, vendor: "netgear", version: "2.6.2.104", }, { model: "rbk23", scope: "lt", trust: 1, vendor: "netgear", version: "2.7.2.104", }, { model: "ex6410", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.134", }, { model: "ex6150", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1.98", }, { model: "ex6250", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.134", }, { model: "rbk20", scope: "lt", trust: 1, vendor: "netgear", version: "2.6.2.104", }, { model: "rbs50", scope: "lt", trust: 1, vendor: "netgear", version: "2.7.2.104", }, { model: "rbs10", scope: "lt", trust: 1, vendor: "netgear", version: "2.6.2.104", }, { model: "rbs50y", scope: "lt", trust: 1, vendor: "netgear", version: "2.6.2.104", }, { model: "lbr20", scope: "lt", trust: 1, vendor: "netgear", version: "2.6.3.50", }, { model: "xr700", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1.38", }, { model: "rbs40", scope: "lt", trust: 1, vendor: "netgear", version: "2.6.2.104", }, { model: "rbk14", scope: "lt", trust: 1, vendor: "netgear", version: "2.7.2.104", }, { model: "ex8000", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1.232", }, { model: "ex6420", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.134", }, { model: "r7800", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.80", }, { model: "rbk50", scope: "lt", trust: 1, vendor: "netgear", version: "2.7.2.104", }, { model: "ex6400", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.158", }, { model: "r8900", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.5.28", }, { model: "rbk43", scope: "lt", trust: 1, vendor: "netgear", version: "2.6.2.104", }, { model: "rbr10", scope: "lt", trust: 1, vendor: "netgear", version: "2.6.2.104", }, { model: "rbr50", scope: "lt", trust: 1, vendor: "netgear", version: "2.7.2.104", }, { model: "rbk43s", scope: "lt", trust: 1, vendor: "netgear", version: "2.6.2.104", }, { model: "rbk44", scope: "lt", trust: 1, vendor: "netgear", version: "2.6.2.104", }, { model: "r9000", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.5.28", }, { model: "r7800", scope: null, trust: 0.7, vendor: "netgear", version: null, }, ], sources: [ { db: "ZDI", id: "ZDI-21-249", }, { db: "NVD", id: "CVE-2021-27253", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:br200_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "5.10.0.5", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:br200:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:br500_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "5.10.0.5", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:br500:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:d7800_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.1.60", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:d7800:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:ex6100v2_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.1.98", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:ex6100:v2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:ex6150_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.1.98", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:ex6150:v2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:ex6250_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.0.134", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:ex6250:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:ex6400_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.2.158", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:ex6400:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:ex6400v2_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.0.134", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:ex6400:v2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:ex6410_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.0.134", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:ex6410:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:ex6420_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.0.134", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:ex6420:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:ex7300_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.2.158", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:ex7300:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:ex7300v2_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.0.134", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:ex7300:v2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:ex7320_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.0.134", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:ex7320:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:ex7700_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.0.216", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:ex7700:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:ex8000_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.1.232", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:ex8000:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:lbr20_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.6.3.50", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:lbr20:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:r7800_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.2.80", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:r7800:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:r8900_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.5.28", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:r8900:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:r9000_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.5.28", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:r9000:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbk12_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.7.2.104", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbk12:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbk13_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.7.2.104", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbk13:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbk14_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.7.2.104", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbk14:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbk15_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.7.2.104", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbk15:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbk20_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.6.2.104", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbk20:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbk23_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.7.2.104", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbk23:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbk40_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.6.2.104", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbk40:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbk43_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.6.2.104", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbk43:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbk43s_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.6.2.104", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbk43s:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbk44_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.6.2.104", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbk44:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbk50_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.7.2.104", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbk50:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbk53_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.7.2.104", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbk53:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbr10_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.6.2.104", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbr10:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbr20_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.6.2.104", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbr20:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbr40_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.6.2.104", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbr40:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbr50_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.7.2.104", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbr50:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbs10_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.6.2.104", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbs10:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbs20_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.6.2.104", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbs20:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbs40_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.6.2.104", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbs40:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbs50_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.7.2.104", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbs50:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbs50y_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.6.2.104", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbs50y:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:xr450_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.3.2.114", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:xr450:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:xr500_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.3.2.114", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:xr500:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:xr700_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.1.38", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:xr700:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2021-27253", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Ho\\xc3\\xa0ng Th\\xe1\\xba\\xa1ch Nguy\\xe1\\xbb\\x85n, Lucas Tay", sources: [ { db: "ZDI", id: "ZDI-21-249", }, ], trust: 0.7, }, cve: "CVE-2021-27253", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "NONE", author: "NVD", availabilityImpact: "COMPLETE", baseScore: 8.3, confidentialityImpact: "COMPLETE", exploitabilityScore: 6.5, impactScore: 10, integrityImpact: "COMPLETE", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "HIGH", trust: 1, userInteractionRequired: false, vectorString: "AV:A/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, { acInsufInfo: null, accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "NONE", author: "VULMON", availabilityImpact: "COMPLETE", baseScore: 8.3, confidentialityImpact: "COMPLETE", exploitabilityScore: 6.5, id: "CVE-2021-27253", impactScore: 10, integrityImpact: "COMPLETE", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "HIGH", trust: 0.1, userInteractionRequired: null, vectorString: "AV:A/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", author: "NVD", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 2.8, impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", author: "zdi-disclosures@trendmicro.com", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 2.8, impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, { attackComplexity: "LOW", attackVector: "ADJACENT", author: "ZDI", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 2.8, id: "CVE-2021-27253", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 0.7, userInteraction: "NONE", vectorString: "AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2021-27253", trust: 1, value: "HIGH", }, { author: "zdi-disclosures@trendmicro.com", id: "CVE-2021-27253", trust: 1, value: "HIGH", }, { author: "ZDI", id: "CVE-2021-27253", trust: 0.7, value: "HIGH", }, { author: "CNNVD", id: "CNNVD-202104-1071", trust: 0.6, value: "HIGH", }, { author: "VULMON", id: "CVE-2021-27253", trust: 0.1, value: "HIGH", }, ], }, ], sources: [ { db: "ZDI", id: "ZDI-21-249", }, { db: "VULMON", id: "CVE-2021-27253", }, { db: "NVD", id: "CVE-2021-27253", }, { db: "NVD", id: "CVE-2021-27253", }, { db: "CNNVD", id: "CNNVD-202104-1071", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR Nighthawk R7800. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of the rc_service parameter provided to apply_bind.cgi. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-12303", sources: [ { db: "NVD", id: "CVE-2021-27253", }, { db: "ZDI", id: "ZDI-21-249", }, { db: "VULMON", id: "CVE-2021-27253", }, ], trust: 1.62, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2021-27253", trust: 2.4, }, { db: "ZDI", id: "ZDI-21-249", trust: 2.4, }, { db: "ZDI_CAN", id: "ZDI-CAN-12303", trust: 0.7, }, { db: "CNNVD", id: "CNNVD-202104-1071", trust: 0.6, }, { db: "VULMON", id: "CVE-2021-27253", trust: 0.1, }, ], sources: [ { db: "ZDI", id: "ZDI-21-249", }, { db: "VULMON", id: "CVE-2021-27253", }, { db: "NVD", id: "CVE-2021-27253", }, { db: "CNNVD", id: "CNNVD-202104-1071", }, ], }, id: "VAR-202104-1039", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.27871401555555564, }, last_update_date: "2023-12-18T12:35:06.645000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "NETGEAR has issued an update to correct this vulnerability.", trust: 0.7, url: "https://kb.netgear.com/000062883/security-advisory-for-multiple-vulnerabilities-on-some-routers-satellites-and-extenders", }, { title: "Netgear NETGEAR Buffer error vulnerability fix", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=148415", }, ], sources: [ { db: "ZDI", id: "ZDI-21-249", }, { db: "CNNVD", id: "CNNVD-202104-1071", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-787", trust: 1, }, ], sources: [ { db: "NVD", id: "CVE-2021-27253", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2.4, url: "https://kb.netgear.com/000062883/security-advisory-for-multiple-vulnerabilities-on-some-routers-satellites-and-extenders", }, { trust: 1.8, url: "https://www.zerodayinitiative.com/advisories/zdi-21-249/", }, { trust: 0.6, url: "https://nvd.nist.gov/vuln/detail/cve-2021-27253", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/787.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "ZDI", id: "ZDI-21-249", }, { db: "VULMON", id: "CVE-2021-27253", }, { db: "NVD", id: "CVE-2021-27253", }, { db: "CNNVD", id: "CNNVD-202104-1071", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "ZDI", id: "ZDI-21-249", }, { db: "VULMON", id: "CVE-2021-27253", }, { db: "NVD", id: "CVE-2021-27253", }, { db: "CNNVD", id: "CNNVD-202104-1071", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-02-24T00:00:00", db: "ZDI", id: "ZDI-21-249", }, { date: "2021-04-14T00:00:00", db: "VULMON", id: "CVE-2021-27253", }, { date: "2021-04-14T16:15:13.797000", db: "NVD", id: "CVE-2021-27253", }, { date: "2021-04-14T00:00:00", db: "CNNVD", id: "CNNVD-202104-1071", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-02-24T00:00:00", db: "ZDI", id: "ZDI-21-249", }, { date: "2021-04-23T00:00:00", db: "VULMON", id: "CVE-2021-27253", }, { date: "2021-04-23T16:29:33.937000", db: "NVD", id: "CVE-2021-27253", }, { date: "2021-04-25T00:00:00", db: "CNNVD", id: "CNNVD-202104-1071", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote or local", sources: [ { db: "CNNVD", id: "CNNVD-202104-1071", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "(Pwn2Own) NETGEAR Nighthawk R7800 Heap-based Buffer Overflow Remote Code Execution Vulnerability", sources: [ { db: "ZDI", id: "ZDI-21-249", }, ], trust: 0.7, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "buffer error", sources: [ { db: "CNNVD", id: "CNNVD-202104-1071", }, ], trust: 0.6, }, }
var-202103-0948
Vulnerability from variot
This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of NETGEAR R7800 firmware version 1.0.2.76. Authentication is not required to exploit this vulnerability. The specific flaw exists within the downloading of files via FTP. The issue results from the lack of proper validation of the certificate presented by the server. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-12362. NETGEAR R7800 There is a certificate validation vulnerability in the firmware. Zero Day Initiative To this vulnerability ZDI-CAN-12362 Was numbered.Information may be tampered with. Netgear NETGEAR R7800 is a wireless router from Netgear
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202103-0948", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "r7800", scope: null, trust: 1.3, vendor: "netgear", version: null, }, { model: "rbr40", scope: "lt", trust: 1, vendor: "netgear", version: "2.6.2.104", }, { model: "ex7700", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.216", }, { model: "br200", scope: "lt", trust: 1, vendor: "netgear", version: "5.10.0.5", }, { model: "ex6400v2", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.134", }, { model: "xr450", scope: "lt", trust: 1, vendor: "netgear", version: "2.3.2.114", }, { model: "rbk15", scope: "lt", trust: 1, vendor: "netgear", version: "2.7.2.104", }, { model: "rbr20", scope: "lt", trust: 1, vendor: "netgear", version: "2.6.2.104", }, { model: "rbk40", scope: "lt", trust: 1, vendor: "netgear", version: "2.6.2.104", }, { model: "rbk53", scope: "lt", trust: 1, vendor: "netgear", version: "2.7.2.104", }, { model: "rbk13", scope: "lt", trust: 1, vendor: "netgear", version: "2.7.2.104", }, { model: "d7800", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1.60", }, { model: "br500", scope: "lt", trust: 1, vendor: "netgear", version: "5.10.0.5", }, { model: "ex7300", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.158", }, { model: "ex7300v2", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.134", }, { model: "ex6150v2", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1.98", }, { model: "rbk12", scope: "lt", trust: 1, vendor: "netgear", version: "2.7.2.104", }, { model: "ex7320", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.134", }, { model: "ex6100v2", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1.98", }, { model: "xr500", scope: "lt", trust: 1, vendor: "netgear", version: "2.3.2.114", }, { model: "rbs20", scope: "lt", trust: 1, vendor: "netgear", version: "2.6.2.104", }, { model: "rbk23", scope: "lt", trust: 1, vendor: "netgear", version: "2.7.2.104", }, { model: "ex6410", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.134", }, { model: "ex6250", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.134", }, { model: "rbk20", scope: "lt", trust: 1, vendor: "netgear", version: "2.6.2.104", }, { model: "rbs50", scope: "lt", trust: 1, vendor: "netgear", version: "2.7.2.104", }, { model: "rbs10", scope: "lt", trust: 1, vendor: "netgear", version: "2.6.2.104", }, { model: "rbs50y", scope: "lt", trust: 1, vendor: "netgear", version: "2.6.2.104", }, { model: "lbr20", scope: "lt", trust: 1, vendor: "netgear", version: "2.6.3.50", }, { model: "xr700", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1.38", }, { model: "rbs40", scope: "lt", trust: 1, vendor: "netgear", version: "2.6.2.104", }, { model: "rbk14", scope: "lt", trust: 1, vendor: "netgear", version: "2.7.2.104", }, { model: "ex8000", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1.232", }, { model: "ex6420", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.134", }, { model: "r7800", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.80", }, { model: "rbk50", scope: "lt", trust: 1, vendor: "netgear", version: "2.7.2.104", }, { model: "ex6400", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.158", }, { model: "r8900", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.5.28", }, { model: "rbk43", scope: "lt", trust: 1, vendor: "netgear", version: "2.6.2.104", }, { model: "rbr10", scope: "lt", trust: 1, vendor: "netgear", version: "2.6.2.104", }, { model: "rbr50", scope: "lt", trust: 1, vendor: "netgear", version: "2.7.2.104", }, { model: "rbk43s", scope: "lt", trust: 1, vendor: "netgear", version: "2.6.2.104", }, { model: "rbk44", scope: "lt", trust: 1, vendor: "netgear", version: "2.6.2.104", }, { model: "r9000", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.5.28", }, { model: "ex6150v2", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "br500", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "ex6250", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "ex6410", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "ex6400v2", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "ex6400", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "ex6420", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "br200", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "ex6100v2", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "d7800", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, ], sources: [ { db: "ZDI", id: "ZDI-21-264", }, { db: "CNVD", id: "CNVD-2021-14775", }, { db: "JVNDB", id: "JVNDB-2021-004503", }, { db: "NVD", id: "CVE-2021-27257", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:br200_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "5.10.0.5", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:br200:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:br500_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "5.10.0.5", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:br500:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:d7800_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.1.60", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:d7800:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:ex6100v2_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.1.98", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:ex6100v2:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:ex6150v2_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.1.98", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:ex6150v2:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:ex6250_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.0.134", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:ex6250:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:ex6400_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.2.158", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:ex6400:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:ex6400v2_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.0.134", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:ex6400v2:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:ex6410_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.0.134", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:ex6410:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:ex6420_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.0.134", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:ex6420:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:ex7300_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.2.158", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:ex7300:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:ex7300v2_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.0.134", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:ex7300v2:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:ex7320_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.0.134", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:ex7320:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:ex7700_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.0.216", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:ex7700:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:ex8000_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.1.232", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:ex8000:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:lbr20_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.6.3.50", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:lbr20:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:r7800_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.2.80", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:r7800:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:r8900_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.5.28", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:r8900:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:r9000_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.5.28", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:r9000:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbk12_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.7.2.104", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbk12:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbk13_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.7.2.104", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbk13:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbk14_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.7.2.104", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbk14:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbk15_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.7.2.104", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbk15:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbk20_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.6.2.104", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbk20:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbk23_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.7.2.104", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbk23:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbk40_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.6.2.104", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbk40:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbk43_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.6.2.104", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbk43:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbk43s_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.6.2.104", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbk43s:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbk44_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.6.2.104", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbk44:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbk50_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.7.2.104", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbk50:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbk53_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.7.2.104", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbk53:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbr10_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.6.2.104", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbr10:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbr20_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.6.2.104", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbr20:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbr40_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.6.2.104", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbr40:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbr50_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.7.2.104", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbr50:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbs10_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.6.2.104", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbs10:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbs20_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.6.2.104", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbs20:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbs40_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.6.2.104", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbs40:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbs50_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.7.2.104", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbs50:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbs50y_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.6.2.104", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbs50y:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:xr450_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.3.2.114", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:xr450:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:xr500_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.3.2.114", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:xr500:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:xr700_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.1.38", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:xr700:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2021-27257", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Team FLASHBACK: Pedro Ribeiro (@pedrib1337 | pedrib@gmail.com) + Radek Domanski (@RabbitPro)", sources: [ { db: "ZDI", id: "ZDI-21-264", }, ], trust: 0.7, }, cve: "CVE-2021-27257", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "NONE", author: "NVD", availabilityImpact: "NONE", baseScore: 3.3, confidentialityImpact: "NONE", exploitabilityScore: 6.5, impactScore: 2.9, integrityImpact: "PARTIAL", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "LOW", trust: 1, userInteractionRequired: false, vectorString: "AV:A/AC:L/Au:N/C:N/I:P/A:N", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Adjacent Network", authentication: "None", author: "NVD", availabilityImpact: "None", baseScore: 3.3, confidentialityImpact: "None", exploitabilityScore: null, id: "CVE-2021-27257", impactScore: null, integrityImpact: "Partial", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Low", trust: 0.9, userInteractionRequired: null, vectorString: "AV:A/AC:L/Au:N/C:N/I:P/A:N", version: "2.0", }, { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "NONE", author: "CNVD", availabilityImpact: "NONE", baseScore: 6.1, confidentialityImpact: "NONE", exploitabilityScore: 6.5, id: "CNVD-2021-14775", impactScore: 6.9, integrityImpact: "COMPLETE", severity: "MEDIUM", trust: 0.6, vectorString: "AV:A/AC:L/Au:N/C:N/I:C/A:N", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", author: "NVD", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", exploitabilityScore: 2.8, impactScore: 3.6, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", author: "zdi-disclosures@trendmicro.com", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", exploitabilityScore: 2.8, impactScore: 3.6, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.0", }, { attackComplexity: "Low", attackVector: "Adjacent Network", author: "NVD", availabilityImpact: "None", baseScore: 6.5, baseSeverity: "Medium", confidentialityImpact: "None", exploitabilityScore: null, id: "CVE-2021-27257", impactScore: null, integrityImpact: "High", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.0", }, { attackComplexity: "LOW", attackVector: "ADJACENT", author: "ZDI", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", exploitabilityScore: 2.8, id: "CVE-2021-27257", impactScore: 3.6, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 0.7, userInteraction: "NONE", vectorString: "AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2021-27257", trust: 1.8, value: "MEDIUM", }, { author: "zdi-disclosures@trendmicro.com", id: "CVE-2021-27257", trust: 1, value: "MEDIUM", }, { author: "ZDI", id: "CVE-2021-27257", trust: 0.7, value: "MEDIUM", }, { author: "CNVD", id: "CNVD-2021-14775", trust: 0.6, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-202102-1752", trust: 0.6, value: "MEDIUM", }, { author: "VULMON", id: "CVE-2021-27257", trust: 0.1, value: "LOW", }, ], }, ], sources: [ { db: "ZDI", id: "ZDI-21-264", }, { db: "CNVD", id: "CNVD-2021-14775", }, { db: "VULMON", id: "CVE-2021-27257", }, { db: "JVNDB", id: "JVNDB-2021-004503", }, { db: "NVD", id: "CVE-2021-27257", }, { db: "NVD", id: "CVE-2021-27257", }, { db: "CNNVD", id: "CNNVD-202102-1752", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of NETGEAR R7800 firmware version 1.0.2.76. Authentication is not required to exploit this vulnerability. The specific flaw exists within the downloading of files via FTP. The issue results from the lack of proper validation of the certificate presented by the server. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-12362. NETGEAR R7800 There is a certificate validation vulnerability in the firmware. Zero Day Initiative To this vulnerability ZDI-CAN-12362 Was numbered.Information may be tampered with. Netgear NETGEAR R7800 is a wireless router from Netgear", sources: [ { db: "NVD", id: "CVE-2021-27257", }, { db: "JVNDB", id: "JVNDB-2021-004503", }, { db: "ZDI", id: "ZDI-21-264", }, { db: "CNVD", id: "CNVD-2021-14775", }, { db: "VULMON", id: "CVE-2021-27257", }, ], trust: 2.88, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2021-27257", trust: 3.8, }, { db: "ZDI", id: "ZDI-21-264", trust: 3.8, }, { db: "JVNDB", id: "JVNDB-2021-004503", trust: 0.8, }, { db: "ZDI_CAN", id: "ZDI-CAN-12362", trust: 0.7, }, { db: "CNVD", id: "CNVD-2021-14775", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202102-1752", trust: 0.6, }, { db: "VULMON", id: "CVE-2021-27257", trust: 0.1, }, ], sources: [ { db: "ZDI", id: "ZDI-21-264", }, { db: "CNVD", id: "CNVD-2021-14775", }, { db: "VULMON", id: "CVE-2021-27257", }, { db: "JVNDB", id: "JVNDB-2021-004503", }, { db: "NVD", id: "CVE-2021-27257", }, { db: "CNNVD", id: "CNNVD-202102-1752", }, ], }, id: "VAR-202103-0948", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2021-14775", }, ], trust: 0.8879507757894738, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "Network device", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2021-14775", }, ], }, last_update_date: "2023-12-18T12:35:08.135000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Security Advisory for Multiple Vulnerabilities on Some Routers, Satellites, and Extenders", trust: 1.5, url: "https://kb.netgear.com/000062883/security-advisory-for-multiple-vulnerabilities-on-some-routers-satellites-and-extenders", }, { title: "Patch for NETGEAR remote code execution vulnerability", trust: 0.6, url: "https://www.cnvd.org.cn/patchinfo/show/251011", }, { title: "NETGEAR Security vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=142983", }, ], sources: [ { db: "ZDI", id: "ZDI-21-264", }, { db: "CNVD", id: "CNVD-2021-14775", }, { db: "JVNDB", id: "JVNDB-2021-004503", }, { db: "CNNVD", id: "CNNVD-202102-1752", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-295", trust: 1, }, { problemtype: "Bad certificate verification (CWE-295) [ Other ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-004503", }, { db: "NVD", id: "CVE-2021-27257", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 3.8, url: "https://www.zerodayinitiative.com/advisories/zdi-21-264/", }, { trust: 2.4, url: "https://kb.netgear.com/000062883/security-advisory-for-multiple-vulnerabilities-on-some-routers-satellites-and-extenders", }, { trust: 1.4, url: "https://nvd.nist.gov/vuln/detail/cve-2021-27257", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/295.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "ZDI", id: "ZDI-21-264", }, { db: "CNVD", id: "CNVD-2021-14775", }, { db: "VULMON", id: "CVE-2021-27257", }, { db: "JVNDB", id: "JVNDB-2021-004503", }, { db: "NVD", id: "CVE-2021-27257", }, { db: "CNNVD", id: "CNNVD-202102-1752", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "ZDI", id: "ZDI-21-264", }, { db: "CNVD", id: "CNVD-2021-14775", }, { db: "VULMON", id: "CVE-2021-27257", }, { db: "JVNDB", id: "JVNDB-2021-004503", }, { db: "NVD", id: "CVE-2021-27257", }, { db: "CNNVD", id: "CNNVD-202102-1752", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-02-26T00:00:00", db: "ZDI", id: "ZDI-21-264", }, { date: "2021-03-06T00:00:00", db: "CNVD", id: "CNVD-2021-14775", }, { date: "2021-03-05T00:00:00", db: "VULMON", id: "CVE-2021-27257", }, { date: "2021-11-24T00:00:00", db: "JVNDB", id: "JVNDB-2021-004503", }, { date: "2021-03-05T20:15:12.660000", db: "NVD", id: "CVE-2021-27257", }, { date: "2021-02-26T00:00:00", db: "CNNVD", id: "CNNVD-202102-1752", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-06-29T00:00:00", db: "ZDI", id: "ZDI-21-264", }, { date: "2021-03-07T00:00:00", db: "CNVD", id: "CNVD-2021-14775", }, { date: "2021-03-17T00:00:00", db: "VULMON", id: "CVE-2021-27257", }, { date: "2021-11-24T03:20:00", db: "JVNDB", id: "JVNDB-2021-004503", }, { date: "2021-03-17T14:04:45.537000", db: "NVD", id: "CVE-2021-27257", }, { date: "2021-03-19T00:00:00", db: "CNNVD", id: "CNNVD-202102-1752", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote or local", sources: [ { db: "CNNVD", id: "CNNVD-202102-1752", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "NETGEAR R7800 Firmware validation vulnerability", sources: [ { db: "JVNDB", id: "JVNDB-2021-004503", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "trust management problem", sources: [ { db: "CNNVD", id: "CNNVD-202102-1752", }, ], trust: 0.6, }, }
var-202112-2331
Vulnerability from variot
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects D7800 before 1.0.1.64, EX6200v2 before 1.0.1.86, EX6250 before 1.0.0.134, EX7700 before 1.0.0.216, EX8000 before 1.0.1.232, LBR20 before 2.6.3.50, R7800 before 1.0.2.80, R8900 before 1.0.5.26, R9000 before 1.0.5.26, RAX120 before 1.2.0.16, RBS50Y before 1.0.0.56, WNR2000v5 before 1.0.0.76, XR450 before 2.3.2.114, XR500 before 2.3.2.114, XR700 before 1.0.1.36, EX6150v2 before 1.0.1.98, EX7300 before 1.0.2.158, EX7320 before 1.0.0.134, EX6100v2 before 1.0.1.98, EX6400 before 1.0.2.158, EX7300v2 before 1.0.0.134, EX6410 before 1.0.0.134, RBR10 before 2.6.1.44, RBR20 before 2.6.2.104, RBR40 before 2.6.2.104, RBR50 before 2.7.2.102, EX6420 before 1.0.0.134, RBS10 before 2.6.1.44, RBS20 before 2.6.2.104, RBS40 before 2.6.2.104, RBS50 before 2.7.2.102, EX6400v2 before 1.0.0.134, RBK12 before 2.6.1.44, RBK20 before 2.6.2.104, RBK40 before 2.6.2.104, and RBK50 before 2.7.2.102. plural NETGEAR A command injection vulnerability exists in the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This affects D7800 prior to 1.0.1.64, EX6200v2 prior to 1.0.1.86, EX6250 prior to 1.0.0.134, EX7700 prior to 1.0.0.216, EX8000 prior to 1.0.1.232, LBR20 prior to 2.6.3.50, R7800 prior to 1.0.2.80, R8900 prior to 1.0.5.26, R9000 prior to 1.0.5.26, RAX120 prior to 1.2.0.16, RBS50Y prior to 1.0.0.56, WNR2000v5 prior to 1.0.0.76, XR450 prior to 2.3.2.114, XR500 prior to 2.3.2.114, XR700 prior to 1.0.1.36, EX6150v2 prior to 1.0.1.98, EX7300 prior to 1.0.2.158, EX7320 prior to 1.0.0.134, EX6100v2 prior to 1.0.1.98, EX6400 prior to 1.0.2.158, EX7300v2 prior to 1.0.0.134, EX6410 prior to 1.0.0.134, RBR10 prior to 2.6.1.44, RBR20 prior to 2.6.2.104, RBR40 prior to 2.6.2.104, RBR50 prior to 2.7.2.102, EX6420 prior to 1.0.0.134, RBS10 prior to 2.6.1.44, RBS20 prior to 2.6.2.104, RBS40 prior to 2.6.2.104, RBS50 prior to 2.7.2.102, EX6400v2 prior to 1.0.0.134, RBK12 prior to 2.6.1.44, RBK20 prior to 2.6.2.104, RBK40 prior to 2.6.2.104, and RBK50 prior to 2.7.2.102
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202112-2331", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "rbs10", scope: "lt", trust: 1, vendor: "netgear", version: "2.6.1.44", }, { model: "rbr40", scope: "lt", trust: 1, vendor: "netgear", version: "2.6.2.104", }, { model: "ex6200v2", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1.86", }, { model: "ex7700", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.216", }, { model: "ex6250", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.134", }, { model: "ex6400v2", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.134", }, { model: "xr450", scope: "lt", trust: 1, vendor: "netgear", version: "2.3.2.114", }, { model: "wnr2000v5", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.76", }, { model: "rbs50y", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.56", }, { model: "rbk20", scope: "lt", trust: 1, vendor: "netgear", version: "2.6.2.104", }, { model: "lbr20", scope: "lt", trust: 1, vendor: "netgear", version: "2.6.3.50", }, { model: "rbr20", scope: "lt", trust: 1, vendor: "netgear", version: "2.6.2.104", }, { model: "rax120", scope: "lt", trust: 1, vendor: "netgear", version: "1.2.0.16", }, { model: "rbs40", scope: "lt", trust: 1, vendor: "netgear", version: "2.6.2.104", }, { model: "rbk40", scope: "lt", trust: 1, vendor: "netgear", version: "2.6.2.104", }, { model: "ex6150v2", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1.98", }, { model: "ex8000", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1.232", }, { model: "r8900", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.5.26", }, { model: "r7800", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.80", }, { model: "ex7300", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.158", }, { model: "ex7300v2", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.134", }, { model: "ex6420", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.134", }, { model: "rbs50", scope: "lt", trust: 1, vendor: "netgear", version: "2.7.2.102", }, { model: "d7800", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1.64", }, { model: "ex7320", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.134", }, { model: "ex6100v2", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1.98", }, { model: "rbr10", scope: "lt", trust: 1, vendor: "netgear", version: "2.6.1.44", }, { model: "xr500", scope: "lt", trust: 1, vendor: "netgear", version: "2.3.2.114", }, { model: "ex6400", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.158", }, { model: "rbk50", scope: "lt", trust: 1, vendor: "netgear", version: "2.7.2.102", }, { model: "rbs20", scope: "lt", trust: 1, vendor: "netgear", version: "2.6.2.104", }, { model: "r9000", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.5.26", }, { model: "xr700", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1.36", }, { model: "ex6410", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.134", }, { model: "rbr50", scope: "lt", trust: 1, vendor: "netgear", version: "2.7.2.102", }, { model: "rbk12", scope: "lt", trust: 1, vendor: "netgear", version: "2.6.1.44", }, { model: "r8900", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "d7800", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "rax120", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "ex6200v2", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "lbr20", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "ex7700", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "r9000", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "ex6250", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "r7800", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "ex8000", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-017553", }, { db: "NVD", id: "CVE-2021-45618", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:d7800_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.1.64", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:d7800:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:ex6200v2_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.1.86", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:ex6200v2:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:ex6250_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.0.134", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:ex6250:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:ex7700_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.0.216", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:ex7700:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:ex8000_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.1.232", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:ex8000:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:lbr20_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.6.3.50", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:lbr20:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:r7800_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.2.80", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:r7800:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:r8900_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.5.26", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:r8900:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:r9000_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.5.26", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:r9000:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rax120_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.2.0.16", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rax120:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbs50y_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.0.56", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbs50y:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:wnr2000v5_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.0.76", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:wnr2000v5:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:xr450_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.3.2.114", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:xr450:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:xr500_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.3.2.114", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:xr500:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:xr700_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.1.36", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:xr700:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:ex6150v2_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.1.98", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:ex6150v2:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:ex7300_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.2.158", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:ex7300:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:ex7320_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.0.134", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:ex7320:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:ex6100v2_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.1.98", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:ex6100v2:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:ex6400_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.2.158", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:ex6400:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:ex7300v2_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.0.134", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:ex7300v2:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:ex6410_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.0.134", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:ex6410:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbr10_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.6.1.44", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbr10:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbr20_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.6.2.104", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbr20:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbr40_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.6.2.104", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbr40:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbr50_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.7.2.102", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbr50:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:ex6420_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.0.134", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:ex6420:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbs10_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.6.1.44", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbs10:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbs20_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.6.2.104", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbs20:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbs40_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.6.2.104", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbs40:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbs50_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.7.2.102", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbs50:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:ex6400v2_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.0.134", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:ex6400v2:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbk12_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.6.1.44", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbk12:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbk20_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.6.2.104", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbk20:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbk40_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.6.2.104", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbk40:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbk50_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.7.2.102", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbk50:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2021-45618", }, ], }, cve: "CVE-2021-45618", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "NVD", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", exploitabilityScore: 10, impactScore: 10, integrityImpact: "COMPLETE", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "HIGH", trust: 1, userInteractionRequired: false, vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Network", authentication: "None", author: "NVD", availabilityImpact: "Complete", baseScore: 10, confidentialityImpact: "Complete", exploitabilityScore: null, id: "CVE-2021-45618", impactScore: null, integrityImpact: "Complete", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "High", trust: 0.8, userInteractionRequired: null, vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "NVD", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", exploitabilityScore: 3.9, impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", author: "cve@mitre.org", availabilityImpact: "HIGH", baseScore: 9.6, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", exploitabilityScore: 2.8, impactScore: 6, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "High", baseScore: 9.8, baseSeverity: "Critical", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2021-45618", impactScore: null, integrityImpact: "High", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2021-45618", trust: 1.8, value: "CRITICAL", }, { author: "cve@mitre.org", id: "CVE-2021-45618", trust: 1, value: "CRITICAL", }, { author: "CNNVD", id: "CNNVD-202112-2412", trust: 0.6, value: "CRITICAL", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-017553", }, { db: "NVD", id: "CVE-2021-45618", }, { db: "NVD", id: "CVE-2021-45618", }, { db: "CNNVD", id: "CNNVD-202112-2412", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects D7800 before 1.0.1.64, EX6200v2 before 1.0.1.86, EX6250 before 1.0.0.134, EX7700 before 1.0.0.216, EX8000 before 1.0.1.232, LBR20 before 2.6.3.50, R7800 before 1.0.2.80, R8900 before 1.0.5.26, R9000 before 1.0.5.26, RAX120 before 1.2.0.16, RBS50Y before 1.0.0.56, WNR2000v5 before 1.0.0.76, XR450 before 2.3.2.114, XR500 before 2.3.2.114, XR700 before 1.0.1.36, EX6150v2 before 1.0.1.98, EX7300 before 1.0.2.158, EX7320 before 1.0.0.134, EX6100v2 before 1.0.1.98, EX6400 before 1.0.2.158, EX7300v2 before 1.0.0.134, EX6410 before 1.0.0.134, RBR10 before 2.6.1.44, RBR20 before 2.6.2.104, RBR40 before 2.6.2.104, RBR50 before 2.7.2.102, EX6420 before 1.0.0.134, RBS10 before 2.6.1.44, RBS20 before 2.6.2.104, RBS40 before 2.6.2.104, RBS50 before 2.7.2.102, EX6400v2 before 1.0.0.134, RBK12 before 2.6.1.44, RBK20 before 2.6.2.104, RBK40 before 2.6.2.104, and RBK50 before 2.7.2.102. plural NETGEAR A command injection vulnerability exists in the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This affects D7800 prior to 1.0.1.64, EX6200v2 prior to 1.0.1.86, EX6250 prior to 1.0.0.134, EX7700 prior to 1.0.0.216, EX8000 prior to 1.0.1.232, LBR20 prior to 2.6.3.50, R7800 prior to 1.0.2.80, R8900 prior to 1.0.5.26, R9000 prior to 1.0.5.26, RAX120 prior to 1.2.0.16, RBS50Y prior to 1.0.0.56, WNR2000v5 prior to 1.0.0.76, XR450 prior to 2.3.2.114, XR500 prior to 2.3.2.114, XR700 prior to 1.0.1.36, EX6150v2 prior to 1.0.1.98, EX7300 prior to 1.0.2.158, EX7320 prior to 1.0.0.134, EX6100v2 prior to 1.0.1.98, EX6400 prior to 1.0.2.158, EX7300v2 prior to 1.0.0.134, EX6410 prior to 1.0.0.134, RBR10 prior to 2.6.1.44, RBR20 prior to 2.6.2.104, RBR40 prior to 2.6.2.104, RBR50 prior to 2.7.2.102, EX6420 prior to 1.0.0.134, RBS10 prior to 2.6.1.44, RBS20 prior to 2.6.2.104, RBS40 prior to 2.6.2.104, RBS50 prior to 2.7.2.102, EX6400v2 prior to 1.0.0.134, RBK12 prior to 2.6.1.44, RBK20 prior to 2.6.2.104, RBK40 prior to 2.6.2.104, and RBK50 prior to 2.7.2.102", sources: [ { db: "NVD", id: "CVE-2021-45618", }, { db: "JVNDB", id: "JVNDB-2021-017553", }, { db: "VULMON", id: "CVE-2021-45618", }, ], trust: 1.71, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2021-45618", trust: 3.3, }, { db: "JVNDB", id: "JVNDB-2021-017553", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-202112-2412", trust: 0.6, }, { db: "VULMON", id: "CVE-2021-45618", trust: 0.1, }, ], sources: [ { db: "VULMON", id: "CVE-2021-45618", }, { db: "JVNDB", id: "JVNDB-2021-017553", }, { db: "NVD", id: "CVE-2021-45618", }, { db: "CNNVD", id: "CNNVD-202112-2412", }, ], }, id: "VAR-202112-2331", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.33807777318181825, }, last_update_date: "2023-12-18T12:26:30.337000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Security Advisory for Pre-Authentication Command Injection on Some Routers, Extenders, and WiFi Systems, PSV-2020-0422", trust: 0.8, url: "https://kb.netgear.com/000064490/security-advisory-for-pre-authentication-command-injection-on-some-routers-extenders-and-wifi-systems-psv-2020-0422", }, { title: "Netgear NETGEAR Security vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=176391", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-017553", }, { db: "CNNVD", id: "CNNVD-202112-2412", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-77", trust: 1, }, { problemtype: "Command injection (CWE-77) [NVD evaluation ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-017553", }, { db: "NVD", id: "CVE-2021-45618", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.7, url: "https://kb.netgear.com/000064490/security-advisory-for-pre-authentication-command-injection-on-some-routers-extenders-and-wifi-systems-psv-2020-0422", }, { trust: 1.4, url: "https://nvd.nist.gov/vuln/detail/cve-2021-45618", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "VULMON", id: "CVE-2021-45618", }, { db: "JVNDB", id: "JVNDB-2021-017553", }, { db: "NVD", id: "CVE-2021-45618", }, { db: "CNNVD", id: "CNNVD-202112-2412", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULMON", id: "CVE-2021-45618", }, { db: "JVNDB", id: "JVNDB-2021-017553", }, { db: "NVD", id: "CVE-2021-45618", }, { db: "CNNVD", id: "CNNVD-202112-2412", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-12-26T00:00:00", db: "VULMON", id: "CVE-2021-45618", }, { date: "2023-01-25T00:00:00", db: "JVNDB", id: "JVNDB-2021-017553", }, { date: "2021-12-26T01:15:18.613000", db: "NVD", id: "CVE-2021-45618", }, { date: "2021-12-26T00:00:00", db: "CNNVD", id: "CNNVD-202112-2412", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-12-27T00:00:00", db: "VULMON", id: "CVE-2021-45618", }, { date: "2023-01-25T05:10:00", db: "JVNDB", id: "JVNDB-2021-017553", }, { date: "2022-01-10T18:21:20.723000", db: "NVD", id: "CVE-2021-45618", }, { date: "2022-01-11T00:00:00", db: "CNNVD", id: "CNNVD-202112-2412", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202112-2412", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "plural NETGEAR Command injection vulnerability in device", sources: [ { db: "JVNDB", id: "JVNDB-2021-017553", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "command injection", sources: [ { db: "CNNVD", id: "CNNVD-202112-2412", }, ], trust: 0.6, }, }
var-202112-2346
Vulnerability from variot
Certain NETGEAR devices are affected by disclosure of sensitive information. A UPnP request reveals a device's serial number, which can be used for a password reset. This affects D7800 before 1.0.1.66, EX2700 before 1.0.1.68, WN3000RPv2 before 1.0.0.90, WN3000RPv3 before 1.0.2.100, LBR1020 before 2.6.5.20, LBR20 before 2.6.5.32, R6700AX before 1.0.10.110, R7800 before 1.0.2.86, R8900 before 1.0.5.38, R9000 before 1.0.5.38, RAX10 before 1.0.10.110, RAX120v1 before 1.2.3.28, RAX120v2 before 1.2.3.28, RAX70 before 1.0.10.110, RAX78 before 1.0.10.110, XR450 before 2.3.2.130, XR500 before 2.3.2.130, and XR700 before 1.0.1.46. This affects D7800 prior to 1.0.1.66, EX2700 prior to 1.0.1.68, WN3000RPv2 prior to 1.0.0.90, WN3000RPv3 prior to 1.0.2.100, LBR1020 prior to 2.6.5.20, LBR20 prior to 2.6.5.32, R6700AX prior to 1.0.10.110, R7800 prior to 1.0.2.86, R8900 prior to 1.0.5.38, R9000 prior to 1.0.5.38, RAX10 prior to 1.0.10.110, RAX120v1 prior to 1.2.3.28, RAX120v2 prior to 1.2.3.28, RAX70 prior to 1.0.10.110, RAX78 prior to 1.0.10.110, XR450 prior to 2.3.2.130, XR500 prior to 2.3.2.130, and XR700 prior to 1.0.1.46
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202112-2346", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "lbr20", scope: "lt", trust: 1, vendor: "netgear", version: "2.6.5.32", }, { model: "wn3000rpv3", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.100", }, { model: "rax120v2", scope: "lt", trust: 1, vendor: "netgear", version: "1.2.3.28", }, { model: "r9000", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.5.38", }, { model: "r6700ax", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.10.110", }, { model: "lbr1020", scope: "lt", trust: 1, vendor: "netgear", version: "2.6.5.20", }, { model: "d7800", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1.66", }, { model: "r7800", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.86", }, { model: "rax10", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.10.110", }, { model: "xr700", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1.46", }, { model: "rax78", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.10.110", }, { model: "wn3000rpv2", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.90", }, { model: "rax120v1", scope: "lt", trust: 1, vendor: "netgear", version: "1.2.3.28", }, { model: "r8900", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.5.38", }, { model: "rax70", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.10.110", }, { model: "ex2700", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1.68", }, { model: "xr450", scope: "lt", trust: 1, vendor: "netgear", version: "2.3.2.130", }, { model: "xr500", scope: "lt", trust: 1, vendor: "netgear", version: "2.3.2.130", }, { model: "lbr1020", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "d7800", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "lbr20", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "wn3000rpv2", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "ex2700", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "r9000", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "r6700ax", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "r7800", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "r8900", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "wn3000rpv3", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-017180", }, { db: "NVD", id: "CVE-2021-45603", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:d7800_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.1.66", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:d7800:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:ex2700_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.1.68", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:ex2700:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:wn3000rpv2_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.0.90", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:wn3000rpv2:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:wn3000rpv3_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.2.100", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:wn3000rpv3:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:lbr1020_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.6.5.20", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:lbr1020:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:lbr20_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.6.5.32", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:lbr20:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:r6700ax_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.10.110", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:r6700ax:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:r7800_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.2.86", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:r7800:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:r8900_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.5.38", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:r8900:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:r9000_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.5.38", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:r9000:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rax10_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.10.110", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rax10:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rax120v1_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.2.3.28", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rax120v1:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rax120v2_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.2.3.28", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rax120v2:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rax70_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.10.110", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rax70:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rax78_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.10.110", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rax78:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:xr450_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.3.2.130", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:xr450:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:xr500_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.3.2.130", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:xr500:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:xr700_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.1.46", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:xr700:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2021-45603", }, ], }, cve: "CVE-2021-45603", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", author: "NVD", availabilityImpact: "NONE", baseScore: 2.1, confidentialityImpact: "PARTIAL", exploitabilityScore: 3.9, impactScore: 2.9, integrityImpact: "NONE", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "LOW", trust: 1, userInteractionRequired: false, vectorString: "AV:L/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Local", authentication: "None", author: "NVD", availabilityImpact: "None", baseScore: 2.1, confidentialityImpact: "Partial", exploitabilityScore: null, id: "CVE-2021-45603", impactScore: null, integrityImpact: "None", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Low", trust: 0.9, userInteractionRequired: null, vectorString: "AV:L/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "LOCAL", author: "NVD", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitabilityScore: 1.8, impactScore: 3.6, integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, { attackComplexity: "LOW", attackVector: "LOCAL", author: "cve@mitre.org", availabilityImpact: "LOW", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitabilityScore: 1.8, impactScore: 4.2, integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L", version: "3.1", }, { attackComplexity: "Low", attackVector: "Local", author: "NVD", availabilityImpact: "None", baseScore: 5.5, baseSeverity: "Medium", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2021-45603", impactScore: null, integrityImpact: "None", privilegesRequired: "Low", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2021-45603", trust: 1.8, value: "MEDIUM", }, { author: "cve@mitre.org", id: "CVE-2021-45603", trust: 1, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-202112-2399", trust: 0.6, value: "MEDIUM", }, { author: "VULMON", id: "CVE-2021-45603", trust: 0.1, value: "LOW", }, ], }, ], sources: [ { db: "VULMON", id: "CVE-2021-45603", }, { db: "JVNDB", id: "JVNDB-2021-017180", }, { db: "NVD", id: "CVE-2021-45603", }, { db: "NVD", id: "CVE-2021-45603", }, { db: "CNNVD", id: "CNNVD-202112-2399", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Certain NETGEAR devices are affected by disclosure of sensitive information. A UPnP request reveals a device's serial number, which can be used for a password reset. This affects D7800 before 1.0.1.66, EX2700 before 1.0.1.68, WN3000RPv2 before 1.0.0.90, WN3000RPv3 before 1.0.2.100, LBR1020 before 2.6.5.20, LBR20 before 2.6.5.32, R6700AX before 1.0.10.110, R7800 before 1.0.2.86, R8900 before 1.0.5.38, R9000 before 1.0.5.38, RAX10 before 1.0.10.110, RAX120v1 before 1.2.3.28, RAX120v2 before 1.2.3.28, RAX70 before 1.0.10.110, RAX78 before 1.0.10.110, XR450 before 2.3.2.130, XR500 before 2.3.2.130, and XR700 before 1.0.1.46. This affects D7800 prior to 1.0.1.66, EX2700 prior to 1.0.1.68, WN3000RPv2 prior to 1.0.0.90, WN3000RPv3 prior to 1.0.2.100, LBR1020 prior to 2.6.5.20, LBR20 prior to 2.6.5.32, R6700AX prior to 1.0.10.110, R7800 prior to 1.0.2.86, R8900 prior to 1.0.5.38, R9000 prior to 1.0.5.38, RAX10 prior to 1.0.10.110, RAX120v1 prior to 1.2.3.28, RAX120v2 prior to 1.2.3.28, RAX70 prior to 1.0.10.110, RAX78 prior to 1.0.10.110, XR450 prior to 2.3.2.130, XR500 prior to 2.3.2.130, and XR700 prior to 1.0.1.46", sources: [ { db: "NVD", id: "CVE-2021-45603", }, { db: "JVNDB", id: "JVNDB-2021-017180", }, { db: "VULMON", id: "CVE-2021-45603", }, ], trust: 1.71, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2021-45603", trust: 3.3, }, { db: "JVNDB", id: "JVNDB-2021-017180", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-202112-2399", trust: 0.6, }, { db: "VULMON", id: "CVE-2021-45603", trust: 0.1, }, ], sources: [ { db: "VULMON", id: "CVE-2021-45603", }, { db: "JVNDB", id: "JVNDB-2021-017180", }, { db: "NVD", id: "CVE-2021-45603", }, { db: "CNNVD", id: "CNNVD-202112-2399", }, ], }, id: "VAR-202112-2346", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.47625735888888887, }, last_update_date: "2023-12-18T13:06:53.578000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Security Advisory for Post-Authentication Command Injection & Sensitive Information Disclosure on Multiple Products, PSV-2021-0169 & PSV-2021-0171", trust: 0.8, url: "https://kb.netgear.com/000064407/security-advisory-for-post-authentication-command-injection-sensitive-information-disclosure-on-multiple-products-psv-2021-0169-psv-2021-0171", }, { title: "Netgear NETGEAR Security vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=177120", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-017180", }, { db: "CNNVD", id: "CNNVD-202112-2399", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-200", trust: 1, }, { problemtype: "information leak (CWE-200) [NVD evaluation ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-017180", }, { db: "NVD", id: "CVE-2021-45603", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.7, url: "https://immersivelabs.com/resources/blog/netgear-vulnerabilities-could-put-small-business-routers-at-risk/", }, { trust: 1.7, url: "https://kb.netgear.com/000064407/security-advisory-for-post-authentication-command-injection-sensitive-information-disclosure-on-multiple-products-psv-2021-0169-psv-2021-0171", }, { trust: 1.4, url: "https://nvd.nist.gov/vuln/detail/cve-2021-45603", }, { trust: 0.8, url: "https://www.immersivelabs.com/press/netgear-vulnerabilities-could-put-small-business-routers-at-risk/", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/200.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "VULMON", id: "CVE-2021-45603", }, { db: "JVNDB", id: "JVNDB-2021-017180", }, { db: "NVD", id: "CVE-2021-45603", }, { db: "CNNVD", id: "CNNVD-202112-2399", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULMON", id: "CVE-2021-45603", }, { db: "JVNDB", id: "JVNDB-2021-017180", }, { db: "NVD", id: "CVE-2021-45603", }, { db: "CNNVD", id: "CNNVD-202112-2399", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-12-26T00:00:00", db: "VULMON", id: "CVE-2021-45603", }, { date: "2023-01-06T00:00:00", db: "JVNDB", id: "JVNDB-2021-017180", }, { date: "2021-12-26T01:15:17.853000", db: "NVD", id: "CVE-2021-45603", }, { date: "2021-12-26T00:00:00", db: "CNNVD", id: "CNNVD-202112-2399", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-01-06T00:00:00", db: "VULMON", id: "CVE-2021-45603", }, { date: "2023-01-06T06:22:00", db: "JVNDB", id: "JVNDB-2021-017180", }, { date: "2022-01-06T18:54:44.427000", db: "NVD", id: "CVE-2021-45603", }, { date: "2022-01-10T00:00:00", db: "CNNVD", id: "CNNVD-202112-2399", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "local", sources: [ { db: "CNNVD", id: "CNNVD-202112-2399", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "plural NETGEAR Device information disclosure vulnerability", sources: [ { db: "JVNDB", id: "JVNDB-2021-017180", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "information disclosure", sources: [ { db: "CNNVD", id: "CNNVD-202112-2399", }, ], trust: 0.6, }, }
var-202112-2354
Vulnerability from variot
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects LBR20 before 2.6.3.50, RBS50Y before 2.7.3.22, RBR10 before 2.7.3.22, RBR20 before 2.7.3.22, RBR40 before 2.7.3.22, RBR50 before 2.7.3.22, RBS10 before 2.7.3.22, RBS20 before 2.7.3.22, RBS40 before 2.7.3.22, RBS50 before 2.7.3.22, RBK12 before 2.7.3.22, RBK20 before 2.7.3.22, RBK40 before 2.7.3.22, and RBK50 before 2.7.3.22. plural NETGEAR A command injection vulnerability exists in the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This affects LBR20 prior to 2.6.3.50, RBS50Y prior to 2.7.3.22, RBR10 prior to 2.7.3.22, RBR20 prior to 2.7.3.22, RBR40 prior to 2.7.3.22, RBR50 prior to 2.7.3.22, RBS10 prior to 2.7.3.22, RBS20 prior to 2.7.3.22, RBS40 prior to 2.7.3.22, RBS50 prior to 2.7.3.22, RBK12 prior to 2.7.3.22, RBK20 prior to 2.7.3.22, RBK40 prior to 2.7.3.22, and RBK50 prior to 2.7.3.22
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202112-2354", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "rbk12", scope: "lt", trust: 1, vendor: "netgear", version: "2.7.3.22", }, { model: "rbk20", scope: "lt", trust: 1, vendor: "netgear", version: "2.7.3.22", }, { model: "rbs10", scope: "lt", trust: 1, vendor: "netgear", version: "2.7.3.22", }, { model: "rbs50y", scope: "lt", trust: 1, vendor: "netgear", version: "2.7.3.22", }, { model: "rbk50", scope: "lt", trust: 1, vendor: "netgear", version: "2.7.3.22", }, { model: "rbs20", scope: "lt", trust: 1, vendor: "netgear", version: "2.7.3.22", }, { model: "rbr20", scope: "lt", trust: 1, vendor: "netgear", version: "2.7.3.22", }, { model: "rbr10", scope: "lt", trust: 1, vendor: "netgear", version: "2.7.3.22", }, { model: "rbs50", scope: "lt", trust: 1, vendor: "netgear", version: "2.7.3.22", }, { model: "rbk40", scope: "lt", trust: 1, vendor: "netgear", version: "2.7.3.22", }, { model: "lbr20", scope: "lt", trust: 1, vendor: "netgear", version: "2.6.3.50", }, { model: "rbs40", scope: "lt", trust: 1, vendor: "netgear", version: "2.7.3.22", }, { model: "rbr50", scope: "lt", trust: 1, vendor: "netgear", version: "2.7.3.22", }, { model: "rbr40", scope: "lt", trust: 1, vendor: "netgear", version: "2.7.3.22", }, { model: "rbs50y", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "rbs50", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "rbr40", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "rbs20", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "rbr10", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "rbs10", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "rbr20", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "rbs40", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "rbr50", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "lbr20", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-017108", }, { db: "NVD", id: "CVE-2021-45595", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:lbr20_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.6.3.50", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:lbr20:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbs50y_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.7.3.22", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbs50y:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbr10_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.7.3.22", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbr10:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbr20_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.7.3.22", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbr20:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbr40_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.7.3.22", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbr40:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbr50_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.7.3.22", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbr50:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbs10_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.7.3.22", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbs10:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbs20_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.7.3.22", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbs20:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbs40_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.7.3.22", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbs40:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbs50_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.7.3.22", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbs50:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbk12_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.7.3.22", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbk12:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbk20_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.7.3.22", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbk20:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbk40_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.7.3.22", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbk40:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbk50_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.7.3.22", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbk50:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2021-45595", }, ], }, cve: "CVE-2021-45595", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", author: "NVD", availabilityImpact: "PARTIAL", baseScore: 6.5, confidentialityImpact: "PARTIAL", exploitabilityScore: 8, impactScore: 6.4, integrityImpact: "PARTIAL", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "MEDIUM", trust: 1, userInteractionRequired: false, vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Network", authentication: "Single", author: "NVD", availabilityImpact: "Partial", baseScore: 6.5, confidentialityImpact: "Partial", exploitabilityScore: null, id: "CVE-2021-45595", impactScore: null, integrityImpact: "Partial", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.9, userInteractionRequired: null, vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "NVD", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 2.8, impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "HIGH", attackVector: "ADJACENT_NETWORK", author: "cve@mitre.org", availabilityImpact: "HIGH", baseScore: 7.6, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 1, impactScore: 6, integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "CHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "High", baseScore: 8.8, baseSeverity: "High", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2021-45595", impactScore: null, integrityImpact: "High", privilegesRequired: "Low", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2021-45595", trust: 1.8, value: "HIGH", }, { author: "cve@mitre.org", id: "CVE-2021-45595", trust: 1, value: "HIGH", }, { author: "CNNVD", id: "CNNVD-202112-2391", trust: 0.6, value: "HIGH", }, { author: "VULMON", id: "CVE-2021-45595", trust: 0.1, value: "MEDIUM", }, ], }, ], sources: [ { db: "VULMON", id: "CVE-2021-45595", }, { db: "JVNDB", id: "JVNDB-2021-017108", }, { db: "NVD", id: "CVE-2021-45595", }, { db: "NVD", id: "CVE-2021-45595", }, { db: "CNNVD", id: "CNNVD-202112-2391", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Certain NETGEAR devices are affected by command injection by an authenticated user. This affects LBR20 before 2.6.3.50, RBS50Y before 2.7.3.22, RBR10 before 2.7.3.22, RBR20 before 2.7.3.22, RBR40 before 2.7.3.22, RBR50 before 2.7.3.22, RBS10 before 2.7.3.22, RBS20 before 2.7.3.22, RBS40 before 2.7.3.22, RBS50 before 2.7.3.22, RBK12 before 2.7.3.22, RBK20 before 2.7.3.22, RBK40 before 2.7.3.22, and RBK50 before 2.7.3.22. plural NETGEAR A command injection vulnerability exists in the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This affects LBR20 prior to 2.6.3.50, RBS50Y prior to 2.7.3.22, RBR10 prior to 2.7.3.22, RBR20 prior to 2.7.3.22, RBR40 prior to 2.7.3.22, RBR50 prior to 2.7.3.22, RBS10 prior to 2.7.3.22, RBS20 prior to 2.7.3.22, RBS40 prior to 2.7.3.22, RBS50 prior to 2.7.3.22, RBK12 prior to 2.7.3.22, RBK20 prior to 2.7.3.22, RBK40 prior to 2.7.3.22, and RBK50 prior to 2.7.3.22", sources: [ { db: "NVD", id: "CVE-2021-45595", }, { db: "JVNDB", id: "JVNDB-2021-017108", }, { db: "VULMON", id: "CVE-2021-45595", }, ], trust: 1.71, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2021-45595", trust: 3.3, }, { db: "JVNDB", id: "JVNDB-2021-017108", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-202112-2391", trust: 0.6, }, { db: "VULMON", id: "CVE-2021-45595", trust: 0.1, }, ], sources: [ { db: "VULMON", id: "CVE-2021-45595", }, { db: "JVNDB", id: "JVNDB-2021-017108", }, { db: "NVD", id: "CVE-2021-45595", }, { db: "CNNVD", id: "CNNVD-202112-2391", }, ], }, id: "VAR-202112-2354", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.2688203255555556, }, last_update_date: "2023-12-18T13:42:20.121000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Security Advisory for Post-Authentication Command Injection on Some WiFi Systems, PSV-2020-0462", trust: 0.8, url: "https://kb.netgear.com/000064495/security-advisory-for-post-authentication-command-injection-on-some-wifi-systems-psv-2020-0462", }, { title: "Netgear NETGEAR Security vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=177110", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-017108", }, { db: "CNNVD", id: "CNNVD-202112-2391", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-77", trust: 1, }, { problemtype: "Command injection (CWE-77) [NVD evaluation ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-017108", }, { db: "NVD", id: "CVE-2021-45595", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.7, url: "https://kb.netgear.com/000064495/security-advisory-for-post-authentication-command-injection-on-some-wifi-systems-psv-2020-0462", }, { trust: 1.4, url: "https://nvd.nist.gov/vuln/detail/cve-2021-45595", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/77.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "VULMON", id: "CVE-2021-45595", }, { db: "JVNDB", id: "JVNDB-2021-017108", }, { db: "NVD", id: "CVE-2021-45595", }, { db: "CNNVD", id: "CNNVD-202112-2391", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULMON", id: "CVE-2021-45595", }, { db: "JVNDB", id: "JVNDB-2021-017108", }, { db: "NVD", id: "CVE-2021-45595", }, { db: "CNNVD", id: "CNNVD-202112-2391", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-12-26T00:00:00", db: "VULMON", id: "CVE-2021-45595", }, { date: "2023-01-04T00:00:00", db: "JVNDB", id: "JVNDB-2021-017108", }, { date: "2021-12-26T01:15:17.487000", db: "NVD", id: "CVE-2021-45595", }, { date: "2021-12-26T00:00:00", db: "CNNVD", id: "CNNVD-202112-2391", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-01-05T00:00:00", db: "VULMON", id: "CVE-2021-45595", }, { date: "2023-01-04T06:52:00", db: "JVNDB", id: "JVNDB-2021-017108", }, { date: "2022-01-05T20:38:55.570000", db: "NVD", id: "CVE-2021-45595", }, { date: "2022-01-06T00:00:00", db: "CNNVD", id: "CNNVD-202112-2391", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202112-2391", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "plural NETGEAR Command injection vulnerability in device", sources: [ { db: "JVNDB", id: "JVNDB-2021-017108", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "command injection", sources: [ { db: "CNNVD", id: "CNNVD-202112-2391", }, ], trust: 0.6, }, }
var-202103-0946
Vulnerability from variot
This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR R7800 firmware version 1.0.2.76. Authentication is not required to exploit this vulnerability. The specific flaw exists within the refresh_status.aspx endpoint. The issue results from a lack of authentication required to start a service on the server. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-12360. Zero Day Initiative To this vulnerability ZDI-CAN-12360 Was numbered.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202103-0946", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "rbr40", scope: "lt", trust: 1, vendor: "netgear", version: "2.6.2.104", }, { model: "ex7700", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.216", }, { model: "br200", scope: "lt", trust: 1, vendor: "netgear", version: "5.10.0.5", }, { model: "ex6400v2", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.134", }, { model: "xr450", scope: "lt", trust: 1, vendor: "netgear", version: "2.3.2.114", }, { model: "rbk15", scope: "lt", trust: 1, vendor: "netgear", version: "2.7.2.104", }, { model: "rbr20", scope: "lt", trust: 1, vendor: "netgear", version: "2.6.2.104", }, { model: "rbk40", scope: "lt", trust: 1, vendor: "netgear", version: "2.6.2.104", }, { model: "rbk53", scope: "lt", trust: 1, vendor: "netgear", version: "2.7.2.104", }, { model: "rbk13", scope: "lt", trust: 1, vendor: "netgear", version: "2.7.2.104", }, { model: "d7800", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1.60", }, { model: "br500", scope: "lt", trust: 1, vendor: "netgear", version: "5.10.0.5", }, { model: "ex7300", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.158", }, { model: "ex7300v2", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.134", }, { model: "ex6150v2", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1.98", }, { model: "rbk12", scope: "lt", trust: 1, vendor: "netgear", version: "2.7.2.104", }, { model: "ex7320", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.134", }, { model: "ex6100v2", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1.98", }, { model: "xr500", scope: "lt", trust: 1, vendor: "netgear", version: "2.3.2.114", }, { model: "rbs20", scope: "lt", trust: 1, vendor: "netgear", version: "2.6.2.104", }, { model: "rbk23", scope: "lt", trust: 1, vendor: "netgear", version: "2.7.2.104", }, { model: "ex6410", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.134", }, { model: "ex6250", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.134", }, { model: "rbk20", scope: "lt", trust: 1, vendor: "netgear", version: "2.6.2.104", }, { model: "rbs50", scope: "lt", trust: 1, vendor: "netgear", version: "2.7.2.104", }, { model: "rbs10", scope: "lt", trust: 1, vendor: "netgear", version: "2.6.2.104", }, { model: "rbs50y", scope: "lt", trust: 1, vendor: "netgear", version: "2.6.2.104", }, { model: "lbr20", scope: "lt", trust: 1, vendor: "netgear", version: "2.6.3.50", }, { model: "xr700", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1.38", }, { model: "rbs40", scope: "lt", trust: 1, vendor: "netgear", version: "2.6.2.104", }, { model: "rbk14", scope: "lt", trust: 1, vendor: "netgear", version: "2.7.2.104", }, { model: "ex8000", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1.232", }, { model: "ex6420", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.134", }, { model: "r7800", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.80", }, { model: "rbk50", scope: "lt", trust: 1, vendor: "netgear", version: "2.7.2.104", }, { model: "ex6400", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.158", }, { model: "r8900", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.5.28", }, { model: "rbk43", scope: "lt", trust: 1, vendor: "netgear", version: "2.6.2.104", }, { model: "rbr10", scope: "lt", trust: 1, vendor: "netgear", version: "2.6.2.104", }, { model: "rbr50", scope: "lt", trust: 1, vendor: "netgear", version: "2.7.2.104", }, { model: "rbk43s", scope: "lt", trust: 1, vendor: "netgear", version: "2.6.2.104", }, { model: "rbk44", scope: "lt", trust: 1, vendor: "netgear", version: "2.6.2.104", }, { model: "r9000", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.5.28", }, { model: "ex6150v2", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "ex6400v2", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "ex6100v2", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "d7800", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "br200", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "ex6250", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "ex6420", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "ex6410", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "ex6400", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "br500", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "r7800", scope: null, trust: 0.7, vendor: "netgear", version: null, }, ], sources: [ { db: "ZDI", id: "ZDI-21-263", }, { db: "JVNDB", id: "JVNDB-2021-004433", }, { db: "NVD", id: "CVE-2021-27255", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:br200_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "5.10.0.5", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:br200:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:br500_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "5.10.0.5", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:br500:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:d7800_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.1.60", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:d7800:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:ex6100v2_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.1.98", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:ex6100v2:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:ex6150v2_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.1.98", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:ex6150v2:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:ex6250_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.0.134", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:ex6250:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:ex6400_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.2.158", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:ex6400:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:ex6400v2_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.0.134", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:ex6400v2:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:ex6410_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.0.134", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:ex6410:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:ex6420_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.0.134", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:ex6420:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:ex7300_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.2.158", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:ex7300:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:ex7300v2_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.0.134", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:ex7300v2:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:ex7320_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.0.134", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:ex7320:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:ex7700_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.0.216", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:ex7700:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:ex8000_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.1.232", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:ex8000:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:lbr20_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.6.3.50", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:lbr20:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:r7800_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.2.80", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:r7800:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:r8900_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.5.28", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:r8900:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:r9000_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.5.28", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:r9000:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbk12_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.7.2.104", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbk12:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbk13_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.7.2.104", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbk13:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbk14_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.7.2.104", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbk14:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbk15_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.7.2.104", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbk15:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbk20_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.6.2.104", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbk20:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbk23_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.7.2.104", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbk23:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbk40_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.6.2.104", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbk40:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbk43_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.6.2.104", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbk43:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbk43s_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.6.2.104", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbk43s:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbk44_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.6.2.104", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbk44:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbk50_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.7.2.104", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbk50:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbk53_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.7.2.104", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbk53:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbr10_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.6.2.104", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbr10:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbr20_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.6.2.104", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbr20:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbr40_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.6.2.104", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbr40:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbr50_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.7.2.104", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbr50:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbs10_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.6.2.104", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbs10:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbs20_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.6.2.104", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbs20:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbs40_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.6.2.104", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbs40:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbs50_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.7.2.104", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbs50:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbs50y_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.6.2.104", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbs50y:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:xr450_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.3.2.114", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:xr450:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:xr500_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.3.2.114", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:xr500:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:xr700_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.1.38", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:xr700:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2021-27255", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "STARLabs", sources: [ { db: "ZDI", id: "ZDI-21-263", }, ], trust: 0.7, }, cve: "CVE-2021-27255", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "NONE", author: "NVD", availabilityImpact: "COMPLETE", baseScore: 8.3, confidentialityImpact: "COMPLETE", exploitabilityScore: 6.5, impactScore: 10, integrityImpact: "COMPLETE", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "HIGH", trust: 1, userInteractionRequired: false, vectorString: "AV:A/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Adjacent Network", authentication: "None", author: "NVD", availabilityImpact: "Complete", baseScore: 8.3, confidentialityImpact: "Complete", exploitabilityScore: null, id: "CVE-2021-27255", impactScore: null, integrityImpact: "Complete", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "High", trust: 0.8, userInteractionRequired: null, vectorString: "AV:A/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", author: "NVD", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 2.8, impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", author: "zdi-disclosures@trendmicro.com", availabilityImpact: "LOW", baseScore: 6.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", exploitabilityScore: 2.8, impactScore: 3.4, integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, { attackComplexity: "Low", attackVector: "Adjacent Network", author: "NVD", availabilityImpact: "High", baseScore: 8.8, baseSeverity: "High", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2021-27255", impactScore: null, integrityImpact: "High", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, { attackComplexity: "LOW", attackVector: "ADJACENT", author: "ZDI", availabilityImpact: "LOW", baseScore: 6.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", exploitabilityScore: 2.8, id: "CVE-2021-27255", impactScore: 3.4, integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 0.7, userInteraction: "NONE", vectorString: "AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2021-27255", trust: 1.8, value: "HIGH", }, { author: "zdi-disclosures@trendmicro.com", id: "CVE-2021-27255", trust: 1, value: "MEDIUM", }, { author: "ZDI", id: "CVE-2021-27255", trust: 0.7, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-202102-1751", trust: 0.6, value: "HIGH", }, ], }, ], sources: [ { db: "ZDI", id: "ZDI-21-263", }, { db: "JVNDB", id: "JVNDB-2021-004433", }, { db: "NVD", id: "CVE-2021-27255", }, { db: "NVD", id: "CVE-2021-27255", }, { db: "CNNVD", id: "CNNVD-202102-1751", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR R7800 firmware version 1.0.2.76. Authentication is not required to exploit this vulnerability. The specific flaw exists within the refresh_status.aspx endpoint. The issue results from a lack of authentication required to start a service on the server. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-12360. Zero Day Initiative To this vulnerability ZDI-CAN-12360 Was numbered.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state", sources: [ { db: "NVD", id: "CVE-2021-27255", }, { db: "JVNDB", id: "JVNDB-2021-004433", }, { db: "ZDI", id: "ZDI-21-263", }, ], trust: 2.25, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2021-27255", trust: 3.1, }, { db: "ZDI", id: "ZDI-21-263", trust: 3.1, }, { db: "JVNDB", id: "JVNDB-2021-004433", trust: 0.8, }, { db: "ZDI_CAN", id: "ZDI-CAN-12360", trust: 0.7, }, { db: "CNNVD", id: "CNNVD-202102-1751", trust: 0.6, }, ], sources: [ { db: "ZDI", id: "ZDI-21-263", }, { db: "JVNDB", id: "JVNDB-2021-004433", }, { db: "NVD", id: "CVE-2021-27255", }, { db: "CNNVD", id: "CNNVD-202102-1751", }, ], }, id: "VAR-202103-0946", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.28795077578947376, }, last_update_date: "2023-12-18T13:17:54.436000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Security Advisory for Multiple Vulnerabilities on Some Routers, Satellites, and Extenders", trust: 1.5, url: "https://kb.netgear.com/000062883/security-advisory-for-multiple-vulnerabilities-on-some-routers-satellites-and-extenders", }, { title: "NETGEAR Security vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=142982", }, ], sources: [ { db: "ZDI", id: "ZDI-21-263", }, { db: "JVNDB", id: "JVNDB-2021-004433", }, { db: "CNNVD", id: "CNNVD-202102-1751", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-306", trust: 1, }, { problemtype: "Lack of authentication for important features (CWE-306) [ Other ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-004433", }, { db: "NVD", id: "CVE-2021-27255", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 3, url: "https://www.zerodayinitiative.com/advisories/zdi-21-263/", }, { trust: 2.3, url: "https://kb.netgear.com/000062883/security-advisory-for-multiple-vulnerabilities-on-some-routers-satellites-and-extenders", }, { trust: 1.4, url: "https://nvd.nist.gov/vuln/detail/cve-2021-27255", }, ], sources: [ { db: "ZDI", id: "ZDI-21-263", }, { db: "JVNDB", id: "JVNDB-2021-004433", }, { db: "NVD", id: "CVE-2021-27255", }, { db: "CNNVD", id: "CNNVD-202102-1751", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "ZDI", id: "ZDI-21-263", }, { db: "JVNDB", id: "JVNDB-2021-004433", }, { db: "NVD", id: "CVE-2021-27255", }, { db: "CNNVD", id: "CNNVD-202102-1751", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-02-26T00:00:00", db: "ZDI", id: "ZDI-21-263", }, { date: "2021-11-22T00:00:00", db: "JVNDB", id: "JVNDB-2021-004433", }, { date: "2021-03-05T20:15:12.457000", db: "NVD", id: "CVE-2021-27255", }, { date: "2021-02-26T00:00:00", db: "CNNVD", id: "CNNVD-202102-1751", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-02-26T00:00:00", db: "ZDI", id: "ZDI-21-263", }, { date: "2021-11-22T05:55:00", db: "JVNDB", id: "JVNDB-2021-004433", }, { date: "2021-03-16T19:31:18.540000", db: "NVD", id: "CVE-2021-27255", }, { date: "2021-03-19T00:00:00", db: "CNNVD", id: "CNNVD-202102-1751", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote or local", sources: [ { db: "CNNVD", id: "CNNVD-202102-1751", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "NETGEAR R7800 Vulnerability regarding lack of authentication for important functions in firmware", sources: [ { db: "JVNDB", id: "JVNDB-2021-004433", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "access control error", sources: [ { db: "CNNVD", id: "CNNVD-202102-1751", }, ], trust: 0.6, }, }
var-202112-2301
Vulnerability from variot
Certain NETGEAR devices are affected by disclosure of sensitive information. This affects EX6100v2 before 1.0.1.106, EX6150v2 before 1.0.1.106, EX6250 before 1.0.0.146, EX6400 before 1.0.2.164, EX6400v2 before 1.0.0.146, EX6410 before 1.0.0.146, EX6420 before 1.0.0.146, EX7300 before 1.0.2.164, EX7300v2 before 1.0.0.146, EX7320 before 1.0.0.146, EX7700 before 1.0.0.222, LBR1020 before 2.6.5.16, LBR20 before 2.6.5.2, RBK352 before 4.3.4.7, RBK50 before 2.7.3.22, RBR350 before 4.3.4.7, RBR50 before 2.7.3.22, and RBS350 before 4.3.4.7. This affects EX6100v2 prior to 1.0.1.106, EX6150v2 prior to 1.0.1.106, EX6250 prior to 1.0.0.146, EX6400 prior to 1.0.2.164, EX6400v2 prior to 1.0.0.146, EX6410 prior to 1.0.0.146, EX6420 prior to 1.0.0.146, EX7300 prior to 1.0.2.164, EX7300v2 prior to 1.0.0.146, EX7320 prior to 1.0.0.146, EX7700 prior to 1.0.0.222, LBR1020 prior to 2.6.5.16, LBR20 prior to 2.6.5.2, RBK352 prior to 4.3.4.7, RBK50 prior to 2.7.3.22, RBR350 prior to 4.3.4.7, RBR50 prior to 2.7.3.22, and RBS350 prior to 4.3.4.7
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202112-2301", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "ex6150v2", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1.106", }, { model: "rbs350", scope: "lt", trust: 1, vendor: "netgear", version: "4.3.4.7", }, { model: "lbr1020", scope: "lt", trust: 1, vendor: "netgear", version: "2.6.5.16", }, { model: "lbr20", scope: "lt", trust: 1, vendor: "netgear", version: "2.6.5.2", }, { model: "ex6250", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.146", }, { model: "ex6400v2", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.146", }, { model: "ex6410", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.146", }, { model: "ex7700", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.222", }, { model: "rbk352", scope: "lt", trust: 1, vendor: "netgear", version: "4.3.4.7", }, { model: "ex6100v2", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1.106", }, { model: "rbk50", scope: "lt", trust: 1, vendor: "netgear", version: "2.7.3.22", }, { model: "ex7300", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.164", }, { model: "rbr350", scope: "lt", trust: 1, vendor: "netgear", version: "4.3.4.7", }, { model: "ex6420", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.146", }, { model: "ex7300v2", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.146", }, { model: "rbr50", scope: "lt", trust: 1, vendor: "netgear", version: "2.7.3.22", }, { model: "ex7320", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.146", }, { model: "ex6400", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.164", }, { model: "ex7300v2", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "ex7320", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "ex6420", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "ex6150v2", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "ex6100v2", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "ex7300", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "ex6400v2", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "ex6250", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "ex6400", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "ex6410", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-017540", }, { db: "NVD", id: "CVE-2021-45648", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:ex6100v2_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.1.106", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:ex6100v2:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:ex6150v2_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.1.106", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:ex6150v2:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:ex6250_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.0.146", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:ex6250:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:ex6400_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.2.164", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:ex6400:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:ex6400v2_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.0.146", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:ex6400v2:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:ex6410_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.0.146", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:ex6410:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:ex6420_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.0.146", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:ex6420:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:ex7300_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.2.164", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:ex7300:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:ex7300v2_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.0.146", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:ex7300v2:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:ex7320_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.0.146", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:ex7320:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:ex7700_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.0.222", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:ex7700:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:lbr1020_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.6.5.16", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:lbr1020:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:lbr20_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.6.5.2", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:lbr20:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbk352_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "4.3.4.7", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbk352:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbk50_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.7.3.22", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbk50:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbr350_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "4.3.4.7", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbr350:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbr50_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.7.3.22", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbr50:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbs350_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "4.3.4.7", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbs350:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2021-45648", }, ], }, cve: "CVE-2021-45648", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "NVD", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", exploitabilityScore: 10, impactScore: 2.9, integrityImpact: "NONE", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "MEDIUM", trust: 1, userInteractionRequired: false, vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Network", authentication: "None", author: "NVD", availabilityImpact: "None", baseScore: 5, confidentialityImpact: "Partial", exploitabilityScore: null, id: "CVE-2021-45648", impactScore: null, integrityImpact: "None", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.8, userInteractionRequired: null, vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "NVD", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 3.9, impactScore: 3.6, integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, { attackComplexity: "HIGH", attackVector: "ADJACENT_NETWORK", author: "cve@mitre.org", availabilityImpact: "NONE", baseScore: 3.1, baseSeverity: "LOW", confidentialityImpact: "LOW", exploitabilityScore: 1.6, impactScore: 1.4, integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "None", baseScore: 7.5, baseSeverity: "High", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2021-45648", impactScore: null, integrityImpact: "None", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2021-45648", trust: 1.8, value: "HIGH", }, { author: "cve@mitre.org", id: "CVE-2021-45648", trust: 1, value: "LOW", }, { author: "CNNVD", id: "CNNVD-202112-2444", trust: 0.6, value: "HIGH", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-017540", }, { db: "NVD", id: "CVE-2021-45648", }, { db: "NVD", id: "CVE-2021-45648", }, { db: "CNNVD", id: "CNNVD-202112-2444", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Certain NETGEAR devices are affected by disclosure of sensitive information. This affects EX6100v2 before 1.0.1.106, EX6150v2 before 1.0.1.106, EX6250 before 1.0.0.146, EX6400 before 1.0.2.164, EX6400v2 before 1.0.0.146, EX6410 before 1.0.0.146, EX6420 before 1.0.0.146, EX7300 before 1.0.2.164, EX7300v2 before 1.0.0.146, EX7320 before 1.0.0.146, EX7700 before 1.0.0.222, LBR1020 before 2.6.5.16, LBR20 before 2.6.5.2, RBK352 before 4.3.4.7, RBK50 before 2.7.3.22, RBR350 before 4.3.4.7, RBR50 before 2.7.3.22, and RBS350 before 4.3.4.7. This affects EX6100v2 prior to 1.0.1.106, EX6150v2 prior to 1.0.1.106, EX6250 prior to 1.0.0.146, EX6400 prior to 1.0.2.164, EX6400v2 prior to 1.0.0.146, EX6410 prior to 1.0.0.146, EX6420 prior to 1.0.0.146, EX7300 prior to 1.0.2.164, EX7300v2 prior to 1.0.0.146, EX7320 prior to 1.0.0.146, EX7700 prior to 1.0.0.222, LBR1020 prior to 2.6.5.16, LBR20 prior to 2.6.5.2, RBK352 prior to 4.3.4.7, RBK50 prior to 2.7.3.22, RBR350 prior to 4.3.4.7, RBR50 prior to 2.7.3.22, and RBS350 prior to 4.3.4.7", sources: [ { db: "NVD", id: "CVE-2021-45648", }, { db: "JVNDB", id: "JVNDB-2021-017540", }, { db: "VULMON", id: "CVE-2021-45648", }, ], trust: 1.71, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2021-45648", trust: 3.3, }, { db: "JVNDB", id: "JVNDB-2021-017540", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-202112-2444", trust: 0.6, }, { db: "VULMON", id: "CVE-2021-45648", trust: 0.1, }, ], sources: [ { db: "VULMON", id: "CVE-2021-45648", }, { db: "JVNDB", id: "JVNDB-2021-017540", }, { db: "NVD", id: "CVE-2021-45648", }, { db: "CNNVD", id: "CNNVD-202112-2444", }, ], }, id: "VAR-202112-2301", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.324391102, }, last_update_date: "2023-12-18T13:22:38.234000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Security Advisory for Sensitive Information Disclosure on Some Routers, Extenders, and WiFi Systems, PSV-2020-0453", trust: 0.8, url: "https://kb.netgear.com/000064494/security-advisory-for-sensitive-information-disclosure-on-some-routers-extenders-and-wifi-systems-psv-2020-0453", }, { title: "Netgear NETGEAR Security vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=176206", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-017540", }, { db: "CNNVD", id: "CNNVD-202112-2444", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-200", trust: 1, }, { problemtype: "information leak (CWE-200) [NVD evaluation ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-017540", }, { db: "NVD", id: "CVE-2021-45648", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.7, url: "https://kb.netgear.com/000064494/security-advisory-for-sensitive-information-disclosure-on-some-routers-extenders-and-wifi-systems-psv-2020-0453", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2021-45648", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "VULMON", id: "CVE-2021-45648", }, { db: "JVNDB", id: "JVNDB-2021-017540", }, { db: "NVD", id: "CVE-2021-45648", }, { db: "CNNVD", id: "CNNVD-202112-2444", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULMON", id: "CVE-2021-45648", }, { db: "JVNDB", id: "JVNDB-2021-017540", }, { db: "NVD", id: "CVE-2021-45648", }, { db: "CNNVD", id: "CNNVD-202112-2444", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-12-26T00:00:00", db: "VULMON", id: "CVE-2021-45648", }, { date: "2023-01-25T00:00:00", db: "JVNDB", id: "JVNDB-2021-017540", }, { date: "2021-12-26T01:15:20.010000", db: "NVD", id: "CVE-2021-45648", }, { date: "2021-12-26T00:00:00", db: "CNNVD", id: "CNNVD-202112-2444", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-12-27T00:00:00", db: "VULMON", id: "CVE-2021-45648", }, { date: "2023-01-25T01:50:00", db: "JVNDB", id: "JVNDB-2021-017540", }, { date: "2022-01-10T20:05:40.473000", db: "NVD", id: "CVE-2021-45648", }, { date: "2022-01-11T00:00:00", db: "CNNVD", id: "CNNVD-202112-2444", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202112-2444", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "plural NETGEAR Device information disclosure vulnerability", sources: [ { db: "JVNDB", id: "JVNDB-2021-017540", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "information disclosure", sources: [ { db: "CNNVD", id: "CNNVD-202112-2444", }, ], trust: 0.6, }, }
var-202103-0947
Vulnerability from variot
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R7800 firmware version 1.0.2.76. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of the rc_service parameter provided to apply_save.cgi. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-12355. NETGEAR R7800 For firmware, OS A command injection vulnerability exists. Zero Day Initiative To this vulnerability ZDI-CAN-12355 Was numbered.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202103-0947", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "rbr40", scope: "lt", trust: 1, vendor: "netgear", version: "2.6.2.104", }, { model: "ex7700", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.216", }, { model: "br200", scope: "lt", trust: 1, vendor: "netgear", version: "5.10.0.5", }, { model: "ex6400v2", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.134", }, { model: "xr450", scope: "lt", trust: 1, vendor: "netgear", version: "2.3.2.114", }, { model: "rbk15", scope: "lt", trust: 1, vendor: "netgear", version: "2.7.2.104", }, { model: "rbr20", scope: "lt", trust: 1, vendor: "netgear", version: "2.6.2.104", }, { model: "rbk40", scope: "lt", trust: 1, vendor: "netgear", version: "2.6.2.104", }, { model: "rbk53", scope: "lt", trust: 1, vendor: "netgear", version: "2.7.2.104", }, { model: "rbk13", scope: "lt", trust: 1, vendor: "netgear", version: "2.7.2.104", }, { model: "d7800", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1.60", }, { model: "br500", scope: "lt", trust: 1, vendor: "netgear", version: "5.10.0.5", }, { model: "ex7300", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.158", }, { model: "ex7300v2", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.134", }, { model: "ex6150v2", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1.98", }, { model: "rbk12", scope: "lt", trust: 1, vendor: "netgear", version: "2.7.2.104", }, { model: "ex7320", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.134", }, { model: "ex6100v2", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1.98", }, { model: "xr500", scope: "lt", trust: 1, vendor: "netgear", version: "2.3.2.114", }, { model: "rbs20", scope: "lt", trust: 1, vendor: "netgear", version: "2.6.2.104", }, { model: "rbk23", scope: "lt", trust: 1, vendor: "netgear", version: "2.7.2.104", }, { model: "ex6410", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.134", }, { model: "ex6250", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.134", }, { model: "rbk20", scope: "lt", trust: 1, vendor: "netgear", version: "2.6.2.104", }, { model: "rbs50", scope: "lt", trust: 1, vendor: "netgear", version: "2.7.2.104", }, { model: "rbs10", scope: "lt", trust: 1, vendor: "netgear", version: "2.6.2.104", }, { model: "rbs50y", scope: "lt", trust: 1, vendor: "netgear", version: "2.6.2.104", }, { model: "lbr20", scope: "lt", trust: 1, vendor: "netgear", version: "2.6.3.50", }, { model: "xr700", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1.38", }, { model: "rbs40", scope: "lt", trust: 1, vendor: "netgear", version: "2.6.2.104", }, { model: "rbk14", scope: "lt", trust: 1, vendor: "netgear", version: "2.7.2.104", }, { model: "ex8000", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1.232", }, { model: "ex6420", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.134", }, { model: "r7800", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.80", }, { model: "rbk50", scope: "lt", trust: 1, vendor: "netgear", version: "2.7.2.104", }, { model: "ex6400", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.158", }, { model: "r8900", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.5.28", }, { model: "rbk43", scope: "lt", trust: 1, vendor: "netgear", version: "2.6.2.104", }, { model: "rbr10", scope: "lt", trust: 1, vendor: "netgear", version: "2.6.2.104", }, { model: "rbr50", scope: "lt", trust: 1, vendor: "netgear", version: "2.7.2.104", }, { model: "rbk43s", scope: "lt", trust: 1, vendor: "netgear", version: "2.6.2.104", }, { model: "rbk44", scope: "lt", trust: 1, vendor: "netgear", version: "2.6.2.104", }, { model: "r9000", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.5.28", }, { model: "ex6150v2", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "ex6400v2", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "ex6100v2", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "d7800", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "br200", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "ex6250", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "ex6420", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "ex6410", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "ex6400", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "br500", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "r7800", scope: null, trust: 0.7, vendor: "netgear", version: null, }, ], sources: [ { db: "ZDI", id: "ZDI-21-262", }, { db: "JVNDB", id: "JVNDB-2021-004431", }, { db: "NVD", id: "CVE-2021-27256", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:br200_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "5.10.0.5", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:br200:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:br500_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "5.10.0.5", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:br500:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:d7800_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.1.60", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:d7800:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:ex6100v2_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.1.98", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:ex6100v2:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:ex6150v2_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.1.98", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:ex6150v2:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:ex6250_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.0.134", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:ex6250:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:ex6400_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.2.158", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:ex6400:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:ex6400v2_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.0.134", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:ex6400v2:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:ex6410_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.0.134", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:ex6410:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:ex6420_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.0.134", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:ex6420:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:ex7300_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.2.158", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:ex7300:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:ex7300v2_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.0.134", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:ex7300v2:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:ex7320_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.0.134", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:ex7320:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:ex7700_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.0.216", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:ex7700:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:ex8000_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.1.232", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:ex8000:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:lbr20_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.6.3.50", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:lbr20:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:r7800_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.2.80", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:r7800:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:r8900_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.5.28", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:r8900:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:r9000_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.5.28", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:r9000:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbk12_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.7.2.104", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbk12:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbk13_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.7.2.104", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbk13:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbk14_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.7.2.104", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbk14:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbk15_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.7.2.104", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbk15:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbk20_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.6.2.104", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbk20:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbk23_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.7.2.104", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbk23:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbk40_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.6.2.104", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbk40:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbk43_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.6.2.104", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbk43:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbk43s_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.6.2.104", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbk43s:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbk44_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.6.2.104", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbk44:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbk50_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.7.2.104", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbk50:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbk53_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.7.2.104", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbk53:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbr10_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.6.2.104", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbr10:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbr20_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.6.2.104", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbr20:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbr40_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.6.2.104", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbr40:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbr50_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.7.2.104", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbr50:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbs10_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.6.2.104", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbs10:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbs20_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.6.2.104", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbs20:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbs40_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.6.2.104", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbs40:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbs50_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.7.2.104", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbs50:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbs50y_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.6.2.104", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbs50y:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:xr450_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.3.2.114", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:xr450:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:xr500_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.3.2.114", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:xr500:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:xr700_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.1.38", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:xr700:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2021-27256", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "takeshi", sources: [ { db: "ZDI", id: "ZDI-21-262", }, ], trust: 0.7, }, cve: "CVE-2021-27256", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "NONE", author: "NVD", availabilityImpact: "COMPLETE", baseScore: 8.3, confidentialityImpact: "COMPLETE", exploitabilityScore: 6.5, impactScore: 10, integrityImpact: "COMPLETE", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "HIGH", trust: 1, userInteractionRequired: false, vectorString: "AV:A/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Adjacent Network", authentication: "None", author: "NVD", availabilityImpact: "Complete", baseScore: 8.3, confidentialityImpact: "Complete", exploitabilityScore: null, id: "CVE-2021-27256", impactScore: null, integrityImpact: "Complete", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "High", trust: 0.9, userInteractionRequired: null, vectorString: "AV:A/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", author: "NVD", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 2.8, impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", author: "zdi-disclosures@trendmicro.com", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 2.8, impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, { attackComplexity: "Low", attackVector: "Adjacent Network", author: "NVD", availabilityImpact: "High", baseScore: 8.8, baseSeverity: "High", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2021-27256", impactScore: null, integrityImpact: "High", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, { attackComplexity: "LOW", attackVector: "ADJACENT", author: "ZDI", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 2.8, id: "CVE-2021-27256", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 0.7, userInteraction: "NONE", vectorString: "AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2021-27256", trust: 1.8, value: "HIGH", }, { author: "zdi-disclosures@trendmicro.com", id: "CVE-2021-27256", trust: 1, value: "HIGH", }, { author: "ZDI", id: "CVE-2021-27256", trust: 0.7, value: "HIGH", }, { author: "CNNVD", id: "CNNVD-202102-1749", trust: 0.6, value: "HIGH", }, { author: "VULMON", id: "CVE-2021-27256", trust: 0.1, value: "HIGH", }, ], }, ], sources: [ { db: "ZDI", id: "ZDI-21-262", }, { db: "VULMON", id: "CVE-2021-27256", }, { db: "JVNDB", id: "JVNDB-2021-004431", }, { db: "CNNVD", id: "CNNVD-202102-1749", }, { db: "NVD", id: "CVE-2021-27256", }, { db: "NVD", id: "CVE-2021-27256", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R7800 firmware version 1.0.2.76. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of the rc_service parameter provided to apply_save.cgi. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-12355. NETGEAR R7800 For firmware, OS A command injection vulnerability exists. Zero Day Initiative To this vulnerability ZDI-CAN-12355 Was numbered.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state", sources: [ { db: "NVD", id: "CVE-2021-27256", }, { db: "JVNDB", id: "JVNDB-2021-004431", }, { db: "ZDI", id: "ZDI-21-262", }, { db: "VULMON", id: "CVE-2021-27256", }, ], trust: 2.34, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2021-27256", trust: 3.2, }, { db: "ZDI", id: "ZDI-21-262", trust: 3.2, }, { db: "JVNDB", id: "JVNDB-2021-004431", trust: 0.8, }, { db: "ZDI_CAN", id: "ZDI-CAN-12355", trust: 0.7, }, { db: "CNNVD", id: "CNNVD-202102-1749", trust: 0.6, }, { db: "VULMON", id: "CVE-2021-27256", trust: 0.1, }, ], sources: [ { db: "ZDI", id: "ZDI-21-262", }, { db: "VULMON", id: "CVE-2021-27256", }, { db: "JVNDB", id: "JVNDB-2021-004431", }, { db: "CNNVD", id: "CNNVD-202102-1749", }, { db: "NVD", id: "CVE-2021-27256", }, ], }, id: "VAR-202103-0947", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.28795077578947376, }, last_update_date: "2024-02-06T22:54:55.671000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Security Advisory for Multiple Vulnerabilities on Some Routers, Satellites, and Extenders", trust: 1.5, url: "https://kb.netgear.com/000062883/security-advisory-for-multiple-vulnerabilities-on-some-routers-satellites-and-extenders", }, { title: "NETGEAR Security vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=142980", }, ], sources: [ { db: "ZDI", id: "ZDI-21-262", }, { db: "JVNDB", id: "JVNDB-2021-004431", }, { db: "CNNVD", id: "CNNVD-202102-1749", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-78", trust: 1, }, { problemtype: "OS Command injection (CWE-78) [ Other ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-004431", }, { db: "NVD", id: "CVE-2021-27256", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 3.2, url: "https://www.zerodayinitiative.com/advisories/zdi-21-262/", }, { trust: 2.4, url: "https://kb.netgear.com/000062883/security-advisory-for-multiple-vulnerabilities-on-some-routers-satellites-and-extenders", }, { trust: 1.4, url: "https://nvd.nist.gov/vuln/detail/cve-2021-27256", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/78.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "ZDI", id: "ZDI-21-262", }, { db: "VULMON", id: "CVE-2021-27256", }, { db: "JVNDB", id: "JVNDB-2021-004431", }, { db: "CNNVD", id: "CNNVD-202102-1749", }, { db: "NVD", id: "CVE-2021-27256", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "ZDI", id: "ZDI-21-262", }, { db: "VULMON", id: "CVE-2021-27256", }, { db: "JVNDB", id: "JVNDB-2021-004431", }, { db: "CNNVD", id: "CNNVD-202102-1749", }, { db: "NVD", id: "CVE-2021-27256", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-02-26T00:00:00", db: "ZDI", id: "ZDI-21-262", }, { date: "2021-03-05T00:00:00", db: "VULMON", id: "CVE-2021-27256", }, { date: "2021-11-22T00:00:00", db: "JVNDB", id: "JVNDB-2021-004431", }, { date: "2021-02-26T00:00:00", db: "CNNVD", id: "CNNVD-202102-1749", }, { date: "2021-03-05T20:15:12.550000", db: "NVD", id: "CVE-2021-27256", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-02-26T00:00:00", db: "ZDI", id: "ZDI-21-262", }, { date: "2021-03-16T00:00:00", db: "VULMON", id: "CVE-2021-27256", }, { date: "2021-11-22T05:39:00", db: "JVNDB", id: "JVNDB-2021-004431", }, { date: "2021-03-19T00:00:00", db: "CNNVD", id: "CNNVD-202102-1749", }, { date: "2021-03-16T19:35:09.947000", db: "NVD", id: "CVE-2021-27256", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote or local", sources: [ { db: "CNNVD", id: "CNNVD-202102-1749", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "NETGEAR R7800 In firmware OS Command injection vulnerability", sources: [ { db: "JVNDB", id: "JVNDB-2021-004431", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "operating system commend injection", sources: [ { db: "CNNVD", id: "CNNVD-202102-1749", }, ], trust: 0.6, }, }
var-202104-1037
Vulnerability from variot
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR Nighthawk R7800. Authentication is not required to exploit this vulnerability The specific flaw exists within handling of firmware updates. The issue results from a fallback to a insecure protocol to deliver updates. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-12308. Zero Day Initiative To this vulnerability ZDI-CAN-12308 Was numbered.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202104-1037", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "rbr40", scope: "lt", trust: 1, vendor: "netgear", version: "2.6.2.104", }, { model: "ex7700", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.216", }, { model: "br200", scope: "lt", trust: 1, vendor: "netgear", version: "5.10.0.5", }, { model: "ex6400v2", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.134", }, { model: "xr450", scope: "lt", trust: 1, vendor: "netgear", version: "2.3.2.114", }, { model: "rbk15", scope: "lt", trust: 1, vendor: "netgear", version: "2.7.2.104", }, { model: "rbr20", scope: "lt", trust: 1, vendor: "netgear", version: "2.6.2.104", }, { model: "rbk40", scope: "lt", trust: 1, vendor: "netgear", version: "2.6.2.104", }, { model: "rbk53", scope: "lt", trust: 1, vendor: "netgear", version: "2.7.2.104", }, { model: "d7800", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1.60", }, { model: "br500", scope: "lt", trust: 1, vendor: "netgear", version: "5.10.0.5", }, { model: "rbk12", scope: "lt", trust: 1, vendor: "netgear", version: "2.7.2.104", }, { model: "ex7300", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.158", }, { model: "ex7300v2", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.134", }, { model: "rbk13", scope: "lt", trust: 1, vendor: "netgear", version: "2.7.2.104", }, { model: "ex7320", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.134", }, { model: "ex6100v2", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1.98", }, { model: "xr500", scope: "lt", trust: 1, vendor: "netgear", version: "2.3.2.114", }, { model: "rbs20", scope: "lt", trust: 1, vendor: "netgear", version: "2.6.2.104", }, { model: "rbk23", scope: "lt", trust: 1, vendor: "netgear", version: "2.7.2.104", }, { model: "ex6410", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.134", }, { model: "ex6150", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1.98", }, { model: "ex6250", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.134", }, { model: "rbk20", scope: "lt", trust: 1, vendor: "netgear", version: "2.6.2.104", }, { model: "rbs50", scope: "lt", trust: 1, vendor: "netgear", version: "2.7.2.104", }, { model: "rbs10", scope: "lt", trust: 1, vendor: "netgear", version: "2.6.2.104", }, { model: "rbs50y", scope: "lt", trust: 1, vendor: "netgear", version: "2.6.2.104", }, { model: "lbr20", scope: "lt", trust: 1, vendor: "netgear", version: "2.6.3.50", }, { model: "xr700", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1.38", }, { model: "rbs40", scope: "lt", trust: 1, vendor: "netgear", version: "2.6.2.104", }, { model: "rbk14", scope: "lt", trust: 1, vendor: "netgear", version: "2.7.2.104", }, { model: "ex8000", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1.232", }, { model: "ex6420", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.134", }, { model: "r7800", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.80", }, { model: "rbk50", scope: "lt", trust: 1, vendor: "netgear", version: "2.7.2.104", }, { model: "ex6400", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.158", }, { model: "r8900", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.5.28", }, { model: "rbk43", scope: "lt", trust: 1, vendor: "netgear", version: "2.6.2.104", }, { model: "rbr10", scope: "lt", trust: 1, vendor: "netgear", version: "2.6.2.104", }, { model: "rbr50", scope: "lt", trust: 1, vendor: "netgear", version: "2.7.2.104", }, { model: "rbk43s", scope: "lt", trust: 1, vendor: "netgear", version: "2.6.2.104", }, { model: "rbk44", scope: "lt", trust: 1, vendor: "netgear", version: "2.6.2.104", }, { model: "r9000", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.5.28", }, { model: "br500", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "r7800", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "ex6410", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "ex6150", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "d7800", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "ex6100v2", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "ex6400", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "ex6250", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "br200", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "ex6400v2", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "r7800", scope: null, trust: 0.7, vendor: "netgear", version: null, }, ], sources: [ { db: "ZDI", id: "ZDI-21-247", }, { db: "JVNDB", id: "JVNDB-2021-006381", }, { db: "NVD", id: "CVE-2021-27251", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:br200_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "5.10.0.5", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:br200:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:br500_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "5.10.0.5", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:br500:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:d7800_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.1.60", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:d7800:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:ex6100v2_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.1.98", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:ex6100:v2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:ex6150_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.1.98", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:ex6150:v2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:ex6250_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.0.134", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:ex6250:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:ex6400_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.2.158", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:ex6400:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:ex6400v2_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.0.134", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:ex6400:v2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:ex6410_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.0.134", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:ex6410:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:ex6420_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.0.134", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:ex6420:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:ex7300_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.2.158", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:ex7300:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:ex7300v2_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.0.134", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:ex7300:v2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:ex7320_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.0.134", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:ex7320:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:ex7700_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.0.216", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:ex7700:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:ex8000_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.1.232", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:ex8000:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:lbr20_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.6.3.50", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:lbr20:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:r7800_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.2.80", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:r7800:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:r8900_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.5.28", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:r8900:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:r9000_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.5.28", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:r9000:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbk12_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.7.2.104", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbk12:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbk13_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.7.2.104", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbk13:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbk14_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.7.2.104", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbk14:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbk15_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.7.2.104", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbk15:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbk20_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.6.2.104", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbk20:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbk23_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.7.2.104", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbk23:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbk40_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.6.2.104", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbk40:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbk43_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.6.2.104", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbk43:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbk43s_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.6.2.104", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbk43s:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbk44_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.6.2.104", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbk44:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbk50_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.7.2.104", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbk50:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbk53_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.7.2.104", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbk53:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbr10_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.6.2.104", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbr10:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbr20_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.6.2.104", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbr20:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbr40_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.6.2.104", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbr40:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbr50_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.7.2.104", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbr50:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbs10_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.6.2.104", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbs10:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbs20_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.6.2.104", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbs20:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbs40_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.6.2.104", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbs40:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbs50_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.7.2.104", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbs50:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbs50y_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.6.2.104", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbs50y:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:xr450_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.3.2.114", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:xr450:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:xr500_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.3.2.114", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:xr500:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:xr700_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.1.38", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:xr700:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2021-27251", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Team FLASHBACK: Pedro Ribeiro (@pedrib1337 | pedrib@gmail.com) + Radek Domanski (@RabbitPro)", sources: [ { db: "ZDI", id: "ZDI-21-247", }, ], trust: 0.7, }, cve: "CVE-2021-27251", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "NONE", author: "NVD", availabilityImpact: "COMPLETE", baseScore: 8.3, confidentialityImpact: "COMPLETE", exploitabilityScore: 6.5, impactScore: 10, integrityImpact: "COMPLETE", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "HIGH", trust: 1, userInteractionRequired: false, vectorString: "AV:A/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Adjacent Network", authentication: "None", author: "NVD", availabilityImpact: "Complete", baseScore: 8.3, confidentialityImpact: "Complete", exploitabilityScore: null, id: "CVE-2021-27251", impactScore: null, integrityImpact: "Complete", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "High", trust: 0.8, userInteractionRequired: null, vectorString: "AV:A/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", author: "NVD", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 2.8, impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", author: "zdi-disclosures@trendmicro.com", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 2.8, impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, { attackComplexity: "Low", attackVector: "Adjacent Network", author: "NVD", availabilityImpact: "High", baseScore: 8.8, baseSeverity: "High", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2021-27251", impactScore: null, integrityImpact: "High", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, { attackComplexity: "LOW", attackVector: "ADJACENT", author: "ZDI", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 2.8, id: "CVE-2021-27251", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 0.7, userInteraction: "NONE", vectorString: "AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2021-27251", trust: 1.8, value: "HIGH", }, { author: "zdi-disclosures@trendmicro.com", id: "CVE-2021-27251", trust: 1, value: "HIGH", }, { author: "ZDI", id: "CVE-2021-27251", trust: 0.7, value: "HIGH", }, { author: "CNNVD", id: "CNNVD-202104-1136", trust: 0.6, value: "HIGH", }, ], }, ], sources: [ { db: "ZDI", id: "ZDI-21-247", }, { db: "JVNDB", id: "JVNDB-2021-006381", }, { db: "NVD", id: "CVE-2021-27251", }, { db: "NVD", id: "CVE-2021-27251", }, { db: "CNNVD", id: "CNNVD-202104-1136", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR Nighthawk R7800. Authentication is not required to exploit this vulnerability The specific flaw exists within handling of firmware updates. The issue results from a fallback to a insecure protocol to deliver updates. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-12308. Zero Day Initiative To this vulnerability ZDI-CAN-12308 Was numbered.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state", sources: [ { db: "NVD", id: "CVE-2021-27251", }, { db: "JVNDB", id: "JVNDB-2021-006381", }, { db: "ZDI", id: "ZDI-21-247", }, { db: "VULMON", id: "CVE-2021-27251", }, ], trust: 2.34, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2021-27251", trust: 4, }, { db: "ZDI", id: "ZDI-21-247", trust: 3.2, }, { db: "JVNDB", id: "JVNDB-2021-006381", trust: 0.8, }, { db: "ZDI_CAN", id: "ZDI-CAN-12308", trust: 0.7, }, { db: "CNNVD", id: "CNNVD-202104-1136", trust: 0.6, }, { db: "VULMON", id: "CVE-2021-27251", trust: 0.1, }, ], sources: [ { db: "ZDI", id: "ZDI-21-247", }, { db: "VULMON", id: "CVE-2021-27251", }, { db: "JVNDB", id: "JVNDB-2021-006381", }, { db: "NVD", id: "CVE-2021-27251", }, { db: "CNNVD", id: "CNNVD-202104-1136", }, ], }, id: "VAR-202104-1037", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.27871401555555564, }, last_update_date: "2023-12-18T13:22:56.248000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Security Advisory for Multiple Vulnerabilities on Some Routers, Satellites, and Extenders", trust: 1.5, url: "https://kb.netgear.com/000062883/security-advisory-for-multiple-vulnerabilities-on-some-routers-satellites-and-extenders", }, { title: "Netgear NETGEAR Security vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=147498", }, ], sources: [ { db: "ZDI", id: "ZDI-21-247", }, { db: "JVNDB", id: "JVNDB-2021-006381", }, { db: "CNNVD", id: "CNNVD-202104-1136", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-319", trust: 1, }, { problemtype: "Sending important information in clear text (CWE-319) [ Other ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-006381", }, { db: "NVD", id: "CVE-2021-27251", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2.6, url: "https://www.zerodayinitiative.com/advisories/zdi-21-247/", }, { trust: 2.4, url: "https://kb.netgear.com/000062883/security-advisory-for-multiple-vulnerabilities-on-some-routers-satellites-and-extenders", }, { trust: 1.4, url: "https://nvd.nist.gov/vuln/detail/cve-2021-27251", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/319.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "ZDI", id: "ZDI-21-247", }, { db: "VULMON", id: "CVE-2021-27251", }, { db: "JVNDB", id: "JVNDB-2021-006381", }, { db: "NVD", id: "CVE-2021-27251", }, { db: "CNNVD", id: "CNNVD-202104-1136", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "ZDI", id: "ZDI-21-247", }, { db: "VULMON", id: "CVE-2021-27251", }, { db: "JVNDB", id: "JVNDB-2021-006381", }, { db: "NVD", id: "CVE-2021-27251", }, { db: "CNNVD", id: "CNNVD-202104-1136", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-02-24T00:00:00", db: "ZDI", id: "ZDI-21-247", }, { date: "2021-04-14T00:00:00", db: "VULMON", id: "CVE-2021-27251", }, { date: "2022-01-06T00:00:00", db: "JVNDB", id: "JVNDB-2021-006381", }, { date: "2021-04-14T16:15:13.657000", db: "NVD", id: "CVE-2021-27251", }, { date: "2021-04-14T00:00:00", db: "CNNVD", id: "CNNVD-202104-1136", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-02-24T00:00:00", db: "ZDI", id: "ZDI-21-247", }, { date: "2021-04-27T00:00:00", db: "VULMON", id: "CVE-2021-27251", }, { date: "2022-01-06T05:00:00", db: "JVNDB", id: "JVNDB-2021-006381", }, { date: "2021-04-27T14:50:32.750000", db: "NVD", id: "CVE-2021-27251", }, { date: "2021-04-28T00:00:00", db: "CNNVD", id: "CNNVD-202104-1136", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote or local", sources: [ { db: "CNNVD", id: "CNNVD-202104-1136", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "NETGEAR Nighthawk R7800 Vulnerability in plaintext transmission of important information in", sources: [ { db: "JVNDB", id: "JVNDB-2021-006381", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "other", sources: [ { db: "CNNVD", id: "CNNVD-202104-1136", }, ], trust: 0.6, }, }
var-202112-2347
Vulnerability from variot
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D7800 before 1.0.1.66, EX2700 before 1.0.1.68, WN3000RPv2 before 1.0.0.90, WN3000RPv3 before 1.0.2.100, LBR1020 before 2.6.5.20, LBR20 before 2.6.5.32, R6700AX before 1.0.10.110, R7800 before 1.0.2.86, R8900 before 1.0.5.38, R9000 before 1.0.5.38, RAX10 before 1.0.10.110, RAX120v1 before 1.2.3.28, RAX120v2 before 1.2.3.28, RAX70 before 1.0.10.110, RAX78 before 1.0.10.110, XR450 before 2.3.2.130, XR500 before 2.3.2.130, and XR700 before 1.0.1.46. plural NETGEAR On the device OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This affects D7800 prior to 1.0.1.66, EX2700 prior to 1.0.1.68, WN3000RPv2 prior to 1.0.0.90, WN3000RPv3 prior to 1.0.2.100, LBR1020 prior to 2.6.5.20, LBR20 prior to 2.6.5.32, R6700AX prior to 1.0.10.110, R7800 prior to 1.0.2.86, R8900 prior to 1.0.5.38, R9000 prior to 1.0.5.38, RAX10 prior to 1.0.10.110, RAX120v1 prior to 1.2.3.28, RAX120v2 prior to 1.2.3.28, RAX70 prior to 1.0.10.110, RAX78 prior to 1.0.10.110, XR450 prior to 2.3.2.130, XR500 prior to 2.3.2.130, and XR700 prior to 1.0.1.46
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202112-2347", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "lbr20", scope: "lt", trust: 1, vendor: "netgear", version: "2.6.5.32", }, { model: "wn3000rpv3", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.100", }, { model: "rax120v2", scope: "lt", trust: 1, vendor: "netgear", version: "1.2.3.28", }, { model: "r9000", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.5.38", }, { model: "r6700ax", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.10.110", }, { model: "lbr1020", scope: "lt", trust: 1, vendor: "netgear", version: "2.6.5.20", }, { model: "d7800", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1.66", }, { model: "r7800", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.86", }, { model: "rax10", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.10.110", }, { model: "xr700", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1.46", }, { model: "rax78", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.10.110", }, { model: "wn3000rpv2", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.90", }, { model: "rax120v1", scope: "lt", trust: 1, vendor: "netgear", version: "1.2.3.28", }, { model: "r8900", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.5.38", }, { model: "rax70", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.10.110", }, { model: "ex2700", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1.68", }, { model: "xr450", scope: "lt", trust: 1, vendor: "netgear", version: "2.3.2.130", }, { model: "xr500", scope: "lt", trust: 1, vendor: "netgear", version: "2.3.2.130", }, { model: "lbr1020", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "d7800", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "lbr20", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "wn3000rpv2", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "ex2700", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "r9000", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "r6700ax", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "r7800", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "r8900", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "wn3000rpv3", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-017181", }, { db: "NVD", id: "CVE-2021-45602", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:d7800_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.1.66", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:d7800:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:ex2700_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.1.68", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:ex2700:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:wn3000rpv2_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.0.90", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:wn3000rpv2:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:wn3000rpv3_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.2.100", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:wn3000rpv3:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:lbr1020_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.6.5.20", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:lbr1020:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:lbr20_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.6.5.32", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:lbr20:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:r6700ax_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.10.110", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:r6700ax:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:r7800_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.2.86", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:r7800:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:r8900_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.5.38", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:r8900:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:r9000_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.5.38", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:r9000:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rax10_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.10.110", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rax10:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rax120v1_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.2.3.28", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rax120v1:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rax120v2_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.2.3.28", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rax120v2:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rax70_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.10.110", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rax70:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rax78_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.10.110", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rax78:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:xr450_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.3.2.130", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:xr450:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:xr500_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.3.2.130", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:xr500:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:xr700_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.1.46", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:xr700:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2021-45602", }, ], }, cve: "CVE-2021-45602", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", author: "NVD", availabilityImpact: "PARTIAL", baseScore: 4.6, confidentialityImpact: "PARTIAL", exploitabilityScore: 3.9, impactScore: 6.4, integrityImpact: "PARTIAL", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "MEDIUM", trust: 1, userInteractionRequired: false, vectorString: "AV:L/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Local", authentication: "None", author: "NVD", availabilityImpact: "Partial", baseScore: 4.6, confidentialityImpact: "Partial", exploitabilityScore: null, id: "CVE-2021-45602", impactScore: null, integrityImpact: "Partial", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.9, userInteractionRequired: null, vectorString: "AV:L/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "LOCAL", author: "NVD", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 1.8, impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "LOW", attackVector: "LOCAL", author: "cve@mitre.org", availabilityImpact: "LOW", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitabilityScore: 1.8, impactScore: 4.2, integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L", version: "3.1", }, { attackComplexity: "Low", attackVector: "Local", author: "NVD", availabilityImpact: "High", baseScore: 7.8, baseSeverity: "High", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2021-45602", impactScore: null, integrityImpact: "High", privilegesRequired: "Low", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2021-45602", trust: 1.8, value: "HIGH", }, { author: "cve@mitre.org", id: "CVE-2021-45602", trust: 1, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-202112-2398", trust: 0.6, value: "HIGH", }, { author: "VULMON", id: "CVE-2021-45602", trust: 0.1, value: "MEDIUM", }, ], }, ], sources: [ { db: "VULMON", id: "CVE-2021-45602", }, { db: "JVNDB", id: "JVNDB-2021-017181", }, { db: "NVD", id: "CVE-2021-45602", }, { db: "NVD", id: "CVE-2021-45602", }, { db: "CNNVD", id: "CNNVD-202112-2398", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D7800 before 1.0.1.66, EX2700 before 1.0.1.68, WN3000RPv2 before 1.0.0.90, WN3000RPv3 before 1.0.2.100, LBR1020 before 2.6.5.20, LBR20 before 2.6.5.32, R6700AX before 1.0.10.110, R7800 before 1.0.2.86, R8900 before 1.0.5.38, R9000 before 1.0.5.38, RAX10 before 1.0.10.110, RAX120v1 before 1.2.3.28, RAX120v2 before 1.2.3.28, RAX70 before 1.0.10.110, RAX78 before 1.0.10.110, XR450 before 2.3.2.130, XR500 before 2.3.2.130, and XR700 before 1.0.1.46. plural NETGEAR On the device OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This affects D7800 prior to 1.0.1.66, EX2700 prior to 1.0.1.68, WN3000RPv2 prior to 1.0.0.90, WN3000RPv3 prior to 1.0.2.100, LBR1020 prior to 2.6.5.20, LBR20 prior to 2.6.5.32, R6700AX prior to 1.0.10.110, R7800 prior to 1.0.2.86, R8900 prior to 1.0.5.38, R9000 prior to 1.0.5.38, RAX10 prior to 1.0.10.110, RAX120v1 prior to 1.2.3.28, RAX120v2 prior to 1.2.3.28, RAX70 prior to 1.0.10.110, RAX78 prior to 1.0.10.110, XR450 prior to 2.3.2.130, XR500 prior to 2.3.2.130, and XR700 prior to 1.0.1.46", sources: [ { db: "NVD", id: "CVE-2021-45602", }, { db: "JVNDB", id: "JVNDB-2021-017181", }, { db: "VULMON", id: "CVE-2021-45602", }, ], trust: 1.71, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2021-45602", trust: 3.3, }, { db: "JVNDB", id: "JVNDB-2021-017181", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-202112-2398", trust: 0.6, }, { db: "VULMON", id: "CVE-2021-45602", trust: 0.1, }, ], sources: [ { db: "VULMON", id: "CVE-2021-45602", }, { db: "JVNDB", id: "JVNDB-2021-017181", }, { db: "NVD", id: "CVE-2021-45602", }, { db: "CNNVD", id: "CNNVD-202112-2398", }, ], }, id: "VAR-202112-2347", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.47625735888888887, }, last_update_date: "2023-12-18T13:01:00.102000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Security Advisory for Post-Authentication Command Injection & Sensitive Information Disclosure on Multiple Products, PSV-2021-0169 & PSV-2021-0171", trust: 0.8, url: "https://kb.netgear.com/000064407/security-advisory-for-post-authentication-command-injection-sensitive-information-disclosure-on-multiple-products-psv-2021-0169-psv-2021-0171", }, { title: "Netgear NETGEAR Security vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=177119", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-017181", }, { db: "CNNVD", id: "CNNVD-202112-2398", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-78", trust: 1, }, { problemtype: "OS Command injection (CWE-78) [NVD evaluation ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-017181", }, { db: "NVD", id: "CVE-2021-45602", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.7, url: "https://immersivelabs.com/resources/blog/netgear-vulnerabilities-could-put-small-business-routers-at-risk/", }, { trust: 1.7, url: "https://kb.netgear.com/000064407/security-advisory-for-post-authentication-command-injection-sensitive-information-disclosure-on-multiple-products-psv-2021-0169-psv-2021-0171", }, { trust: 1.4, url: "https://nvd.nist.gov/vuln/detail/cve-2021-45602", }, { trust: 0.8, url: "https://www.immersivelabs.com/press/netgear-vulnerabilities-could-put-small-business-routers-at-risk/", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/77.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "VULMON", id: "CVE-2021-45602", }, { db: "JVNDB", id: "JVNDB-2021-017181", }, { db: "NVD", id: "CVE-2021-45602", }, { db: "CNNVD", id: "CNNVD-202112-2398", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULMON", id: "CVE-2021-45602", }, { db: "JVNDB", id: "JVNDB-2021-017181", }, { db: "NVD", id: "CVE-2021-45602", }, { db: "CNNVD", id: "CNNVD-202112-2398", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-12-26T00:00:00", db: "VULMON", id: "CVE-2021-45602", }, { date: "2023-01-06T00:00:00", db: "JVNDB", id: "JVNDB-2021-017181", }, { date: "2021-12-26T01:15:17.803000", db: "NVD", id: "CVE-2021-45602", }, { date: "2021-12-26T00:00:00", db: "CNNVD", id: "CNNVD-202112-2398", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-01-06T00:00:00", db: "VULMON", id: "CVE-2021-45602", }, { date: "2023-01-06T06:33:00", db: "JVNDB", id: "JVNDB-2021-017181", }, { date: "2022-07-12T17:42:04.277000", db: "NVD", id: "CVE-2021-45602", }, { date: "2022-07-14T00:00:00", db: "CNNVD", id: "CNNVD-202112-2398", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "local", sources: [ { db: "CNNVD", id: "CNNVD-202112-2398", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "plural NETGEAR On the device OS Command injection vulnerability", sources: [ { db: "JVNDB", id: "JVNDB-2021-017181", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "operating system commend injection", sources: [ { db: "CNNVD", id: "CNNVD-202112-2398", }, ], trust: 0.6, }, }
var-202112-2307
Vulnerability from variot
Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D7800 before 1.0.1.64, EX6250 before 1.0.0.134, EX7700 before 1.0.0.222, LBR20 before 2.6.3.50, RBS50Y before 2.7.3.22, R8900 before 1.0.5.26, R9000 before 1.0.5.26, XR450 before 2.3.2.66, XR500 before 2.3.2.66, XR700 before 1.0.1.36, EX7320 before 1.0.0.134, RAX120 before 1.2.2.24, EX7300v2 before 1.0.0.134, RAX120v2 before 1.2.2.24, EX6410 before 1.0.0.134, RBR10 before 2.7.3.22, RBR20 before 2.7.3.22, RBR40 before 2.7.3.22, RBR50 before 2.7.3.22, EX6420 before 1.0.0.134, RBS10 before 2.7.3.22, RBS20 before 2.7.3.22, RBS40 before 2.7.3.22, RBS50 before 2.7.3.22, EX6400v2 before 1.0.0.134, RBK12 before 2.7.3.22, RBK20 before 2.7.3.22, RBK40 before 2.7.3.22, and RBK50 before 2.7.3.22. plural NETGEAR There is an unspecified vulnerability in the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This affects D7800 prior to 1.0.1.64, EX6250 prior to 1.0.0.134, EX7700 prior to 1.0.0.222, LBR20 prior to 2.6.3.50, RBS50Y prior to 2.7.3.22, R8900 prior to 1.0.5.26, R9000 prior to 1.0.5.26, XR450 prior to 2.3.2.66, XR500 prior to 2.3.2.66, XR700 prior to 1.0.1.36, EX7320 prior to 1.0.0.134, RAX120 prior to 1.2.2.24, EX7300v2 prior to 1.0.0.134, RAX120v2 prior to 1.2.2.24, EX6410 prior to 1.0.0.134, RBR10 prior to 2.7.3.22, RBR20 prior to 2.7.3.22, RBR40 prior to 2.7.3.22, RBR50 prior to 2.7.3.22, EX6420 prior to 1.0.0.134, RBS10 prior to 2.7.3.22, RBS20 prior to 2.7.3.22, RBS40 prior to 2.7.3.22, RBS50 prior to 2.7.3.22, EX6400v2 prior to 1.0.0.134, RBK12 prior to 2.7.3.22, RBK20 prior to 2.7.3.22, RBK40 prior to 2.7.3.22, and RBK50 prior to 2.7.3.22
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202112-2307", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "rbk12", scope: "lt", trust: 1, vendor: "netgear", version: "2.7.3.22", }, { model: "ex7700", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.222", }, { model: "rbk20", scope: "lt", trust: 1, vendor: "netgear", version: "2.7.3.22", }, { model: "rbs10", scope: "lt", trust: 1, vendor: "netgear", version: "2.7.3.22", }, { model: "rbs50y", scope: "lt", trust: 1, vendor: "netgear", version: "2.7.3.22", }, { model: "rbk50", scope: "lt", trust: 1, vendor: "netgear", version: "2.7.3.22", }, { model: "rbr20", scope: "lt", trust: 1, vendor: "netgear", version: "2.7.3.22", }, { model: "ex6250", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.134", }, { model: "xr450", scope: "lt", trust: 1, vendor: "netgear", version: "2.3.2.66", }, { model: "rax120v2", scope: "lt", trust: 1, vendor: "netgear", version: "1.2.2.24", }, { model: "ex6400v2", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.134", }, { model: "rbk40", scope: "lt", trust: 1, vendor: "netgear", version: "2.7.3.22", }, { model: "lbr20", scope: "lt", trust: 1, vendor: "netgear", version: "2.6.3.50", }, { model: "rbs40", scope: "lt", trust: 1, vendor: "netgear", version: "2.7.3.22", }, { model: "rbr50", scope: "lt", trust: 1, vendor: "netgear", version: "2.7.3.22", }, { model: "r8900", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.5.26", }, { model: "ex6420", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.134", }, { model: "ex7300v2", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.134", }, { model: "d7800", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1.64", }, { model: "ex7320", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.134", }, { model: "rax120", scope: "lt", trust: 1, vendor: "netgear", version: "1.2.2.24", }, { model: "rbs20", scope: "lt", trust: 1, vendor: "netgear", version: "2.7.3.22", }, { model: "rbr10", scope: "lt", trust: 1, vendor: "netgear", version: "2.7.3.22", }, { model: "xr500", scope: "lt", trust: 1, vendor: "netgear", version: "2.3.2.66", }, { model: "r9000", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.5.26", }, { model: "xr700", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1.36", }, { model: "rbs50", scope: "lt", trust: 1, vendor: "netgear", version: "2.7.3.22", }, { model: "ex6410", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.134", }, { model: "rbr40", scope: "lt", trust: 1, vendor: "netgear", version: "2.7.3.22", }, { model: "r8900", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "rbs50", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "rbs10", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "d7800", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "lbr20", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "rbs40", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "rbs20", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "rbs50y", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "ex6250", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "ex7700", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-017512", }, { db: "NVD", id: "CVE-2021-45642", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:d7800_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.1.64", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:d7800:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:ex6250_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.0.134", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:ex6250:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:ex7700_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.0.222", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:ex7700:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:lbr20_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.6.3.50", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:lbr20:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbs50y_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.7.3.22", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbs50y:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbs50_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.7.3.22", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbs50y_firmware:2.7.3.22:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbs20_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.7.3.22", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbs20:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbs10_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.7.3.22", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbs10:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbs40_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.7.3.22", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbs40:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:r8900_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.5.26", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:r8900:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:r9000_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.5.26", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:r9000:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:xr450_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.3.2.66", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:xr450:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:xr500_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.3.2.66", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:xr500:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:xr700_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.1.36", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:xr700:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:ex7320_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.0.134", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:ex7320:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rax120_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.2.2.24", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rax120:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:ex7300v2_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.0.134", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:ex7300v2:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rax120v2_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.2.2.24", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rax120v2:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:ex6410_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.0.134", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:ex6410:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:ex6420_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.0.134", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:ex6420:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:ex6400v2_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.0.134", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:ex6400v2:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbr10_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.7.3.22", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbr10:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbr20_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.7.3.22", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbr20:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbr40_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.7.3.22", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbr40:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbr50_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.7.3.22", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbr50:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbk12_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.7.3.22", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbk12:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbk20_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.7.3.22", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbk20:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbk40_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.7.3.22", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbk40:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbk50_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.7.3.22", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbk50:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2021-45642", }, ], }, cve: "CVE-2021-45642", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "NVD", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", exploitabilityScore: 10, impactScore: 6.4, integrityImpact: "PARTIAL", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "HIGH", trust: 1, userInteractionRequired: false, vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Network", authentication: "None", author: "NVD", availabilityImpact: "Partial", baseScore: 7.5, confidentialityImpact: "Partial", exploitabilityScore: null, id: "CVE-2021-45642", impactScore: null, integrityImpact: "Partial", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "High", trust: 0.9, userInteractionRequired: null, vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "NVD", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 1.2, impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", author: "cve@mitre.org", availabilityImpact: "LOW", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "LOW", exploitabilityScore: 1.7, impactScore: 5.3, integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "CHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:L/I:H/A:L", version: "3.1", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "High", baseScore: 7.2, baseSeverity: "High", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2021-45642", impactScore: null, integrityImpact: "High", privilegesRequired: "High", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2021-45642", trust: 1.8, value: "HIGH", }, { author: "cve@mitre.org", id: "CVE-2021-45642", trust: 1, value: "HIGH", }, { author: "CNNVD", id: "CNNVD-202112-2443", trust: 0.6, value: "HIGH", }, { author: "VULMON", id: "CVE-2021-45642", trust: 0.1, value: "HIGH", }, ], }, ], sources: [ { db: "VULMON", id: "CVE-2021-45642", }, { db: "JVNDB", id: "JVNDB-2021-017512", }, { db: "NVD", id: "CVE-2021-45642", }, { db: "NVD", id: "CVE-2021-45642", }, { db: "CNNVD", id: "CNNVD-202112-2443", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D7800 before 1.0.1.64, EX6250 before 1.0.0.134, EX7700 before 1.0.0.222, LBR20 before 2.6.3.50, RBS50Y before 2.7.3.22, R8900 before 1.0.5.26, R9000 before 1.0.5.26, XR450 before 2.3.2.66, XR500 before 2.3.2.66, XR700 before 1.0.1.36, EX7320 before 1.0.0.134, RAX120 before 1.2.2.24, EX7300v2 before 1.0.0.134, RAX120v2 before 1.2.2.24, EX6410 before 1.0.0.134, RBR10 before 2.7.3.22, RBR20 before 2.7.3.22, RBR40 before 2.7.3.22, RBR50 before 2.7.3.22, EX6420 before 1.0.0.134, RBS10 before 2.7.3.22, RBS20 before 2.7.3.22, RBS40 before 2.7.3.22, RBS50 before 2.7.3.22, EX6400v2 before 1.0.0.134, RBK12 before 2.7.3.22, RBK20 before 2.7.3.22, RBK40 before 2.7.3.22, and RBK50 before 2.7.3.22. plural NETGEAR There is an unspecified vulnerability in the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This affects D7800 prior to 1.0.1.64, EX6250 prior to 1.0.0.134, EX7700 prior to 1.0.0.222, LBR20 prior to 2.6.3.50, RBS50Y prior to 2.7.3.22, R8900 prior to 1.0.5.26, R9000 prior to 1.0.5.26, XR450 prior to 2.3.2.66, XR500 prior to 2.3.2.66, XR700 prior to 1.0.1.36, EX7320 prior to 1.0.0.134, RAX120 prior to 1.2.2.24, EX7300v2 prior to 1.0.0.134, RAX120v2 prior to 1.2.2.24, EX6410 prior to 1.0.0.134, RBR10 prior to 2.7.3.22, RBR20 prior to 2.7.3.22, RBR40 prior to 2.7.3.22, RBR50 prior to 2.7.3.22, EX6420 prior to 1.0.0.134, RBS10 prior to 2.7.3.22, RBS20 prior to 2.7.3.22, RBS40 prior to 2.7.3.22, RBS50 prior to 2.7.3.22, EX6400v2 prior to 1.0.0.134, RBK12 prior to 2.7.3.22, RBK20 prior to 2.7.3.22, RBK40 prior to 2.7.3.22, and RBK50 prior to 2.7.3.22", sources: [ { db: "NVD", id: "CVE-2021-45642", }, { db: "JVNDB", id: "JVNDB-2021-017512", }, { db: "VULMON", id: "CVE-2021-45642", }, ], trust: 1.71, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2021-45642", trust: 3.3, }, { db: "JVNDB", id: "JVNDB-2021-017512", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-202112-2443", trust: 0.6, }, { db: "VULMON", id: "CVE-2021-45642", trust: 0.1, }, ], sources: [ { db: "VULMON", id: "CVE-2021-45642", }, { db: "JVNDB", id: "JVNDB-2021-017512", }, { db: "NVD", id: "CVE-2021-45642", }, { db: "CNNVD", id: "CNNVD-202112-2443", }, ], }, id: "VAR-202112-2307", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.269214052, }, last_update_date: "2023-12-18T12:42:09.015000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Security Advisory for Security Misconfiguration on Some Routers, Extenders, and WiFi Systems, PSV-2020-0427", trust: 0.8, url: "https://kb.netgear.com/000064491/security-advisory-for-security-misconfiguration-on-some-routers-extenders-and-wifi-systems-psv-2020-0427", }, { title: "Netgear NETGEAR Security vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=176679", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-017512", }, { db: "CNNVD", id: "CNNVD-202112-2443", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "NVD-CWE-noinfo", trust: 1, }, { problemtype: "Lack of information (CWE-noinfo) [NVD evaluation ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-017512", }, { db: "NVD", id: "CVE-2021-45642", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.7, url: "https://kb.netgear.com/000064491/security-advisory-for-security-misconfiguration-on-some-routers-extenders-and-wifi-systems-psv-2020-0427", }, { trust: 1.4, url: "https://nvd.nist.gov/vuln/detail/cve-2021-45642", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "VULMON", id: "CVE-2021-45642", }, { db: "JVNDB", id: "JVNDB-2021-017512", }, { db: "NVD", id: "CVE-2021-45642", }, { db: "CNNVD", id: "CNNVD-202112-2443", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULMON", id: "CVE-2021-45642", }, { db: "JVNDB", id: "JVNDB-2021-017512", }, { db: "NVD", id: "CVE-2021-45642", }, { db: "CNNVD", id: "CNNVD-202112-2443", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-12-26T00:00:00", db: "VULMON", id: "CVE-2021-45642", }, { date: "2023-01-24T00:00:00", db: "JVNDB", id: "JVNDB-2021-017512", }, { date: "2021-12-26T01:15:19.737000", db: "NVD", id: "CVE-2021-45642", }, { date: "2021-12-26T00:00:00", db: "CNNVD", id: "CNNVD-202112-2443", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-01-12T00:00:00", db: "VULMON", id: "CVE-2021-45642", }, { date: "2023-01-24T05:15:00", db: "JVNDB", id: "JVNDB-2021-017512", }, { date: "2022-01-12T14:12:01.757000", db: "NVD", id: "CVE-2021-45642", }, { date: "2022-01-13T00:00:00", db: "CNNVD", id: "CNNVD-202112-2443", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202112-2443", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "plural NETGEAR Vulnerabilities in devices", sources: [ { db: "JVNDB", id: "JVNDB-2021-017512", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "other", sources: [ { db: "CNNVD", id: "CNNVD-202112-2443", }, ], trust: 0.6, }, }
var-202103-0945
Vulnerability from variot
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R7800. Authentication is not required to exploit this vulnerability. The specific flaw exists within the apply_save.cgi endpoint. This issue results from the use of hard-coded encryption key. An attacker can leverage this vulnerability to execute arbitrary code in the context of root. Was ZDI-CAN-12287. Zero Day Initiative To this vulnerability ZDI-CAN-12287 Was numbered.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202103-0945", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "rbr40", scope: "lt", trust: 1, vendor: "netgear", version: "2.6.2.104", }, { model: "ex7700", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.216", }, { model: "br200", scope: "lt", trust: 1, vendor: "netgear", version: "5.10.0.5", }, { model: "ex6400v2", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.134", }, { model: "xr450", scope: "lt", trust: 1, vendor: "netgear", version: "2.3.2.114", }, { model: "rbk15", scope: "lt", trust: 1, vendor: "netgear", version: "2.7.2.104", }, { model: "rbr20", scope: "lt", trust: 1, vendor: "netgear", version: "2.6.2.104", }, { model: "rbk40", scope: "lt", trust: 1, vendor: "netgear", version: "2.6.2.104", }, { model: "rbk53", scope: "lt", trust: 1, vendor: "netgear", version: "2.7.2.104", }, { model: "rbk13", scope: "lt", trust: 1, vendor: "netgear", version: "2.7.2.104", }, { model: "d7800", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1.60", }, { model: "br500", scope: "lt", trust: 1, vendor: "netgear", version: "5.10.0.5", }, { model: "ex7300", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.158", }, { model: "ex7300v2", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.134", }, { model: "ex6150v2", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1.98", }, { model: "rbk12", scope: "lt", trust: 1, vendor: "netgear", version: "2.7.2.104", }, { model: "ex7320", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.134", }, { model: "ex6100v2", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1.98", }, { model: "xr500", scope: "lt", trust: 1, vendor: "netgear", version: "2.3.2.114", }, { model: "rbs20", scope: "lt", trust: 1, vendor: "netgear", version: "2.6.2.104", }, { model: "rbk23", scope: "lt", trust: 1, vendor: "netgear", version: "2.7.2.104", }, { model: "ex6410", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.134", }, { model: "ex6250", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.134", }, { model: "rbk20", scope: "lt", trust: 1, vendor: "netgear", version: "2.6.2.104", }, { model: "rbs50", scope: "lt", trust: 1, vendor: "netgear", version: "2.7.2.104", }, { model: "rbs10", scope: "lt", trust: 1, vendor: "netgear", version: "2.6.2.104", }, { model: "rbs50y", scope: "lt", trust: 1, vendor: "netgear", version: "2.6.2.104", }, { model: "lbr20", scope: "lt", trust: 1, vendor: "netgear", version: "2.6.3.50", }, { model: "xr700", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1.38", }, { model: "rbs40", scope: "lt", trust: 1, vendor: "netgear", version: "2.6.2.104", }, { model: "rbk14", scope: "lt", trust: 1, vendor: "netgear", version: "2.7.2.104", }, { model: "ex8000", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1.232", }, { model: "ex6420", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.134", }, { model: "r7800", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.80", }, { model: "rbk50", scope: "lt", trust: 1, vendor: "netgear", version: "2.7.2.104", }, { model: "ex6400", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.158", }, { model: "r8900", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.5.28", }, { model: "rbk43", scope: "lt", trust: 1, vendor: "netgear", version: "2.6.2.104", }, { model: "rbr10", scope: "lt", trust: 1, vendor: "netgear", version: "2.6.2.104", }, { model: "rbr50", scope: "lt", trust: 1, vendor: "netgear", version: "2.7.2.104", }, { model: "rbk43s", scope: "lt", trust: 1, vendor: "netgear", version: "2.6.2.104", }, { model: "rbk44", scope: "lt", trust: 1, vendor: "netgear", version: "2.6.2.104", }, { model: "r9000", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.5.28", }, { model: "ex6150v2", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "ex6400v2", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "ex6100v2", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "d7800", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "br200", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "ex6250", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "ex6420", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "ex6410", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "ex6400", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "br500", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "r7800", scope: null, trust: 0.7, vendor: "netgear", version: null, }, ], sources: [ { db: "ZDI", id: "ZDI-21-252", }, { db: "JVNDB", id: "JVNDB-2021-004434", }, { db: "NVD", id: "CVE-2021-27254", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:br200_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "5.10.0.5", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:br200:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:br500_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "5.10.0.5", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:br500:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:d7800_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.1.60", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:d7800:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:ex6100v2_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.1.98", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:ex6100v2:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:ex6150v2_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.1.98", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:ex6150v2:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:ex6250_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.0.134", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:ex6250:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:ex6400_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.2.158", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:ex6400:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:ex6400v2_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.0.134", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:ex6400v2:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:ex6410_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.0.134", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:ex6410:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:ex6420_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.0.134", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:ex6420:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:ex7300_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.2.158", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:ex7300:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:ex7300v2_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.0.134", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:ex7300v2:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:ex7320_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.0.134", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:ex7320:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:ex7700_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.0.216", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:ex7700:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:ex8000_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.1.232", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:ex8000:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:lbr20_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.6.3.50", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:lbr20:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:r7800_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.2.80", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:r7800:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:r8900_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.5.28", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:r8900:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:r9000_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.5.28", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:r9000:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbk12_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.7.2.104", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbk12:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbk13_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.7.2.104", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbk13:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbk14_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.7.2.104", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbk14:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbk15_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.7.2.104", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbk15:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbk20_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.6.2.104", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbk20:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbk23_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.7.2.104", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbk23:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbk40_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.6.2.104", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbk40:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbk43_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.6.2.104", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbk43:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbk43s_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.6.2.104", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbk43s:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbk44_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.6.2.104", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbk44:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbk50_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.7.2.104", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbk50:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbk53_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.7.2.104", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbk53:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbr10_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.6.2.104", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbr10:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbr20_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.6.2.104", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbr20:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbr40_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.6.2.104", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbr40:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbr50_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.7.2.104", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbr50:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbs10_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.6.2.104", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbs10:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbs20_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.6.2.104", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbs20:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbs40_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.6.2.104", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbs40:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbs50_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.7.2.104", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbs50:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbs50y_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.6.2.104", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbs50y:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:xr450_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.3.2.114", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:xr450:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:xr500_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.3.2.114", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:xr500:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:xr700_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.1.38", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:xr700:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2021-27254", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "84c0", sources: [ { db: "ZDI", id: "ZDI-21-252", }, ], trust: 0.7, }, cve: "CVE-2021-27254", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "NONE", author: "NVD", availabilityImpact: "COMPLETE", baseScore: 8.3, confidentialityImpact: "COMPLETE", exploitabilityScore: 6.5, impactScore: 10, integrityImpact: "COMPLETE", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "HIGH", trust: 1, userInteractionRequired: false, vectorString: "AV:A/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Adjacent Network", authentication: "None", author: "NVD", availabilityImpact: "Complete", baseScore: 8.3, confidentialityImpact: "Complete", exploitabilityScore: null, id: "CVE-2021-27254", impactScore: null, integrityImpact: "Complete", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "High", trust: 0.8, userInteractionRequired: null, vectorString: "AV:A/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", author: "NVD", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 2.8, impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", author: "zdi-disclosures@trendmicro.com", availabilityImpact: "LOW", baseScore: 6.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", exploitabilityScore: 2.8, impactScore: 3.4, integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, { attackComplexity: "Low", attackVector: "Adjacent Network", author: "NVD", availabilityImpact: "High", baseScore: 8.8, baseSeverity: "High", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2021-27254", impactScore: null, integrityImpact: "High", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, { attackComplexity: "LOW", attackVector: "ADJACENT", author: "ZDI", availabilityImpact: "LOW", baseScore: 6.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", exploitabilityScore: 2.8, id: "CVE-2021-27254", impactScore: 3.4, integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 0.7, userInteraction: "NONE", vectorString: "AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2021-27254", trust: 1.8, value: "HIGH", }, { author: "zdi-disclosures@trendmicro.com", id: "CVE-2021-27254", trust: 1, value: "MEDIUM", }, { author: "ZDI", id: "CVE-2021-27254", trust: 0.7, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-202102-1677", trust: 0.6, value: "HIGH", }, ], }, ], sources: [ { db: "ZDI", id: "ZDI-21-252", }, { db: "JVNDB", id: "JVNDB-2021-004434", }, { db: "NVD", id: "CVE-2021-27254", }, { db: "NVD", id: "CVE-2021-27254", }, { db: "CNNVD", id: "CNNVD-202102-1677", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R7800. Authentication is not required to exploit this vulnerability. The specific flaw exists within the apply_save.cgi endpoint. This issue results from the use of hard-coded encryption key. An attacker can leverage this vulnerability to execute arbitrary code in the context of root. Was ZDI-CAN-12287. Zero Day Initiative To this vulnerability ZDI-CAN-12287 Was numbered.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state", sources: [ { db: "NVD", id: "CVE-2021-27254", }, { db: "JVNDB", id: "JVNDB-2021-004434", }, { db: "ZDI", id: "ZDI-21-252", }, ], trust: 2.25, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2021-27254", trust: 3.1, }, { db: "ZDI", id: "ZDI-21-252", trust: 3.1, }, { db: "JVNDB", id: "JVNDB-2021-004434", trust: 0.8, }, { db: "ZDI_CAN", id: "ZDI-CAN-12287", trust: 0.7, }, { db: "CNNVD", id: "CNNVD-202102-1677", trust: 0.6, }, ], sources: [ { db: "ZDI", id: "ZDI-21-252", }, { db: "JVNDB", id: "JVNDB-2021-004434", }, { db: "NVD", id: "CVE-2021-27254", }, { db: "CNNVD", id: "CNNVD-202102-1677", }, ], }, id: "VAR-202103-0945", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.28795077578947376, }, last_update_date: "2023-12-18T13:27:48.630000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Security Advisory for Multiple Vulnerabilities on Some Routers, Satellites, and Extenders", trust: 1.5, url: "https://kb.netgear.com/000062883/security-advisory-for-multiple-vulnerabilities-on-some-routers-satellites-and-extenders", }, { title: "NETGEAR Security vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=142759", }, ], sources: [ { db: "ZDI", id: "ZDI-21-252", }, { db: "JVNDB", id: "JVNDB-2021-004434", }, { db: "CNNVD", id: "CNNVD-202102-1677", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-798", trust: 1, }, { problemtype: "Use hard-coded passwords (CWE-259) [ Other ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-004434", }, { db: "NVD", id: "CVE-2021-27254", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 3, url: "https://www.zerodayinitiative.com/advisories/zdi-21-252/", }, { trust: 2.3, url: "https://kb.netgear.com/000062883/security-advisory-for-multiple-vulnerabilities-on-some-routers-satellites-and-extenders", }, { trust: 1.4, url: "https://nvd.nist.gov/vuln/detail/cve-2021-27254", }, ], sources: [ { db: "ZDI", id: "ZDI-21-252", }, { db: "JVNDB", id: "JVNDB-2021-004434", }, { db: "NVD", id: "CVE-2021-27254", }, { db: "CNNVD", id: "CNNVD-202102-1677", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "ZDI", id: "ZDI-21-252", }, { db: "JVNDB", id: "JVNDB-2021-004434", }, { db: "NVD", id: "CVE-2021-27254", }, { db: "CNNVD", id: "CNNVD-202102-1677", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-02-25T00:00:00", db: "ZDI", id: "ZDI-21-252", }, { date: "2021-11-22T00:00:00", db: "JVNDB", id: "JVNDB-2021-004434", }, { date: "2021-03-05T20:15:12.317000", db: "NVD", id: "CVE-2021-27254", }, { date: "2021-02-25T00:00:00", db: "CNNVD", id: "CNNVD-202102-1677", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-02-25T00:00:00", db: "ZDI", id: "ZDI-21-252", }, { date: "2021-11-22T06:02:00", db: "JVNDB", id: "JVNDB-2021-004434", }, { date: "2022-04-25T17:48:00.193000", db: "NVD", id: "CVE-2021-27254", }, { date: "2022-04-26T00:00:00", db: "CNNVD", id: "CNNVD-202102-1677", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote or local", sources: [ { db: "CNNVD", id: "CNNVD-202102-1677", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "NETGEAR R7800 Vulnerability in using hard-coded passwords in", sources: [ { db: "JVNDB", id: "JVNDB-2021-004434", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "trust management problem", sources: [ { db: "CNNVD", id: "CNNVD-202102-1677", }, ], trust: 0.6, }, }
Vulnerability from fkie_nvd
Published
2021-03-05 20:15
Modified
2024-11-21 05:57
Severity ?
Summary
This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR R7800 firmware version 1.0.2.76. Authentication is not required to exploit this vulnerability. The specific flaw exists within the refresh_status.aspx endpoint. The issue results from a lack of authentication required to start a service on the server. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-12360.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:br200_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "9680E98E-021B-4C71-AAA0-AEF49C6AD95F", versionEndExcluding: "5.10.0.5", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:br200:-:*:*:*:*:*:*:*", matchCriteriaId: "CED01605-09B9-417E-AE6F-1F62888A0C93", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:br500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "89EDAF30-2238-495C-920F-F32CC17C046B", versionEndExcluding: "5.10.0.5", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:br500:-:*:*:*:*:*:*:*", matchCriteriaId: "261C0D85-C951-4F0C-B9C4-0E42B15834EE", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d7800_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "6CBD5FC4-2EF7-49A9-8F23-C9398441E7BD", versionEndExcluding: "1.0.1.60", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d7800:-:*:*:*:*:*:*:*", matchCriteriaId: "DA2D4987-3726-4A72-8D32-592F59FAC46D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex6100v2_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "53C5C134-0778-4098-B8B4-F9589516C297", versionEndExcluding: "1.0.1.98", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex6100v2:-:*:*:*:*:*:*:*", matchCriteriaId: "4DCFF79A-8ACE-455B-90F3-FFC745E8BAD4", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex6150v2_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "597D1ED8-FE6A-4325-83AB-5CA544CFA1AF", versionEndExcluding: "1.0.1.98", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex6150v2:-:*:*:*:*:*:*:*", matchCriteriaId: "5828F04B-E373-4E4F-942D-08CCA038418C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex6250_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "F0F8C423-2E5C-4A50-AF7B-AC67C3771DD3", versionEndExcluding: "1.0.0.134", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex6250:-:*:*:*:*:*:*:*", matchCriteriaId: "B7694D0C-2CC6-4A6E-A251-5CBFC67D2AA9", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex6400_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "9A60E332-CA18-4617-B7C1-4BE82470DE34", versionEndExcluding: "1.0.2.158", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex6400:-:*:*:*:*:*:*:*", matchCriteriaId: "1289BBB4-1955-46A4-B5FE-BF11153C24F5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex6400v2_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "208CF907-B3ED-4A7D-BA5B-16A00F44683D", versionEndExcluding: "1.0.0.134", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex6400v2:-:*:*:*:*:*:*:*", matchCriteriaId: "5882095F-B22A-4937-BA08-6640140F10AE", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex6410_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "74ED019D-C07A-44BE-BD3E-30885C748DDA", versionEndExcluding: "1.0.0.134", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex6410:-:*:*:*:*:*:*:*", matchCriteriaId: "C63267D8-4632-4D14-B39C-BEEC62AD8F87", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex6420_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "34EB68F4-B710-47C9-A01B-A6361B185A19", versionEndExcluding: "1.0.0.134", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex6420:-:*:*:*:*:*:*:*", matchCriteriaId: "0B2C00E1-4A23-4304-B92F-B7D9F4818D90", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex7300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "374F6EAA-A607-4A8F-BA86-EA770BA99189", versionEndExcluding: "1.0.2.158", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex7300:-:*:*:*:*:*:*:*", matchCriteriaId: "F285D60D-A5DA-4467-8F79-15EF8135D007", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex7300v2_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "E02DD6E2-3A3E-4857-9761-1B40FFA4E755", versionEndExcluding: "1.0.0.134", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex7300v2:-:*:*:*:*:*:*:*", matchCriteriaId: "0A88D2A3-3B22-4639-94E9-69CE80F37392", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex7320_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "E53DAB63-389B-4B73-8F75-231320DC71C8", versionEndExcluding: "1.0.0.134", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex7320:-:*:*:*:*:*:*:*", matchCriteriaId: "A1D4DF51-84EA-4296-9E06-CE5E1F4A53D1", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex7700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D8DC1B77-994C-473C-AC97-7CC06341C607", versionEndExcluding: "1.0.0.216", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex7700:-:*:*:*:*:*:*:*", matchCriteriaId: "0D140E3B-9AE5-473A-82DE-9B9DBAE4C34A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex8000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "B4F00B47-FFC8-4D45-B49E-8347504A9A4C", versionEndExcluding: "1.0.1.232", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex8000:-:*:*:*:*:*:*:*", matchCriteriaId: "8D9781C9-799A-4BDA-A027-987627A01633", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:lbr20_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "37C80013-2E0F-459F-BE08-18D60B109AC0", versionEndExcluding: "2.6.3.50", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:lbr20:-:*:*:*:*:*:*:*", matchCriteriaId: "863E45EA-2DA0-4C9A-9B87-79E42B3FF97C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7800_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "3A43D307-64B1-46BF-8237-75518D1703CC", versionEndExcluding: "1.0.2.80", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7800:-:*:*:*:*:*:*:*", matchCriteriaId: "17CF7445-6950-45FE-9D1A-E23F63316329", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r8900_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "01F57C27-EB5A-4F3E-ADF7-684DF8860DA2", versionEndExcluding: "1.0.5.28", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r8900:-:*:*:*:*:*:*:*", matchCriteriaId: "0F859165-8D89-4CDD-9D48-9C7923D2261F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r9000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "8F67B805-17B5-4053-8399-0AFB2EF6E1D4", versionEndExcluding: "1.0.5.28", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r9000:-:*:*:*:*:*:*:*", matchCriteriaId: "D74F1BFC-562E-4E7D-BBAB-2F8B593B5A57", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbk12_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "2135FFEC-0437-43C6-B146-3EF43E1B007B", versionEndExcluding: "2.7.2.104", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbk12:-:*:*:*:*:*:*:*", matchCriteriaId: "D5465A78-4826-4F72-9CBE-528CBF286A79", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbk13_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "5A413E57-A780-486E-AF85-EE460C99D696", versionEndExcluding: "2.7.2.104", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbk13:-:*:*:*:*:*:*:*", matchCriteriaId: "783EEEE0-BB9A-4C54-82B2-046B1033091C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbk14_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "0E9B0ED1-3D84-44A6-BA37-E5F8D0EBCB10", versionEndExcluding: "2.7.2.104", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbk14:-:*:*:*:*:*:*:*", matchCriteriaId: "4CD91050-5FE0-4810-8E6F-EF9B9B2F02E9", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbk15_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "E19C965E-FA8D-4B42-BCB1-23788621DF45", versionEndExcluding: "2.7.2.104", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbk15:-:*:*:*:*:*:*:*", matchCriteriaId: "B801EC38-5B86-49F2-AB81-63F0F07A9BBE", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbk20_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "DAA4BD93-AE89-4506-936F-26C605685193", versionEndExcluding: "2.6.2.104", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbk20:-:*:*:*:*:*:*:*", matchCriteriaId: "E6C9F31C-3E12-4787-9C9B-14883D9D152A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbk23_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "33146BAB-5A18-4A1F-BDD8-3BB33200CDB2", versionEndExcluding: "2.7.2.104", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbk23:-:*:*:*:*:*:*:*", matchCriteriaId: "17D7D346-6F52-4473-A4EA-6059C177BF0F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbk40_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "85AD5F45-F940-4FB5-B4D4-E44D816A3449", versionEndExcluding: "2.6.2.104", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbk40:-:*:*:*:*:*:*:*", matchCriteriaId: "12DDD83C-6FF1-433F-ACA1-7B4B147F9A8C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbk43_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "564B0FDF-7159-42EA-9CAA-BEF791274915", versionEndExcluding: "2.6.2.104", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbk43:-:*:*:*:*:*:*:*", matchCriteriaId: "EC2B9C48-9FE6-462B-88EE-046F15E66430", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbk43s_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "998C6A17-5ADC-47F1-AF63-9B425143C086", versionEndExcluding: "2.6.2.104", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbk43s:-:*:*:*:*:*:*:*", matchCriteriaId: "A5604E66-E9CC-4B78-AF6A-2341B30E3594", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbk44_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "252643DB-46F7-41E9-96E0-0669DD486E5F", versionEndExcluding: "2.6.2.104", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbk44:-:*:*:*:*:*:*:*", matchCriteriaId: "1924FC8B-4031-4EA3-B214-AF6F77D94654", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbk50_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "1FBFA62B-2EBC-426A-98DC-235879902E72", versionEndExcluding: "2.7.2.104", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbk50:-:*:*:*:*:*:*:*", matchCriteriaId: "8BA66D07-D017-49D6-8E72-5C48E940DE1B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbk53_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "66034CFD-1303-4B90-AF70-18B7EDBEFE32", versionEndExcluding: "2.7.2.104", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbk53:-:*:*:*:*:*:*:*", matchCriteriaId: "CF03B2BB-34BB-4A0D-81CD-1841E524F885", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbr10_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "237758B3-C096-465F-95C4-EB3F9835D91F", versionEndExcluding: "2.6.2.104", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbr10:-:*:*:*:*:*:*:*", matchCriteriaId: "5DADAA79-9A5C-4B6F-A58D-704ACD1C3334", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbr20_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "217B0E6E-BCC9-4D12-ADD4-E2C65323018B", versionEndExcluding: "2.6.2.104", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbr20:-:*:*:*:*:*:*:*", matchCriteriaId: "AE5DBD66-9C2A-4EFF-87AB-03E791D584B5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbr40_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "C8E13FC6-D0BF-4674-8A3B-FF5D81B15059", versionEndExcluding: "2.6.2.104", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbr40:-:*:*:*:*:*:*:*", matchCriteriaId: "A9E20E59-2B1E-4E43-A494-2C20FD716D4F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbr50_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "82504AE8-4D6F-4A49-A611-FBFB303CD237", versionEndExcluding: "2.7.2.104", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbr50:-:*:*:*:*:*:*:*", matchCriteriaId: "B2CAEA32-6934-4743-9E6B-22D52AC5E7F8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbs10_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "41B066B3-37CD-4839-909B-A8EC636E5F11", versionEndExcluding: "2.6.2.104", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbs10:-:*:*:*:*:*:*:*", matchCriteriaId: "32BAB5C0-F645-4A90-833F-6345335FA1AF", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbs20_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "9CED8944-D61A-4FDA-A9DB-76CBED16F338", versionEndExcluding: "2.6.2.104", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbs20:-:*:*:*:*:*:*:*", matchCriteriaId: "14FC7F5B-7E4F-4A68-8427-D1F553EBE8CA", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbs40_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "BDAE8049-9102-4B4A-A2CF-B6A2F638B4E3", versionEndExcluding: "2.6.2.104", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbs40:-:*:*:*:*:*:*:*", matchCriteriaId: "6FDCDE39-0355-43B9-BF57-F3718DA2988D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbs50_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "0484BCA5-6DD3-43B9-BB83-24B6BF99C4AA", versionEndExcluding: "2.7.2.104", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbs50:-:*:*:*:*:*:*:*", matchCriteriaId: "3BCFD959-D522-4FA0-AD01-2937DAEE1EDF", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbs50y_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "56489CFF-D34F-4C66-B69B-FB2CE4333D75", versionEndExcluding: "2.6.2.104", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbs50y:-:*:*:*:*:*:*:*", matchCriteriaId: "27F93A76-6EFF-4DA6-9129-4792E2C125D4", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:xr450_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "FF01111F-8A37-4366-A63E-210E6CE0DB0E", versionEndExcluding: "2.3.2.114", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:xr450:-:*:*:*:*:*:*:*", matchCriteriaId: "66B9CE4D-D1EC-4F55-8226-D159CF5F3AB6", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:xr500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "4476F0C6-0A7D-4735-940C-F5C75316EEE9", versionEndExcluding: "2.3.2.114", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:xr500:-:*:*:*:*:*:*:*", matchCriteriaId: "9E203D92-F97B-4F5B-B395-3A5DEDBF1C1C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:xr700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "1D92A0CE-769D-402F-8FD7-BDD8DF247CFD", versionEndExcluding: "1.0.1.38", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:xr700:-:*:*:*:*:*:*:*", matchCriteriaId: "E12892C8-5E01-49A6-BF47-09D630377093", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR R7800 firmware version 1.0.2.76. Authentication is not required to exploit this vulnerability. The specific flaw exists within the refresh_status.aspx endpoint. The issue results from a lack of authentication required to start a service on the server. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-12360.", }, { lang: "es", value: "Esta vulnerabilidad permite a atacantes remotos ejecutar código arbitrario en instalaciones afectadas de NETGEAR R7800 versión de firmware 1.0.2.76. No es requerida una autenticación para explotar esta vulnerabilidad. El fallo específico se presenta dentro del endpoint refresh_status.aspx. El problema resulta de la falta de autenticación necesaria para iniciar un servicio en el servidor. Un atacante puede aprovechar esta vulnerabilidad para ejecutar código en el contexto de root. Era ZDI-CAN-12360", }, ], id: "CVE-2021-27255", lastModified: "2024-11-21T05:57:41.983", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 8.3, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:A/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 6.5, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "LOW", baseScore: 6.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 3.4, source: "zdi-disclosures@trendmicro.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-03-05T20:15:12.457", references: [ { source: "zdi-disclosures@trendmicro.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://kb.netgear.com/000062883/Security-Advisory-for-Multiple-Vulnerabilities-on-Some-Routers-Satellites-and-Extenders", }, { source: "zdi-disclosures@trendmicro.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-21-263/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://kb.netgear.com/000062883/Security-Advisory-for-Multiple-Vulnerabilities-on-Some-Routers-Satellites-and-Extenders", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-21-263/", }, ], sourceIdentifier: "zdi-disclosures@trendmicro.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-306", }, ], source: "zdi-disclosures@trendmicro.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-04-14 16:15
Modified
2024-11-21 05:57
Severity ?
Summary
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR Nighthawk R7800. Authentication is not required to exploit this vulnerability The specific flaw exists within handling of firmware updates. The issue results from a fallback to a insecure protocol to deliver updates. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-12308.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:br200_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "9680E98E-021B-4C71-AAA0-AEF49C6AD95F", versionEndExcluding: "5.10.0.5", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:br200:-:*:*:*:*:*:*:*", matchCriteriaId: "CED01605-09B9-417E-AE6F-1F62888A0C93", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:br500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "89EDAF30-2238-495C-920F-F32CC17C046B", versionEndExcluding: "5.10.0.5", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:br500:-:*:*:*:*:*:*:*", matchCriteriaId: "261C0D85-C951-4F0C-B9C4-0E42B15834EE", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d7800_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "6CBD5FC4-2EF7-49A9-8F23-C9398441E7BD", versionEndExcluding: "1.0.1.60", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d7800:-:*:*:*:*:*:*:*", matchCriteriaId: "DA2D4987-3726-4A72-8D32-592F59FAC46D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex6100v2_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "53C5C134-0778-4098-B8B4-F9589516C297", versionEndExcluding: "1.0.1.98", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex6100:v2:*:*:*:*:*:*:*", matchCriteriaId: "88DD070C-7CBD-48A5-8D77-7C3D1C502D65", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex6150_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "0EF79426-64C8-4FAB-A199-AB7CB82FCD53", versionEndExcluding: "1.0.1.98", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex6150:v2:*:*:*:*:*:*:*", matchCriteriaId: "49846803-C6FB-4DD3-ADA7-78B9923536F2", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex6250_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "F0F8C423-2E5C-4A50-AF7B-AC67C3771DD3", versionEndExcluding: "1.0.0.134", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex6250:-:*:*:*:*:*:*:*", matchCriteriaId: "B7694D0C-2CC6-4A6E-A251-5CBFC67D2AA9", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex6400_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "9A60E332-CA18-4617-B7C1-4BE82470DE34", versionEndExcluding: "1.0.2.158", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex6400:-:*:*:*:*:*:*:*", matchCriteriaId: "1289BBB4-1955-46A4-B5FE-BF11153C24F5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex6400v2_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "208CF907-B3ED-4A7D-BA5B-16A00F44683D", versionEndExcluding: "1.0.0.134", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex6400:v2:*:*:*:*:*:*:*", matchCriteriaId: "946947C2-E4B2-4984-9233-4D4890E1BE07", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex6410_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "74ED019D-C07A-44BE-BD3E-30885C748DDA", versionEndExcluding: "1.0.0.134", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex6410:-:*:*:*:*:*:*:*", matchCriteriaId: "C63267D8-4632-4D14-B39C-BEEC62AD8F87", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex6420_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "34EB68F4-B710-47C9-A01B-A6361B185A19", versionEndExcluding: "1.0.0.134", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex6420:-:*:*:*:*:*:*:*", matchCriteriaId: "0B2C00E1-4A23-4304-B92F-B7D9F4818D90", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex7300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "374F6EAA-A607-4A8F-BA86-EA770BA99189", versionEndExcluding: "1.0.2.158", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex7300:-:*:*:*:*:*:*:*", matchCriteriaId: "F285D60D-A5DA-4467-8F79-15EF8135D007", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex7300v2_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "E02DD6E2-3A3E-4857-9761-1B40FFA4E755", versionEndExcluding: "1.0.0.134", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex7300:v2:*:*:*:*:*:*:*", matchCriteriaId: "A44B9FAB-7EC4-4B2B-B3E5-A372645AE661", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex7320_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "E53DAB63-389B-4B73-8F75-231320DC71C8", versionEndExcluding: "1.0.0.134", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex7320:-:*:*:*:*:*:*:*", matchCriteriaId: "A1D4DF51-84EA-4296-9E06-CE5E1F4A53D1", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex7700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D8DC1B77-994C-473C-AC97-7CC06341C607", versionEndExcluding: "1.0.0.216", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex7700:-:*:*:*:*:*:*:*", matchCriteriaId: "0D140E3B-9AE5-473A-82DE-9B9DBAE4C34A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex8000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "B4F00B47-FFC8-4D45-B49E-8347504A9A4C", versionEndExcluding: "1.0.1.232", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex8000:-:*:*:*:*:*:*:*", matchCriteriaId: "8D9781C9-799A-4BDA-A027-987627A01633", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:lbr20_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "37C80013-2E0F-459F-BE08-18D60B109AC0", versionEndExcluding: "2.6.3.50", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:lbr20:-:*:*:*:*:*:*:*", matchCriteriaId: "863E45EA-2DA0-4C9A-9B87-79E42B3FF97C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7800_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "3A43D307-64B1-46BF-8237-75518D1703CC", versionEndExcluding: "1.0.2.80", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7800:-:*:*:*:*:*:*:*", matchCriteriaId: "17CF7445-6950-45FE-9D1A-E23F63316329", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r8900_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "01F57C27-EB5A-4F3E-ADF7-684DF8860DA2", versionEndExcluding: "1.0.5.28", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r8900:-:*:*:*:*:*:*:*", matchCriteriaId: "0F859165-8D89-4CDD-9D48-9C7923D2261F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r9000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "8F67B805-17B5-4053-8399-0AFB2EF6E1D4", versionEndExcluding: "1.0.5.28", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r9000:-:*:*:*:*:*:*:*", matchCriteriaId: "D74F1BFC-562E-4E7D-BBAB-2F8B593B5A57", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbk12_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "2135FFEC-0437-43C6-B146-3EF43E1B007B", versionEndExcluding: "2.7.2.104", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbk12:-:*:*:*:*:*:*:*", matchCriteriaId: "D5465A78-4826-4F72-9CBE-528CBF286A79", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbk13_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "5A413E57-A780-486E-AF85-EE460C99D696", versionEndExcluding: "2.7.2.104", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbk13:-:*:*:*:*:*:*:*", matchCriteriaId: "783EEEE0-BB9A-4C54-82B2-046B1033091C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbk14_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "0E9B0ED1-3D84-44A6-BA37-E5F8D0EBCB10", versionEndExcluding: "2.7.2.104", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbk14:-:*:*:*:*:*:*:*", matchCriteriaId: "4CD91050-5FE0-4810-8E6F-EF9B9B2F02E9", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbk15_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "E19C965E-FA8D-4B42-BCB1-23788621DF45", versionEndExcluding: "2.7.2.104", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbk15:-:*:*:*:*:*:*:*", matchCriteriaId: "B801EC38-5B86-49F2-AB81-63F0F07A9BBE", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbk20_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "DAA4BD93-AE89-4506-936F-26C605685193", versionEndExcluding: "2.6.2.104", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbk20:-:*:*:*:*:*:*:*", matchCriteriaId: "E6C9F31C-3E12-4787-9C9B-14883D9D152A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbk23_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "33146BAB-5A18-4A1F-BDD8-3BB33200CDB2", versionEndExcluding: "2.7.2.104", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbk23:-:*:*:*:*:*:*:*", matchCriteriaId: "17D7D346-6F52-4473-A4EA-6059C177BF0F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbk40_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "85AD5F45-F940-4FB5-B4D4-E44D816A3449", versionEndExcluding: "2.6.2.104", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbk40:-:*:*:*:*:*:*:*", matchCriteriaId: "12DDD83C-6FF1-433F-ACA1-7B4B147F9A8C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbk43_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "564B0FDF-7159-42EA-9CAA-BEF791274915", versionEndExcluding: "2.6.2.104", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbk43:-:*:*:*:*:*:*:*", matchCriteriaId: "EC2B9C48-9FE6-462B-88EE-046F15E66430", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbk43s_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "998C6A17-5ADC-47F1-AF63-9B425143C086", versionEndExcluding: "2.6.2.104", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbk43s:-:*:*:*:*:*:*:*", matchCriteriaId: "A5604E66-E9CC-4B78-AF6A-2341B30E3594", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbk44_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "252643DB-46F7-41E9-96E0-0669DD486E5F", versionEndExcluding: "2.6.2.104", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbk44:-:*:*:*:*:*:*:*", matchCriteriaId: "1924FC8B-4031-4EA3-B214-AF6F77D94654", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbk50_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "1FBFA62B-2EBC-426A-98DC-235879902E72", versionEndExcluding: "2.7.2.104", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbk50:-:*:*:*:*:*:*:*", matchCriteriaId: "8BA66D07-D017-49D6-8E72-5C48E940DE1B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbk53_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "66034CFD-1303-4B90-AF70-18B7EDBEFE32", versionEndExcluding: "2.7.2.104", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbk53:-:*:*:*:*:*:*:*", matchCriteriaId: "CF03B2BB-34BB-4A0D-81CD-1841E524F885", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbr10_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "237758B3-C096-465F-95C4-EB3F9835D91F", versionEndExcluding: "2.6.2.104", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbr10:-:*:*:*:*:*:*:*", matchCriteriaId: "5DADAA79-9A5C-4B6F-A58D-704ACD1C3334", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbr20_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "217B0E6E-BCC9-4D12-ADD4-E2C65323018B", versionEndExcluding: "2.6.2.104", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbr20:-:*:*:*:*:*:*:*", matchCriteriaId: "AE5DBD66-9C2A-4EFF-87AB-03E791D584B5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbr40_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "C8E13FC6-D0BF-4674-8A3B-FF5D81B15059", versionEndExcluding: "2.6.2.104", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbr40:-:*:*:*:*:*:*:*", matchCriteriaId: "A9E20E59-2B1E-4E43-A494-2C20FD716D4F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbr50_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "82504AE8-4D6F-4A49-A611-FBFB303CD237", versionEndExcluding: "2.7.2.104", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbr50:-:*:*:*:*:*:*:*", matchCriteriaId: "B2CAEA32-6934-4743-9E6B-22D52AC5E7F8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbs10_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "41B066B3-37CD-4839-909B-A8EC636E5F11", versionEndExcluding: "2.6.2.104", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbs10:-:*:*:*:*:*:*:*", matchCriteriaId: "32BAB5C0-F645-4A90-833F-6345335FA1AF", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbs20_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "9CED8944-D61A-4FDA-A9DB-76CBED16F338", versionEndExcluding: "2.6.2.104", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbs20:-:*:*:*:*:*:*:*", matchCriteriaId: "14FC7F5B-7E4F-4A68-8427-D1F553EBE8CA", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbs40_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "BDAE8049-9102-4B4A-A2CF-B6A2F638B4E3", versionEndExcluding: "2.6.2.104", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbs40:-:*:*:*:*:*:*:*", matchCriteriaId: "6FDCDE39-0355-43B9-BF57-F3718DA2988D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbs50_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "0484BCA5-6DD3-43B9-BB83-24B6BF99C4AA", versionEndExcluding: "2.7.2.104", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbs50:-:*:*:*:*:*:*:*", matchCriteriaId: "3BCFD959-D522-4FA0-AD01-2937DAEE1EDF", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbs50y_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "56489CFF-D34F-4C66-B69B-FB2CE4333D75", versionEndExcluding: "2.6.2.104", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbs50y:-:*:*:*:*:*:*:*", matchCriteriaId: "27F93A76-6EFF-4DA6-9129-4792E2C125D4", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:xr450_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "FF01111F-8A37-4366-A63E-210E6CE0DB0E", versionEndExcluding: "2.3.2.114", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:xr450:-:*:*:*:*:*:*:*", matchCriteriaId: "66B9CE4D-D1EC-4F55-8226-D159CF5F3AB6", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:xr500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "4476F0C6-0A7D-4735-940C-F5C75316EEE9", versionEndExcluding: "2.3.2.114", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:xr500:-:*:*:*:*:*:*:*", matchCriteriaId: "9E203D92-F97B-4F5B-B395-3A5DEDBF1C1C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:xr700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "1D92A0CE-769D-402F-8FD7-BDD8DF247CFD", versionEndExcluding: "1.0.1.38", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:xr700:-:*:*:*:*:*:*:*", matchCriteriaId: "E12892C8-5E01-49A6-BF47-09D630377093", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR Nighthawk R7800. Authentication is not required to exploit this vulnerability The specific flaw exists within handling of firmware updates. The issue results from a fallback to a insecure protocol to deliver updates. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-12308.", }, { lang: "es", value: "Esta vulnerabilidad permite a atacantes adyacentes a la red ejecutar código arbitrario en las instalaciones afectadas de NETGEAR Nighthawk R7800. No es requerida una autenticación para explotar esta vulnerabilidad. Un fallo específico se presenta dentro del manejo de las actualizaciones del firmware. El problema es el resultado de un retroceso a un protocolo no seguro para entregar actualizaciones. Un atacante puede aprovechar esta vulnerabilidad para ejecutar código en el contexto de root. Era ZDI-CAN-12308", }, ], id: "CVE-2021-27251", lastModified: "2024-11-21T05:57:41.280", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 8.3, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:A/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 6.5, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "zdi-disclosures@trendmicro.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-04-14T16:15:13.657", references: [ { source: "zdi-disclosures@trendmicro.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://kb.netgear.com/000062883/Security-Advisory-for-Multiple-Vulnerabilities-on-Some-Routers-Satellites-and-Extenders", }, { source: "zdi-disclosures@trendmicro.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-21-247/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://kb.netgear.com/000062883/Security-Advisory-for-Multiple-Vulnerabilities-on-Some-Routers-Satellites-and-Extenders", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-21-247/", }, ], sourceIdentifier: "zdi-disclosures@trendmicro.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-319", }, ], source: "zdi-disclosures@trendmicro.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-12-26 01:15
Modified
2024-11-21 06:32
Severity ?
9.6 (Critical) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects D7800 before 1.0.1.64, EX6200v2 before 1.0.1.86, EX6250 before 1.0.0.134, EX7700 before 1.0.0.216, EX8000 before 1.0.1.232, LBR20 before 2.6.3.50, R7800 before 1.0.2.80, R8900 before 1.0.5.26, R9000 before 1.0.5.26, RAX120 before 1.2.0.16, RBS50Y before 1.0.0.56, WNR2000v5 before 1.0.0.76, XR450 before 2.3.2.114, XR500 before 2.3.2.114, XR700 before 1.0.1.36, EX6150v2 before 1.0.1.98, EX7300 before 1.0.2.158, EX7320 before 1.0.0.134, EX6100v2 before 1.0.1.98, EX6400 before 1.0.2.158, EX7300v2 before 1.0.0.134, EX6410 before 1.0.0.134, RBR10 before 2.6.1.44, RBR20 before 2.6.2.104, RBR40 before 2.6.2.104, RBR50 before 2.7.2.102, EX6420 before 1.0.0.134, RBS10 before 2.6.1.44, RBS20 before 2.6.2.104, RBS40 before 2.6.2.104, RBS50 before 2.7.2.102, EX6400v2 before 1.0.0.134, RBK12 before 2.6.1.44, RBK20 before 2.6.2.104, RBK40 before 2.6.2.104, and RBK50 before 2.7.2.102.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d7800_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "8D7A2E97-4CB0-4861-AD15-1CAFA56856CC", versionEndExcluding: "1.0.1.64", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d7800:-:*:*:*:*:*:*:*", matchCriteriaId: "DA2D4987-3726-4A72-8D32-592F59FAC46D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex6200v2_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "033E6FD3-A903-438D-88B2-F6AF7B2ECBCE", versionEndExcluding: "1.0.1.86", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex6200v2:-:*:*:*:*:*:*:*", matchCriteriaId: "2141AE0A-18CB-4142-A850-B2153DAEE5A8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex6250_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "F0F8C423-2E5C-4A50-AF7B-AC67C3771DD3", versionEndExcluding: "1.0.0.134", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex6250:-:*:*:*:*:*:*:*", matchCriteriaId: "B7694D0C-2CC6-4A6E-A251-5CBFC67D2AA9", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex7700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D8DC1B77-994C-473C-AC97-7CC06341C607", versionEndExcluding: "1.0.0.216", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex7700:-:*:*:*:*:*:*:*", matchCriteriaId: "0D140E3B-9AE5-473A-82DE-9B9DBAE4C34A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex8000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "B4F00B47-FFC8-4D45-B49E-8347504A9A4C", versionEndExcluding: "1.0.1.232", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex8000:-:*:*:*:*:*:*:*", matchCriteriaId: "8D9781C9-799A-4BDA-A027-987627A01633", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:lbr20_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "37C80013-2E0F-459F-BE08-18D60B109AC0", versionEndExcluding: "2.6.3.50", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:lbr20:-:*:*:*:*:*:*:*", matchCriteriaId: "863E45EA-2DA0-4C9A-9B87-79E42B3FF97C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7800_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "3A43D307-64B1-46BF-8237-75518D1703CC", versionEndExcluding: "1.0.2.80", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7800:-:*:*:*:*:*:*:*", matchCriteriaId: "17CF7445-6950-45FE-9D1A-E23F63316329", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r8900_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "617156D5-63CB-4533-A816-C7FCA2F1C0EF", versionEndExcluding: "1.0.5.26", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r8900:-:*:*:*:*:*:*:*", matchCriteriaId: "0F859165-8D89-4CDD-9D48-9C7923D2261F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r9000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "18313A0F-E562-423F-AA3E-14825DD8A22C", versionEndExcluding: "1.0.5.26", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r9000:-:*:*:*:*:*:*:*", matchCriteriaId: "D74F1BFC-562E-4E7D-BBAB-2F8B593B5A57", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rax120_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "1F3FBDF5-28D8-47BE-B518-E4C68ABC34C4", versionEndExcluding: "1.2.0.16", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rax120:-:*:*:*:*:*:*:*", matchCriteriaId: "1742BD56-84E4-40E1-8C04-098B3715161E", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbs50y_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "3D4623F3-CF06-4935-9728-6E1C169A232A", versionEndExcluding: "1.0.0.56", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbs50y:-:*:*:*:*:*:*:*", matchCriteriaId: "27F93A76-6EFF-4DA6-9129-4792E2C125D4", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wnr2000v5_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "6E5CCE1F-CC08-4C10-90C6-55ED8D3F3CE4", versionEndExcluding: "1.0.0.76", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wnr2000v5:-:*:*:*:*:*:*:*", matchCriteriaId: "671EC923-DC84-47D6-B943-0F7DA8168334", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:xr450_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "FF01111F-8A37-4366-A63E-210E6CE0DB0E", versionEndExcluding: "2.3.2.114", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:xr450:-:*:*:*:*:*:*:*", matchCriteriaId: "66B9CE4D-D1EC-4F55-8226-D159CF5F3AB6", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:xr500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "4476F0C6-0A7D-4735-940C-F5C75316EEE9", versionEndExcluding: "2.3.2.114", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:xr500:-:*:*:*:*:*:*:*", matchCriteriaId: "9E203D92-F97B-4F5B-B395-3A5DEDBF1C1C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:xr700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "80D6658B-FF1E-49C3-988E-1DFEA0E980C3", versionEndExcluding: "1.0.1.36", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:xr700:-:*:*:*:*:*:*:*", matchCriteriaId: "E12892C8-5E01-49A6-BF47-09D630377093", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex6150v2_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "597D1ED8-FE6A-4325-83AB-5CA544CFA1AF", versionEndExcluding: "1.0.1.98", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex6150v2:-:*:*:*:*:*:*:*", matchCriteriaId: "5828F04B-E373-4E4F-942D-08CCA038418C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex7300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "374F6EAA-A607-4A8F-BA86-EA770BA99189", versionEndExcluding: "1.0.2.158", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex7300:-:*:*:*:*:*:*:*", matchCriteriaId: "F285D60D-A5DA-4467-8F79-15EF8135D007", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex7320_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "E53DAB63-389B-4B73-8F75-231320DC71C8", versionEndExcluding: "1.0.0.134", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex7320:-:*:*:*:*:*:*:*", matchCriteriaId: "A1D4DF51-84EA-4296-9E06-CE5E1F4A53D1", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex6100v2_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "53C5C134-0778-4098-B8B4-F9589516C297", versionEndExcluding: "1.0.1.98", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex6100v2:-:*:*:*:*:*:*:*", matchCriteriaId: "4DCFF79A-8ACE-455B-90F3-FFC745E8BAD4", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex6400_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "9A60E332-CA18-4617-B7C1-4BE82470DE34", versionEndExcluding: "1.0.2.158", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex6400:-:*:*:*:*:*:*:*", matchCriteriaId: "1289BBB4-1955-46A4-B5FE-BF11153C24F5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex7300v2_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "E02DD6E2-3A3E-4857-9761-1B40FFA4E755", versionEndExcluding: "1.0.0.134", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex7300v2:-:*:*:*:*:*:*:*", matchCriteriaId: "0A88D2A3-3B22-4639-94E9-69CE80F37392", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex6410_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "74ED019D-C07A-44BE-BD3E-30885C748DDA", versionEndExcluding: "1.0.0.134", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex6410:-:*:*:*:*:*:*:*", matchCriteriaId: "C63267D8-4632-4D14-B39C-BEEC62AD8F87", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbr10_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "8246B8D3-8455-43B1-B0FA-F677B8FF84F5", versionEndExcluding: "2.6.1.44", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbr10:-:*:*:*:*:*:*:*", matchCriteriaId: "5DADAA79-9A5C-4B6F-A58D-704ACD1C3334", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbr20_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "217B0E6E-BCC9-4D12-ADD4-E2C65323018B", versionEndExcluding: "2.6.2.104", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbr20:-:*:*:*:*:*:*:*", matchCriteriaId: "AE5DBD66-9C2A-4EFF-87AB-03E791D584B5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbr40_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "C8E13FC6-D0BF-4674-8A3B-FF5D81B15059", versionEndExcluding: "2.6.2.104", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbr40:-:*:*:*:*:*:*:*", matchCriteriaId: "A9E20E59-2B1E-4E43-A494-2C20FD716D4F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbr50_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "BDB4D475-D18E-4555-A4B5-2664DC4122CB", versionEndExcluding: "2.7.2.102", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbr50:-:*:*:*:*:*:*:*", matchCriteriaId: "B2CAEA32-6934-4743-9E6B-22D52AC5E7F8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex6420_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "34EB68F4-B710-47C9-A01B-A6361B185A19", versionEndExcluding: "1.0.0.134", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex6420:-:*:*:*:*:*:*:*", matchCriteriaId: "0B2C00E1-4A23-4304-B92F-B7D9F4818D90", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbs10_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "28DA498C-B466-422E-BAD2-A1F9A15B157F", versionEndExcluding: "2.6.1.44", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbs10:-:*:*:*:*:*:*:*", matchCriteriaId: "32BAB5C0-F645-4A90-833F-6345335FA1AF", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbs20_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "9CED8944-D61A-4FDA-A9DB-76CBED16F338", versionEndExcluding: "2.6.2.104", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbs20:-:*:*:*:*:*:*:*", matchCriteriaId: "14FC7F5B-7E4F-4A68-8427-D1F553EBE8CA", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbs40_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "BDAE8049-9102-4B4A-A2CF-B6A2F638B4E3", versionEndExcluding: "2.6.2.104", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbs40:-:*:*:*:*:*:*:*", matchCriteriaId: "6FDCDE39-0355-43B9-BF57-F3718DA2988D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbs50_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "848D6575-2042-4152-8B3D-4A4E091124F7", versionEndExcluding: "2.7.2.102", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbs50:-:*:*:*:*:*:*:*", matchCriteriaId: "3BCFD959-D522-4FA0-AD01-2937DAEE1EDF", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex6400v2_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "208CF907-B3ED-4A7D-BA5B-16A00F44683D", versionEndExcluding: "1.0.0.134", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex6400v2:-:*:*:*:*:*:*:*", matchCriteriaId: "5882095F-B22A-4937-BA08-6640140F10AE", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbk12_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "9EC30751-F447-45A7-8C57-B73042869EA5", versionEndExcluding: "2.6.1.44", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbk12:-:*:*:*:*:*:*:*", matchCriteriaId: "D5465A78-4826-4F72-9CBE-528CBF286A79", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbk20_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "DAA4BD93-AE89-4506-936F-26C605685193", versionEndExcluding: "2.6.2.104", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbk20:-:*:*:*:*:*:*:*", matchCriteriaId: "E6C9F31C-3E12-4787-9C9B-14883D9D152A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbk40_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "85AD5F45-F940-4FB5-B4D4-E44D816A3449", versionEndExcluding: "2.6.2.104", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbk40:-:*:*:*:*:*:*:*", matchCriteriaId: "12DDD83C-6FF1-433F-ACA1-7B4B147F9A8C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbk50_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "771892CD-B68B-4EC7-986D-778A8DE83078", versionEndExcluding: "2.7.2.102", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbk50:-:*:*:*:*:*:*:*", matchCriteriaId: "8BA66D07-D017-49D6-8E72-5C48E940DE1B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects D7800 before 1.0.1.64, EX6200v2 before 1.0.1.86, EX6250 before 1.0.0.134, EX7700 before 1.0.0.216, EX8000 before 1.0.1.232, LBR20 before 2.6.3.50, R7800 before 1.0.2.80, R8900 before 1.0.5.26, R9000 before 1.0.5.26, RAX120 before 1.2.0.16, RBS50Y before 1.0.0.56, WNR2000v5 before 1.0.0.76, XR450 before 2.3.2.114, XR500 before 2.3.2.114, XR700 before 1.0.1.36, EX6150v2 before 1.0.1.98, EX7300 before 1.0.2.158, EX7320 before 1.0.0.134, EX6100v2 before 1.0.1.98, EX6400 before 1.0.2.158, EX7300v2 before 1.0.0.134, EX6410 before 1.0.0.134, RBR10 before 2.6.1.44, RBR20 before 2.6.2.104, RBR40 before 2.6.2.104, RBR50 before 2.7.2.102, EX6420 before 1.0.0.134, RBS10 before 2.6.1.44, RBS20 before 2.6.2.104, RBS40 before 2.6.2.104, RBS50 before 2.7.2.102, EX6400v2 before 1.0.0.134, RBK12 before 2.6.1.44, RBK20 before 2.6.2.104, RBK40 before 2.6.2.104, and RBK50 before 2.7.2.102.", }, { lang: "es", value: "Determinados dispositivos NETGEAR están afectados por una inyección de comandos por parte de un atacante no autenticado. Esto afecta a D7800 versiones anteriores a 1.0.1.64, a EX6200v2 versiones anteriores a 1.0.1.86, a EX6250 versiones anteriores a 1.0.0.134, a EX7700 versiones anteriores a 1.0.0.216, a EX8000 versiones anteriores a 1.0.1.232, a LBR20 versiones anteriores a 2.6.3.50, a R7800 versiones anteriores a 1.0.2.80, a R8900 versiones anteriores a 1.0.5.26, a R9000 versiones anteriores a 1.0. 5.26, RAX120 versiones anteriores a 1.2.0.16, RBS50Y versiones anteriores a 1.0.0.56, WNR2000v5 versiones anteriores a 1.0.0.76, XR450 versiones anteriores a 2.3.2.114, XR500 versiones anteriores a 2.3.2.114, XR700 versiones anteriores a 1.0.1.36, EX6150v2 versiones anteriores a 1.0.1.98, EX7300 versiones anteriores a 1.0.2.158, EX7320 versiones anteriores a 1.0.0. 134, EX6100v2 versiones anteriores a 1.0.1.98, EX6400 versiones anteriores a 1.0.2.158, EX7300v2 versiones anteriores a 1.0.0.134, EX6410 versiones anteriores a 1.0.0.134, RBR10 versiones anteriores a 2.6.1.44, RBR20 versiones anteriores a 2.6.2.104, RBR40 versiones anteriores a 2.6.2.104, RBR50 versiones anteriores a 2.7.2.102, EX6420 versiones anteriores a 1.0.0. 134, RBS10 versiones anteriores a 2.6.1.44, RBS20 versiones anteriores a 2.6.2.104, RBS40 versiones anteriores a 2.6.2.104, RBS50 versiones anteriores a 2.7.2.102, EX6400v2 versiones anteriores a 1.0.0.134, RBK12 versiones anteriores a 2.6.1.44, RBK20 versiones anteriores a 2.6.2.104, RBK40 versiones anteriores a 2.6.2.104 y RBK50 versiones anteriores a 2.7.2.102", }, ], id: "CVE-2021-45618", lastModified: "2024-11-21T06:32:41.333", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 9.6, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 6, source: "cve@mitre.org", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-12-26T01:15:18.613", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000064490/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-Routers-Extenders-and-WiFi-Systems-PSV-2020-0422", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000064490/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-Routers-Extenders-and-WiFi-Systems-PSV-2020-0422", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-77", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-12-26 01:15
Modified
2024-11-21 06:32
Severity ?
7.6 (High) - CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects LBR20 before 2.6.3.50, RBS50Y before 2.7.3.22, RBR10 before 2.7.3.22, RBR20 before 2.7.3.22, RBR40 before 2.7.3.22, RBR50 before 2.7.3.22, RBS10 before 2.7.3.22, RBS20 before 2.7.3.22, RBS40 before 2.7.3.22, RBS50 before 2.7.3.22, RBK12 before 2.7.3.22, RBK20 before 2.7.3.22, RBK40 before 2.7.3.22, and RBK50 before 2.7.3.22.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netgear | lbr20_firmware | * | |
| netgear | lbr20 | - | |
| netgear | rbs50y_firmware | * | |
| netgear | rbs50y | - | |
| netgear | rbr10_firmware | * | |
| netgear | rbr10 | - | |
| netgear | rbr20_firmware | * | |
| netgear | rbr20 | - | |
| netgear | rbr40_firmware | * | |
| netgear | rbr40 | - | |
| netgear | rbr50_firmware | * | |
| netgear | rbr50 | - | |
| netgear | rbs10_firmware | * | |
| netgear | rbs10 | - | |
| netgear | rbs20_firmware | * | |
| netgear | rbs20 | - | |
| netgear | rbs40_firmware | * | |
| netgear | rbs40 | - | |
| netgear | rbs50_firmware | * | |
| netgear | rbs50 | - | |
| netgear | rbk12_firmware | * | |
| netgear | rbk12 | - | |
| netgear | rbk20_firmware | * | |
| netgear | rbk20 | - | |
| netgear | rbk40_firmware | * | |
| netgear | rbk40 | - | |
| netgear | rbk50_firmware | * | |
| netgear | rbk50 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:lbr20_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "37C80013-2E0F-459F-BE08-18D60B109AC0", versionEndExcluding: "2.6.3.50", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:lbr20:-:*:*:*:*:*:*:*", matchCriteriaId: "863E45EA-2DA0-4C9A-9B87-79E42B3FF97C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbs50y_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "818BD0BA-DF73-481B-91BF-4E2F6DA7B4A7", versionEndExcluding: "2.7.3.22", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbs50y:-:*:*:*:*:*:*:*", matchCriteriaId: "27F93A76-6EFF-4DA6-9129-4792E2C125D4", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbr10_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "CCAC5A0E-0648-4504-A040-BA9859474FFA", versionEndExcluding: "2.7.3.22", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbr10:-:*:*:*:*:*:*:*", matchCriteriaId: "5DADAA79-9A5C-4B6F-A58D-704ACD1C3334", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbr20_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "4E0AC598-D991-49E0-86ED-4ABF0E42E504", versionEndExcluding: "2.7.3.22", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbr20:-:*:*:*:*:*:*:*", matchCriteriaId: "AE5DBD66-9C2A-4EFF-87AB-03E791D584B5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbr40_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "1FD3226E-1B9D-420E-AD7B-7D1DDC867D3F", versionEndExcluding: "2.7.3.22", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbr40:-:*:*:*:*:*:*:*", matchCriteriaId: "A9E20E59-2B1E-4E43-A494-2C20FD716D4F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbr50_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "C1AC74B5-C42B-40BC-8AF9-3E9E0C68084E", versionEndExcluding: "2.7.3.22", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbr50:-:*:*:*:*:*:*:*", matchCriteriaId: "B2CAEA32-6934-4743-9E6B-22D52AC5E7F8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbs10_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "A00846AE-C198-4608-934F-41B6FE7A6038", versionEndExcluding: "2.7.3.22", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbs10:-:*:*:*:*:*:*:*", matchCriteriaId: "32BAB5C0-F645-4A90-833F-6345335FA1AF", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbs20_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "3C936668-6B8C-4497-A5A3-7C4B6CADB09B", versionEndExcluding: "2.7.3.22", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbs20:-:*:*:*:*:*:*:*", matchCriteriaId: "14FC7F5B-7E4F-4A68-8427-D1F553EBE8CA", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbs40_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "40435599-FC79-4563-BF8B-BB1F84BDA82D", versionEndExcluding: "2.7.3.22", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbs40:-:*:*:*:*:*:*:*", matchCriteriaId: "6FDCDE39-0355-43B9-BF57-F3718DA2988D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbs50_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "6C4886CD-5890-4314-AC30-85DBDB69B594", versionEndExcluding: "2.7.3.22", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbs50:-:*:*:*:*:*:*:*", matchCriteriaId: "3BCFD959-D522-4FA0-AD01-2937DAEE1EDF", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbk12_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "EDB5A906-6623-4DE0-8A14-B0917F7242E2", versionEndExcluding: "2.7.3.22", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbk12:-:*:*:*:*:*:*:*", matchCriteriaId: "D5465A78-4826-4F72-9CBE-528CBF286A79", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbk20_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "A4021DFA-AEBD-4C6C-9793-48171990F8B3", versionEndExcluding: "2.7.3.22", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbk20:-:*:*:*:*:*:*:*", matchCriteriaId: "E6C9F31C-3E12-4787-9C9B-14883D9D152A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbk40_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "CA096BE4-3AE5-4AEA-B4C4-359D3A0C7F1E", versionEndExcluding: "2.7.3.22", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbk40:-:*:*:*:*:*:*:*", matchCriteriaId: "12DDD83C-6FF1-433F-ACA1-7B4B147F9A8C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbk50_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "455B1063-8507-4713-82B3-DB1BC4B22A21", versionEndExcluding: "2.7.3.22", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbk50:-:*:*:*:*:*:*:*", matchCriteriaId: "8BA66D07-D017-49D6-8E72-5C48E940DE1B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by command injection by an authenticated user. This affects LBR20 before 2.6.3.50, RBS50Y before 2.7.3.22, RBR10 before 2.7.3.22, RBR20 before 2.7.3.22, RBR40 before 2.7.3.22, RBR50 before 2.7.3.22, RBS10 before 2.7.3.22, RBS20 before 2.7.3.22, RBS40 before 2.7.3.22, RBS50 before 2.7.3.22, RBK12 before 2.7.3.22, RBK20 before 2.7.3.22, RBK40 before 2.7.3.22, and RBK50 before 2.7.3.22.", }, { lang: "es", value: "Determinados dispositivos NETGEAR están afectados por una inyección de comandos por parte de un usuario autenticado. Esto afecta a LBR20 versiones anteriores a 2.6.3.50, RBS50Y versiones anteriores a 2.7.3.22, RBR10 versiones anteriores a 2.7.3.22, RBR20 versiones anteriores a 2.7.3.22, RBR40 versiones anteriores a 2.7.3.22, RBR50 versiones anteriores a 2.7.3.22, RBS10 versiones anteriores a 2.7. 3.22, RBS20 versiones anteriores a 2.7.3.22, RBS40 versiones anteriores a 2.7.3.22, RBS50 versiones anteriores a 2.7.3.22, RBK12 versiones anteriores a 2.7.3.22, RBK20 versiones anteriores a 2.7.3.22, RBK40 versiones anteriores a 2.7.3.22 y RBK50 versiones anteriores a 2.7.3.22", }, ], id: "CVE-2021-45595", lastModified: "2024-11-21T06:32:37.180", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 6.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 7.6, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1, impactScore: 6, source: "cve@mitre.org", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-12-26T01:15:17.487", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000064495/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-WiFi-Systems-PSV-2020-0462", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000064495/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-WiFi-Systems-PSV-2020-0462", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-77", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-04-14 16:15
Modified
2024-11-21 05:57
Severity ?
Summary
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR Nighthawk R7800. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of the rc_service parameter provided to apply_bind.cgi. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-12303.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:br200_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "9680E98E-021B-4C71-AAA0-AEF49C6AD95F", versionEndExcluding: "5.10.0.5", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:br200:-:*:*:*:*:*:*:*", matchCriteriaId: "CED01605-09B9-417E-AE6F-1F62888A0C93", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:br500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "89EDAF30-2238-495C-920F-F32CC17C046B", versionEndExcluding: "5.10.0.5", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:br500:-:*:*:*:*:*:*:*", matchCriteriaId: "261C0D85-C951-4F0C-B9C4-0E42B15834EE", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d7800_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "6CBD5FC4-2EF7-49A9-8F23-C9398441E7BD", versionEndExcluding: "1.0.1.60", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d7800:-:*:*:*:*:*:*:*", matchCriteriaId: "DA2D4987-3726-4A72-8D32-592F59FAC46D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex6100v2_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "53C5C134-0778-4098-B8B4-F9589516C297", versionEndExcluding: "1.0.1.98", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex6100:v2:*:*:*:*:*:*:*", matchCriteriaId: "88DD070C-7CBD-48A5-8D77-7C3D1C502D65", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex6150_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "0EF79426-64C8-4FAB-A199-AB7CB82FCD53", versionEndExcluding: "1.0.1.98", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex6150:v2:*:*:*:*:*:*:*", matchCriteriaId: "49846803-C6FB-4DD3-ADA7-78B9923536F2", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex6250_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "F0F8C423-2E5C-4A50-AF7B-AC67C3771DD3", versionEndExcluding: "1.0.0.134", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex6250:-:*:*:*:*:*:*:*", matchCriteriaId: "B7694D0C-2CC6-4A6E-A251-5CBFC67D2AA9", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex6400_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "9A60E332-CA18-4617-B7C1-4BE82470DE34", versionEndExcluding: "1.0.2.158", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex6400:-:*:*:*:*:*:*:*", matchCriteriaId: "1289BBB4-1955-46A4-B5FE-BF11153C24F5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex6400v2_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "208CF907-B3ED-4A7D-BA5B-16A00F44683D", versionEndExcluding: "1.0.0.134", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex6400:v2:*:*:*:*:*:*:*", matchCriteriaId: "946947C2-E4B2-4984-9233-4D4890E1BE07", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex6410_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "74ED019D-C07A-44BE-BD3E-30885C748DDA", versionEndExcluding: "1.0.0.134", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex6410:-:*:*:*:*:*:*:*", matchCriteriaId: "C63267D8-4632-4D14-B39C-BEEC62AD8F87", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex6420_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "34EB68F4-B710-47C9-A01B-A6361B185A19", versionEndExcluding: "1.0.0.134", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex6420:-:*:*:*:*:*:*:*", matchCriteriaId: "0B2C00E1-4A23-4304-B92F-B7D9F4818D90", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex7300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "374F6EAA-A607-4A8F-BA86-EA770BA99189", versionEndExcluding: "1.0.2.158", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex7300:-:*:*:*:*:*:*:*", matchCriteriaId: "F285D60D-A5DA-4467-8F79-15EF8135D007", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex7300v2_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "E02DD6E2-3A3E-4857-9761-1B40FFA4E755", versionEndExcluding: "1.0.0.134", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex7300:v2:*:*:*:*:*:*:*", matchCriteriaId: "A44B9FAB-7EC4-4B2B-B3E5-A372645AE661", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex7320_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "E53DAB63-389B-4B73-8F75-231320DC71C8", versionEndExcluding: "1.0.0.134", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex7320:-:*:*:*:*:*:*:*", matchCriteriaId: "A1D4DF51-84EA-4296-9E06-CE5E1F4A53D1", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex7700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D8DC1B77-994C-473C-AC97-7CC06341C607", versionEndExcluding: "1.0.0.216", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex7700:-:*:*:*:*:*:*:*", matchCriteriaId: "0D140E3B-9AE5-473A-82DE-9B9DBAE4C34A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex8000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "B4F00B47-FFC8-4D45-B49E-8347504A9A4C", versionEndExcluding: "1.0.1.232", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex8000:-:*:*:*:*:*:*:*", matchCriteriaId: "8D9781C9-799A-4BDA-A027-987627A01633", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:lbr20_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "37C80013-2E0F-459F-BE08-18D60B109AC0", versionEndExcluding: "2.6.3.50", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:lbr20:-:*:*:*:*:*:*:*", matchCriteriaId: "863E45EA-2DA0-4C9A-9B87-79E42B3FF97C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7800_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "3A43D307-64B1-46BF-8237-75518D1703CC", versionEndExcluding: "1.0.2.80", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7800:-:*:*:*:*:*:*:*", matchCriteriaId: "17CF7445-6950-45FE-9D1A-E23F63316329", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r8900_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "01F57C27-EB5A-4F3E-ADF7-684DF8860DA2", versionEndExcluding: "1.0.5.28", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r8900:-:*:*:*:*:*:*:*", matchCriteriaId: "0F859165-8D89-4CDD-9D48-9C7923D2261F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r9000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "8F67B805-17B5-4053-8399-0AFB2EF6E1D4", versionEndExcluding: "1.0.5.28", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r9000:-:*:*:*:*:*:*:*", matchCriteriaId: "D74F1BFC-562E-4E7D-BBAB-2F8B593B5A57", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbk12_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "2135FFEC-0437-43C6-B146-3EF43E1B007B", versionEndExcluding: "2.7.2.104", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbk12:-:*:*:*:*:*:*:*", matchCriteriaId: "D5465A78-4826-4F72-9CBE-528CBF286A79", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbk13_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "5A413E57-A780-486E-AF85-EE460C99D696", versionEndExcluding: "2.7.2.104", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbk13:-:*:*:*:*:*:*:*", matchCriteriaId: "783EEEE0-BB9A-4C54-82B2-046B1033091C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbk14_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "0E9B0ED1-3D84-44A6-BA37-E5F8D0EBCB10", versionEndExcluding: "2.7.2.104", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbk14:-:*:*:*:*:*:*:*", matchCriteriaId: "4CD91050-5FE0-4810-8E6F-EF9B9B2F02E9", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbk15_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "E19C965E-FA8D-4B42-BCB1-23788621DF45", versionEndExcluding: "2.7.2.104", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbk15:-:*:*:*:*:*:*:*", matchCriteriaId: "B801EC38-5B86-49F2-AB81-63F0F07A9BBE", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbk20_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "DAA4BD93-AE89-4506-936F-26C605685193", versionEndExcluding: "2.6.2.104", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbk20:-:*:*:*:*:*:*:*", matchCriteriaId: "E6C9F31C-3E12-4787-9C9B-14883D9D152A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbk23_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "33146BAB-5A18-4A1F-BDD8-3BB33200CDB2", versionEndExcluding: "2.7.2.104", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbk23:-:*:*:*:*:*:*:*", matchCriteriaId: "17D7D346-6F52-4473-A4EA-6059C177BF0F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbk40_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "85AD5F45-F940-4FB5-B4D4-E44D816A3449", versionEndExcluding: "2.6.2.104", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbk40:-:*:*:*:*:*:*:*", matchCriteriaId: "12DDD83C-6FF1-433F-ACA1-7B4B147F9A8C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbk43_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "564B0FDF-7159-42EA-9CAA-BEF791274915", versionEndExcluding: "2.6.2.104", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbk43:-:*:*:*:*:*:*:*", matchCriteriaId: "EC2B9C48-9FE6-462B-88EE-046F15E66430", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbk43s_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "998C6A17-5ADC-47F1-AF63-9B425143C086", versionEndExcluding: "2.6.2.104", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbk43s:-:*:*:*:*:*:*:*", matchCriteriaId: "A5604E66-E9CC-4B78-AF6A-2341B30E3594", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbk44_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "252643DB-46F7-41E9-96E0-0669DD486E5F", versionEndExcluding: "2.6.2.104", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbk44:-:*:*:*:*:*:*:*", matchCriteriaId: "1924FC8B-4031-4EA3-B214-AF6F77D94654", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbk50_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "1FBFA62B-2EBC-426A-98DC-235879902E72", versionEndExcluding: "2.7.2.104", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbk50:-:*:*:*:*:*:*:*", matchCriteriaId: "8BA66D07-D017-49D6-8E72-5C48E940DE1B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbk53_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "66034CFD-1303-4B90-AF70-18B7EDBEFE32", versionEndExcluding: "2.7.2.104", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbk53:-:*:*:*:*:*:*:*", matchCriteriaId: "CF03B2BB-34BB-4A0D-81CD-1841E524F885", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbr10_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "237758B3-C096-465F-95C4-EB3F9835D91F", versionEndExcluding: "2.6.2.104", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbr10:-:*:*:*:*:*:*:*", matchCriteriaId: "5DADAA79-9A5C-4B6F-A58D-704ACD1C3334", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbr20_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "217B0E6E-BCC9-4D12-ADD4-E2C65323018B", versionEndExcluding: "2.6.2.104", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbr20:-:*:*:*:*:*:*:*", matchCriteriaId: "AE5DBD66-9C2A-4EFF-87AB-03E791D584B5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbr40_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "C8E13FC6-D0BF-4674-8A3B-FF5D81B15059", versionEndExcluding: "2.6.2.104", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbr40:-:*:*:*:*:*:*:*", matchCriteriaId: "A9E20E59-2B1E-4E43-A494-2C20FD716D4F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbr50_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "82504AE8-4D6F-4A49-A611-FBFB303CD237", versionEndExcluding: "2.7.2.104", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbr50:-:*:*:*:*:*:*:*", matchCriteriaId: "B2CAEA32-6934-4743-9E6B-22D52AC5E7F8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbs10_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "41B066B3-37CD-4839-909B-A8EC636E5F11", versionEndExcluding: "2.6.2.104", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbs10:-:*:*:*:*:*:*:*", matchCriteriaId: "32BAB5C0-F645-4A90-833F-6345335FA1AF", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbs20_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "9CED8944-D61A-4FDA-A9DB-76CBED16F338", versionEndExcluding: "2.6.2.104", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbs20:-:*:*:*:*:*:*:*", matchCriteriaId: "14FC7F5B-7E4F-4A68-8427-D1F553EBE8CA", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbs40_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "BDAE8049-9102-4B4A-A2CF-B6A2F638B4E3", versionEndExcluding: "2.6.2.104", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbs40:-:*:*:*:*:*:*:*", matchCriteriaId: "6FDCDE39-0355-43B9-BF57-F3718DA2988D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbs50_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "0484BCA5-6DD3-43B9-BB83-24B6BF99C4AA", versionEndExcluding: "2.7.2.104", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbs50:-:*:*:*:*:*:*:*", matchCriteriaId: "3BCFD959-D522-4FA0-AD01-2937DAEE1EDF", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbs50y_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "56489CFF-D34F-4C66-B69B-FB2CE4333D75", versionEndExcluding: "2.6.2.104", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbs50y:-:*:*:*:*:*:*:*", matchCriteriaId: "27F93A76-6EFF-4DA6-9129-4792E2C125D4", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:xr450_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "FF01111F-8A37-4366-A63E-210E6CE0DB0E", versionEndExcluding: "2.3.2.114", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:xr450:-:*:*:*:*:*:*:*", matchCriteriaId: "66B9CE4D-D1EC-4F55-8226-D159CF5F3AB6", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:xr500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "4476F0C6-0A7D-4735-940C-F5C75316EEE9", versionEndExcluding: "2.3.2.114", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:xr500:-:*:*:*:*:*:*:*", matchCriteriaId: "9E203D92-F97B-4F5B-B395-3A5DEDBF1C1C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:xr700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "1D92A0CE-769D-402F-8FD7-BDD8DF247CFD", versionEndExcluding: "1.0.1.38", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:xr700:-:*:*:*:*:*:*:*", matchCriteriaId: "E12892C8-5E01-49A6-BF47-09D630377093", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR Nighthawk R7800. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of the rc_service parameter provided to apply_bind.cgi. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-12303.", }, { lang: "es", value: "Esta vulnerabilidad permite a atacantes adyacentes a la red ejecutar código arbitrario en las instalaciones afectadas de NETGEAR Nighthawk R7800. Aunque es requerido autenticación para explotar esta vulnerabilidad, el mecanismo de autenticación existente puede ser omitido. El fallo específico se presenta dentro del manejo del parámetro rc_service proporcionado para el archivo apply_bind.cgi. El problema resulta de una falta de comprobación apropiada de una cadena suministrada por el usuario antes de usarla para ejecutar una llamada al sistema. Un atacante puede aprovechar esta vulnerabilidad para ejecutar código en el contexto de root. Era ZDI-CAN-12303", }, ], id: "CVE-2021-27253", lastModified: "2024-11-21T05:57:41.613", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 8.3, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:A/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 6.5, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "zdi-disclosures@trendmicro.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-04-14T16:15:13.797", references: [ { source: "zdi-disclosures@trendmicro.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://kb.netgear.com/000062883/Security-Advisory-for-Multiple-Vulnerabilities-on-Some-Routers-Satellites-and-Extenders", }, { source: "zdi-disclosures@trendmicro.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-21-249/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://kb.netgear.com/000062883/Security-Advisory-for-Multiple-Vulnerabilities-on-Some-Routers-Satellites-and-Extenders", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-21-249/", }, ], sourceIdentifier: "zdi-disclosures@trendmicro.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-122", }, ], source: "zdi-disclosures@trendmicro.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-12-26 01:15
Modified
2024-11-21 06:32
Severity ?
7.5 (High) - CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:L/I:H/A:L
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D7800 before 1.0.1.64, EX6250 before 1.0.0.134, EX7700 before 1.0.0.222, LBR20 before 2.6.3.50, RBS50Y before 2.7.3.22, R8900 before 1.0.5.26, R9000 before 1.0.5.26, XR450 before 2.3.2.66, XR500 before 2.3.2.66, XR700 before 1.0.1.36, EX7320 before 1.0.0.134, RAX120 before 1.2.2.24, EX7300v2 before 1.0.0.134, RAX120v2 before 1.2.2.24, EX6410 before 1.0.0.134, RBR10 before 2.7.3.22, RBR20 before 2.7.3.22, RBR40 before 2.7.3.22, RBR50 before 2.7.3.22, EX6420 before 1.0.0.134, RBS10 before 2.7.3.22, RBS20 before 2.7.3.22, RBS40 before 2.7.3.22, RBS50 before 2.7.3.22, EX6400v2 before 1.0.0.134, RBK12 before 2.7.3.22, RBK20 before 2.7.3.22, RBK40 before 2.7.3.22, and RBK50 before 2.7.3.22.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d7800_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "8D7A2E97-4CB0-4861-AD15-1CAFA56856CC", versionEndExcluding: "1.0.1.64", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d7800:-:*:*:*:*:*:*:*", matchCriteriaId: "DA2D4987-3726-4A72-8D32-592F59FAC46D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex6250_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "F0F8C423-2E5C-4A50-AF7B-AC67C3771DD3", versionEndExcluding: "1.0.0.134", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex6250:-:*:*:*:*:*:*:*", matchCriteriaId: "B7694D0C-2CC6-4A6E-A251-5CBFC67D2AA9", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex7700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "037B3306-22A2-4072-80AC-7CB3FC39BC6F", versionEndExcluding: "1.0.0.222", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex7700:-:*:*:*:*:*:*:*", matchCriteriaId: "0D140E3B-9AE5-473A-82DE-9B9DBAE4C34A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:lbr20_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "37C80013-2E0F-459F-BE08-18D60B109AC0", versionEndExcluding: "2.6.3.50", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:lbr20:-:*:*:*:*:*:*:*", matchCriteriaId: "863E45EA-2DA0-4C9A-9B87-79E42B3FF97C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbs50y_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "818BD0BA-DF73-481B-91BF-4E2F6DA7B4A7", versionEndExcluding: "2.7.3.22", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbs50y:-:*:*:*:*:*:*:*", matchCriteriaId: "27F93A76-6EFF-4DA6-9129-4792E2C125D4", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbs50_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "6C4886CD-5890-4314-AC30-85DBDB69B594", versionEndExcluding: "2.7.3.22", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbs50y_firmware:2.7.3.22:*:*:*:*:*:*:*", matchCriteriaId: "CC5B28CD-589C-4525-9A7B-132A6A20F855", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbs20_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "3C936668-6B8C-4497-A5A3-7C4B6CADB09B", versionEndExcluding: "2.7.3.22", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbs20:-:*:*:*:*:*:*:*", matchCriteriaId: "14FC7F5B-7E4F-4A68-8427-D1F553EBE8CA", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbs10_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "A00846AE-C198-4608-934F-41B6FE7A6038", versionEndExcluding: "2.7.3.22", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbs10:-:*:*:*:*:*:*:*", matchCriteriaId: "32BAB5C0-F645-4A90-833F-6345335FA1AF", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbs40_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "40435599-FC79-4563-BF8B-BB1F84BDA82D", versionEndExcluding: "2.7.3.22", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbs40:-:*:*:*:*:*:*:*", matchCriteriaId: "6FDCDE39-0355-43B9-BF57-F3718DA2988D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r8900_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "617156D5-63CB-4533-A816-C7FCA2F1C0EF", versionEndExcluding: "1.0.5.26", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r8900:-:*:*:*:*:*:*:*", matchCriteriaId: "0F859165-8D89-4CDD-9D48-9C7923D2261F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r9000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "18313A0F-E562-423F-AA3E-14825DD8A22C", versionEndExcluding: "1.0.5.26", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r9000:-:*:*:*:*:*:*:*", matchCriteriaId: "D74F1BFC-562E-4E7D-BBAB-2F8B593B5A57", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:xr450_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "051E8D2A-0EB0-43A7-9AAA-8519B8CC7FE0", versionEndExcluding: "2.3.2.66", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:xr450:-:*:*:*:*:*:*:*", matchCriteriaId: "66B9CE4D-D1EC-4F55-8226-D159CF5F3AB6", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:xr500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "0BCFB551-95C6-4EEF-83F0-4246F67E6668", versionEndExcluding: "2.3.2.66", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:xr500:-:*:*:*:*:*:*:*", matchCriteriaId: "9E203D92-F97B-4F5B-B395-3A5DEDBF1C1C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:xr700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "80D6658B-FF1E-49C3-988E-1DFEA0E980C3", versionEndExcluding: "1.0.1.36", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:xr700:-:*:*:*:*:*:*:*", matchCriteriaId: "E12892C8-5E01-49A6-BF47-09D630377093", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex7320_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "E53DAB63-389B-4B73-8F75-231320DC71C8", versionEndExcluding: "1.0.0.134", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex7320:-:*:*:*:*:*:*:*", matchCriteriaId: "A1D4DF51-84EA-4296-9E06-CE5E1F4A53D1", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rax120_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "90253B16-5B71-4E61-9E00-125D63CB24D3", versionEndExcluding: "1.2.2.24", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rax120:-:*:*:*:*:*:*:*", matchCriteriaId: "1742BD56-84E4-40E1-8C04-098B3715161E", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex7300v2_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "E02DD6E2-3A3E-4857-9761-1B40FFA4E755", versionEndExcluding: "1.0.0.134", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex7300v2:-:*:*:*:*:*:*:*", matchCriteriaId: "0A88D2A3-3B22-4639-94E9-69CE80F37392", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rax120v2_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "1E61C06A-A03A-47DC-BA2F-880266DCA293", versionEndExcluding: "1.2.2.24", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rax120v2:-:*:*:*:*:*:*:*", matchCriteriaId: "50D741E6-43F9-4BDC-B1A4-281AC73A7C19", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex6410_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "74ED019D-C07A-44BE-BD3E-30885C748DDA", versionEndExcluding: "1.0.0.134", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex6410:-:*:*:*:*:*:*:*", matchCriteriaId: "C63267D8-4632-4D14-B39C-BEEC62AD8F87", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex6420_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "34EB68F4-B710-47C9-A01B-A6361B185A19", versionEndExcluding: "1.0.0.134", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex6420:-:*:*:*:*:*:*:*", matchCriteriaId: "0B2C00E1-4A23-4304-B92F-B7D9F4818D90", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex6400v2_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "208CF907-B3ED-4A7D-BA5B-16A00F44683D", versionEndExcluding: "1.0.0.134", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex6400v2:-:*:*:*:*:*:*:*", matchCriteriaId: "5882095F-B22A-4937-BA08-6640140F10AE", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbr10_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "CCAC5A0E-0648-4504-A040-BA9859474FFA", versionEndExcluding: "2.7.3.22", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbr10:-:*:*:*:*:*:*:*", matchCriteriaId: "5DADAA79-9A5C-4B6F-A58D-704ACD1C3334", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbr20_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "4E0AC598-D991-49E0-86ED-4ABF0E42E504", versionEndExcluding: "2.7.3.22", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbr20:-:*:*:*:*:*:*:*", matchCriteriaId: "AE5DBD66-9C2A-4EFF-87AB-03E791D584B5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbr40_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "1FD3226E-1B9D-420E-AD7B-7D1DDC867D3F", versionEndExcluding: "2.7.3.22", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbr40:-:*:*:*:*:*:*:*", matchCriteriaId: "A9E20E59-2B1E-4E43-A494-2C20FD716D4F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbr50_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "C1AC74B5-C42B-40BC-8AF9-3E9E0C68084E", versionEndExcluding: "2.7.3.22", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbr50:-:*:*:*:*:*:*:*", matchCriteriaId: "B2CAEA32-6934-4743-9E6B-22D52AC5E7F8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbk12_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "EDB5A906-6623-4DE0-8A14-B0917F7242E2", versionEndExcluding: "2.7.3.22", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbk12:-:*:*:*:*:*:*:*", matchCriteriaId: "D5465A78-4826-4F72-9CBE-528CBF286A79", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbk20_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "A4021DFA-AEBD-4C6C-9793-48171990F8B3", versionEndExcluding: "2.7.3.22", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbk20:-:*:*:*:*:*:*:*", matchCriteriaId: "E6C9F31C-3E12-4787-9C9B-14883D9D152A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbk40_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "CA096BE4-3AE5-4AEA-B4C4-359D3A0C7F1E", versionEndExcluding: "2.7.3.22", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbk40:-:*:*:*:*:*:*:*", matchCriteriaId: "12DDD83C-6FF1-433F-ACA1-7B4B147F9A8C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbk50_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "455B1063-8507-4713-82B3-DB1BC4B22A21", versionEndExcluding: "2.7.3.22", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbk50:-:*:*:*:*:*:*:*", matchCriteriaId: "8BA66D07-D017-49D6-8E72-5C48E940DE1B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D7800 before 1.0.1.64, EX6250 before 1.0.0.134, EX7700 before 1.0.0.222, LBR20 before 2.6.3.50, RBS50Y before 2.7.3.22, R8900 before 1.0.5.26, R9000 before 1.0.5.26, XR450 before 2.3.2.66, XR500 before 2.3.2.66, XR700 before 1.0.1.36, EX7320 before 1.0.0.134, RAX120 before 1.2.2.24, EX7300v2 before 1.0.0.134, RAX120v2 before 1.2.2.24, EX6410 before 1.0.0.134, RBR10 before 2.7.3.22, RBR20 before 2.7.3.22, RBR40 before 2.7.3.22, RBR50 before 2.7.3.22, EX6420 before 1.0.0.134, RBS10 before 2.7.3.22, RBS20 before 2.7.3.22, RBS40 before 2.7.3.22, RBS50 before 2.7.3.22, EX6400v2 before 1.0.0.134, RBK12 before 2.7.3.22, RBK20 before 2.7.3.22, RBK40 before 2.7.3.22, and RBK50 before 2.7.3.22.", }, { lang: "es", value: "Determinados dispositivos NETGEAR están afectados por una configuración incorrecta de los ajustes de seguridad. Esto afecta a D7800 versiones anteriores a 1.0.1.64, EX6250 versiones anteriores a 1.0.0.134, EX7700 versiones anteriores a 1.0.0.222, LBR20 versiones anteriores a 2.6.3.50, RBS50Y versiones anteriores a 2.7.3.22, R8900 versiones anteriores a 1.0.5.26, R9000 versiones anteriores a 1.0. 5.26, XR450 versiones anteriores a 2.3.2.66, XR500 versiones anteriores a 2.3.2.66, XR700 versiones anteriores a 1.0.1.36, EX7320 versiones anteriores a 1.0.0.134, RAX120 versiones anteriores a 1.2.2.24, EX7300v2 versiones anteriores a 1.0.0.134, RAX120v2 versiones anteriores a 1.2.2. 24, EX6410 versiones anteriores a 1.0.0.134, RBR10 versiones anteriores a 2.7.3.22, RBR20 versiones anteriores a 2.7.3.22, RBR40 versiones anteriores a 2.7.3.22, RBR50 versiones anteriores a 2.7.3.22, EX6420 versiones anteriores a 1.0.0.134, RBS10 versiones anteriores a 2.7.3.22, RBS20 versiones anteriores a 2. 7.3.22, RBS40 versiones anteriores a 2.7.3.22, RBS50 versiones anteriores a 2.7.3.22, EX6400v2 versiones anteriores a 1.0.0.134, RBK12 versiones anteriores a 2.7.3.22, RBK20 versiones anteriores a 2.7.3.22, RBK40 versiones anteriores a 2.7.3.22 y RBK50 versiones anteriores a 2.7.3.22", }, ], id: "CVE-2021-45642", lastModified: "2024-11-21T06:32:45.523", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "LOW", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:L/I:H/A:L", version: "3.1", }, exploitabilityScore: 1.7, impactScore: 5.3, source: "cve@mitre.org", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-12-26T01:15:19.737", references: [ { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "https://kb.netgear.com/000064491/Security-Advisory-for-Security-Misconfiguration-on-Some-Routers-Extenders-and-WiFi-Systems-PSV-2020-0427", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://kb.netgear.com/000064491/Security-Advisory-for-Security-Misconfiguration-on-Some-Routers-Extenders-and-WiFi-Systems-PSV-2020-0427", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-03-05 20:15
Modified
2024-11-21 05:57
Severity ?
Summary
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R7800 firmware version 1.0.2.76. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of the rc_service parameter provided to apply_save.cgi. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-12355.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:br200_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "9680E98E-021B-4C71-AAA0-AEF49C6AD95F", versionEndExcluding: "5.10.0.5", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:br200:-:*:*:*:*:*:*:*", matchCriteriaId: "CED01605-09B9-417E-AE6F-1F62888A0C93", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:br500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "89EDAF30-2238-495C-920F-F32CC17C046B", versionEndExcluding: "5.10.0.5", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:br500:-:*:*:*:*:*:*:*", matchCriteriaId: "261C0D85-C951-4F0C-B9C4-0E42B15834EE", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d7800_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "6CBD5FC4-2EF7-49A9-8F23-C9398441E7BD", versionEndExcluding: "1.0.1.60", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d7800:-:*:*:*:*:*:*:*", matchCriteriaId: "DA2D4987-3726-4A72-8D32-592F59FAC46D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex6100v2_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "53C5C134-0778-4098-B8B4-F9589516C297", versionEndExcluding: "1.0.1.98", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex6100v2:-:*:*:*:*:*:*:*", matchCriteriaId: "4DCFF79A-8ACE-455B-90F3-FFC745E8BAD4", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex6150v2_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "597D1ED8-FE6A-4325-83AB-5CA544CFA1AF", versionEndExcluding: "1.0.1.98", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex6150v2:-:*:*:*:*:*:*:*", matchCriteriaId: "5828F04B-E373-4E4F-942D-08CCA038418C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex6250_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "F0F8C423-2E5C-4A50-AF7B-AC67C3771DD3", versionEndExcluding: "1.0.0.134", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex6250:-:*:*:*:*:*:*:*", matchCriteriaId: "B7694D0C-2CC6-4A6E-A251-5CBFC67D2AA9", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex6400_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "9A60E332-CA18-4617-B7C1-4BE82470DE34", versionEndExcluding: "1.0.2.158", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex6400:-:*:*:*:*:*:*:*", matchCriteriaId: "1289BBB4-1955-46A4-B5FE-BF11153C24F5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex6400v2_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "208CF907-B3ED-4A7D-BA5B-16A00F44683D", versionEndExcluding: "1.0.0.134", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex6400v2:-:*:*:*:*:*:*:*", matchCriteriaId: "5882095F-B22A-4937-BA08-6640140F10AE", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex6410_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "74ED019D-C07A-44BE-BD3E-30885C748DDA", versionEndExcluding: "1.0.0.134", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex6410:-:*:*:*:*:*:*:*", matchCriteriaId: "C63267D8-4632-4D14-B39C-BEEC62AD8F87", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex6420_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "34EB68F4-B710-47C9-A01B-A6361B185A19", versionEndExcluding: "1.0.0.134", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex6420:-:*:*:*:*:*:*:*", matchCriteriaId: "0B2C00E1-4A23-4304-B92F-B7D9F4818D90", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex7300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "374F6EAA-A607-4A8F-BA86-EA770BA99189", versionEndExcluding: "1.0.2.158", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex7300:-:*:*:*:*:*:*:*", matchCriteriaId: "F285D60D-A5DA-4467-8F79-15EF8135D007", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex7300v2_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "E02DD6E2-3A3E-4857-9761-1B40FFA4E755", versionEndExcluding: "1.0.0.134", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex7300v2:-:*:*:*:*:*:*:*", matchCriteriaId: "0A88D2A3-3B22-4639-94E9-69CE80F37392", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex7320_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "E53DAB63-389B-4B73-8F75-231320DC71C8", versionEndExcluding: "1.0.0.134", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex7320:-:*:*:*:*:*:*:*", matchCriteriaId: "A1D4DF51-84EA-4296-9E06-CE5E1F4A53D1", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex7700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D8DC1B77-994C-473C-AC97-7CC06341C607", versionEndExcluding: "1.0.0.216", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex7700:-:*:*:*:*:*:*:*", matchCriteriaId: "0D140E3B-9AE5-473A-82DE-9B9DBAE4C34A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex8000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "B4F00B47-FFC8-4D45-B49E-8347504A9A4C", versionEndExcluding: "1.0.1.232", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex8000:-:*:*:*:*:*:*:*", matchCriteriaId: "8D9781C9-799A-4BDA-A027-987627A01633", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:lbr20_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "37C80013-2E0F-459F-BE08-18D60B109AC0", versionEndExcluding: "2.6.3.50", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:lbr20:-:*:*:*:*:*:*:*", matchCriteriaId: "863E45EA-2DA0-4C9A-9B87-79E42B3FF97C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7800_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "3A43D307-64B1-46BF-8237-75518D1703CC", versionEndExcluding: "1.0.2.80", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7800:-:*:*:*:*:*:*:*", matchCriteriaId: "17CF7445-6950-45FE-9D1A-E23F63316329", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r8900_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "01F57C27-EB5A-4F3E-ADF7-684DF8860DA2", versionEndExcluding: "1.0.5.28", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r8900:-:*:*:*:*:*:*:*", matchCriteriaId: "0F859165-8D89-4CDD-9D48-9C7923D2261F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r9000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "8F67B805-17B5-4053-8399-0AFB2EF6E1D4", versionEndExcluding: "1.0.5.28", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r9000:-:*:*:*:*:*:*:*", matchCriteriaId: "D74F1BFC-562E-4E7D-BBAB-2F8B593B5A57", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbk12_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "2135FFEC-0437-43C6-B146-3EF43E1B007B", versionEndExcluding: "2.7.2.104", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbk12:-:*:*:*:*:*:*:*", matchCriteriaId: "D5465A78-4826-4F72-9CBE-528CBF286A79", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbk13_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "5A413E57-A780-486E-AF85-EE460C99D696", versionEndExcluding: "2.7.2.104", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbk13:-:*:*:*:*:*:*:*", matchCriteriaId: "783EEEE0-BB9A-4C54-82B2-046B1033091C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbk14_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "0E9B0ED1-3D84-44A6-BA37-E5F8D0EBCB10", versionEndExcluding: "2.7.2.104", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbk14:-:*:*:*:*:*:*:*", matchCriteriaId: "4CD91050-5FE0-4810-8E6F-EF9B9B2F02E9", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbk15_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "E19C965E-FA8D-4B42-BCB1-23788621DF45", versionEndExcluding: "2.7.2.104", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbk15:-:*:*:*:*:*:*:*", matchCriteriaId: "B801EC38-5B86-49F2-AB81-63F0F07A9BBE", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbk20_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "DAA4BD93-AE89-4506-936F-26C605685193", versionEndExcluding: "2.6.2.104", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbk20:-:*:*:*:*:*:*:*", matchCriteriaId: "E6C9F31C-3E12-4787-9C9B-14883D9D152A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbk23_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "33146BAB-5A18-4A1F-BDD8-3BB33200CDB2", versionEndExcluding: "2.7.2.104", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbk23:-:*:*:*:*:*:*:*", matchCriteriaId: "17D7D346-6F52-4473-A4EA-6059C177BF0F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbk40_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "85AD5F45-F940-4FB5-B4D4-E44D816A3449", versionEndExcluding: "2.6.2.104", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbk40:-:*:*:*:*:*:*:*", matchCriteriaId: "12DDD83C-6FF1-433F-ACA1-7B4B147F9A8C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbk43_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "564B0FDF-7159-42EA-9CAA-BEF791274915", versionEndExcluding: "2.6.2.104", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbk43:-:*:*:*:*:*:*:*", matchCriteriaId: "EC2B9C48-9FE6-462B-88EE-046F15E66430", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbk43s_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "998C6A17-5ADC-47F1-AF63-9B425143C086", versionEndExcluding: "2.6.2.104", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbk43s:-:*:*:*:*:*:*:*", matchCriteriaId: "A5604E66-E9CC-4B78-AF6A-2341B30E3594", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbk44_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "252643DB-46F7-41E9-96E0-0669DD486E5F", versionEndExcluding: "2.6.2.104", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbk44:-:*:*:*:*:*:*:*", matchCriteriaId: "1924FC8B-4031-4EA3-B214-AF6F77D94654", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbk50_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "1FBFA62B-2EBC-426A-98DC-235879902E72", versionEndExcluding: "2.7.2.104", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbk50:-:*:*:*:*:*:*:*", matchCriteriaId: "8BA66D07-D017-49D6-8E72-5C48E940DE1B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbk53_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "66034CFD-1303-4B90-AF70-18B7EDBEFE32", versionEndExcluding: "2.7.2.104", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbk53:-:*:*:*:*:*:*:*", matchCriteriaId: "CF03B2BB-34BB-4A0D-81CD-1841E524F885", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbr10_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "237758B3-C096-465F-95C4-EB3F9835D91F", versionEndExcluding: "2.6.2.104", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbr10:-:*:*:*:*:*:*:*", matchCriteriaId: "5DADAA79-9A5C-4B6F-A58D-704ACD1C3334", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbr20_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "217B0E6E-BCC9-4D12-ADD4-E2C65323018B", versionEndExcluding: "2.6.2.104", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbr20:-:*:*:*:*:*:*:*", matchCriteriaId: "AE5DBD66-9C2A-4EFF-87AB-03E791D584B5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbr40_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "C8E13FC6-D0BF-4674-8A3B-FF5D81B15059", versionEndExcluding: "2.6.2.104", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbr40:-:*:*:*:*:*:*:*", matchCriteriaId: "A9E20E59-2B1E-4E43-A494-2C20FD716D4F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbr50_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "82504AE8-4D6F-4A49-A611-FBFB303CD237", versionEndExcluding: "2.7.2.104", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbr50:-:*:*:*:*:*:*:*", matchCriteriaId: "B2CAEA32-6934-4743-9E6B-22D52AC5E7F8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbs10_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "41B066B3-37CD-4839-909B-A8EC636E5F11", versionEndExcluding: "2.6.2.104", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbs10:-:*:*:*:*:*:*:*", matchCriteriaId: "32BAB5C0-F645-4A90-833F-6345335FA1AF", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbs20_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "9CED8944-D61A-4FDA-A9DB-76CBED16F338", versionEndExcluding: "2.6.2.104", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbs20:-:*:*:*:*:*:*:*", matchCriteriaId: "14FC7F5B-7E4F-4A68-8427-D1F553EBE8CA", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbs40_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "BDAE8049-9102-4B4A-A2CF-B6A2F638B4E3", versionEndExcluding: "2.6.2.104", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbs40:-:*:*:*:*:*:*:*", matchCriteriaId: "6FDCDE39-0355-43B9-BF57-F3718DA2988D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbs50_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "0484BCA5-6DD3-43B9-BB83-24B6BF99C4AA", versionEndExcluding: "2.7.2.104", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbs50:-:*:*:*:*:*:*:*", matchCriteriaId: "3BCFD959-D522-4FA0-AD01-2937DAEE1EDF", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbs50y_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "56489CFF-D34F-4C66-B69B-FB2CE4333D75", versionEndExcluding: "2.6.2.104", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbs50y:-:*:*:*:*:*:*:*", matchCriteriaId: "27F93A76-6EFF-4DA6-9129-4792E2C125D4", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:xr450_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "FF01111F-8A37-4366-A63E-210E6CE0DB0E", versionEndExcluding: "2.3.2.114", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:xr450:-:*:*:*:*:*:*:*", matchCriteriaId: "66B9CE4D-D1EC-4F55-8226-D159CF5F3AB6", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:xr500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "4476F0C6-0A7D-4735-940C-F5C75316EEE9", versionEndExcluding: "2.3.2.114", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:xr500:-:*:*:*:*:*:*:*", matchCriteriaId: "9E203D92-F97B-4F5B-B395-3A5DEDBF1C1C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:xr700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "1D92A0CE-769D-402F-8FD7-BDD8DF247CFD", versionEndExcluding: "1.0.1.38", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:xr700:-:*:*:*:*:*:*:*", matchCriteriaId: "E12892C8-5E01-49A6-BF47-09D630377093", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R7800 firmware version 1.0.2.76. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of the rc_service parameter provided to apply_save.cgi. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-12355.", }, { lang: "es", value: "Esta vulnerabilidad permite a atacantes adyacentes a la red ejecutar código arbitrario en instalaciones afectadas de NETGEAR R7800 versión de firmware 1.0.2.76. Aunque es requerida una autenticación para explotar esta vulnerabilidad, el mecanismo de autentificación existente puede ser omitido. El fallo específico se presenta dentro del manejo del parámetro rc_service proporcionado para el archivo apply_save.cgi. El problema resulta de la falta de comprobación apropiada de una cadena suministrada por el usuario antes de usarla para ejecutar una llamada al sistema. Un atacante puede aprovechar esta vulnerabilidad para ejecutar código en el contexto de root. Era ZDI-CAN-12355", }, ], id: "CVE-2021-27256", lastModified: "2024-11-21T05:57:42.160", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 8.3, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:A/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 6.5, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "zdi-disclosures@trendmicro.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-03-05T20:15:12.550", references: [ { source: "zdi-disclosures@trendmicro.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://kb.netgear.com/000062883/Security-Advisory-for-Multiple-Vulnerabilities-on-Some-Routers-Satellites-and-Extenders", }, { source: "zdi-disclosures@trendmicro.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-21-262/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://kb.netgear.com/000062883/Security-Advisory-for-Multiple-Vulnerabilities-on-Some-Routers-Satellites-and-Extenders", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-21-262/", }, ], sourceIdentifier: "zdi-disclosures@trendmicro.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-78", }, ], source: "zdi-disclosures@trendmicro.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-04-14 16:15
Modified
2024-11-21 05:57
Severity ?
Summary
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R7800 firmware version 1.0.2.76. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the vendor_specific DHCP opcode. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-12216.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:br200_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "9680E98E-021B-4C71-AAA0-AEF49C6AD95F", versionEndExcluding: "5.10.0.5", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:br200:-:*:*:*:*:*:*:*", matchCriteriaId: "CED01605-09B9-417E-AE6F-1F62888A0C93", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:br500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "89EDAF30-2238-495C-920F-F32CC17C046B", versionEndExcluding: "5.10.0.5", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:br500:-:*:*:*:*:*:*:*", matchCriteriaId: "261C0D85-C951-4F0C-B9C4-0E42B15834EE", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d7800_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "6CBD5FC4-2EF7-49A9-8F23-C9398441E7BD", versionEndExcluding: "1.0.1.60", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d7800:-:*:*:*:*:*:*:*", matchCriteriaId: "DA2D4987-3726-4A72-8D32-592F59FAC46D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex6100v2_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "53C5C134-0778-4098-B8B4-F9589516C297", versionEndExcluding: "1.0.1.98", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex6100:v2:*:*:*:*:*:*:*", matchCriteriaId: "88DD070C-7CBD-48A5-8D77-7C3D1C502D65", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex6150_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "0EF79426-64C8-4FAB-A199-AB7CB82FCD53", versionEndExcluding: "1.0.1.98", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex6150:v2:*:*:*:*:*:*:*", matchCriteriaId: "49846803-C6FB-4DD3-ADA7-78B9923536F2", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex6250_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "F0F8C423-2E5C-4A50-AF7B-AC67C3771DD3", versionEndExcluding: "1.0.0.134", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex6250:-:*:*:*:*:*:*:*", matchCriteriaId: "B7694D0C-2CC6-4A6E-A251-5CBFC67D2AA9", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex6400_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "9A60E332-CA18-4617-B7C1-4BE82470DE34", versionEndExcluding: "1.0.2.158", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex6400:-:*:*:*:*:*:*:*", matchCriteriaId: "1289BBB4-1955-46A4-B5FE-BF11153C24F5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex6400v2_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "208CF907-B3ED-4A7D-BA5B-16A00F44683D", versionEndExcluding: "1.0.0.134", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex6400:v2:*:*:*:*:*:*:*", matchCriteriaId: "946947C2-E4B2-4984-9233-4D4890E1BE07", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex6410_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "74ED019D-C07A-44BE-BD3E-30885C748DDA", versionEndExcluding: "1.0.0.134", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex6410:-:*:*:*:*:*:*:*", matchCriteriaId: "C63267D8-4632-4D14-B39C-BEEC62AD8F87", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex6420_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "34EB68F4-B710-47C9-A01B-A6361B185A19", versionEndExcluding: "1.0.0.134", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex6420:-:*:*:*:*:*:*:*", matchCriteriaId: "0B2C00E1-4A23-4304-B92F-B7D9F4818D90", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex7300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "374F6EAA-A607-4A8F-BA86-EA770BA99189", versionEndExcluding: "1.0.2.158", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex7300:-:*:*:*:*:*:*:*", matchCriteriaId: "F285D60D-A5DA-4467-8F79-15EF8135D007", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex7300v2_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "E02DD6E2-3A3E-4857-9761-1B40FFA4E755", versionEndExcluding: "1.0.0.134", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex7300:v2:*:*:*:*:*:*:*", matchCriteriaId: "A44B9FAB-7EC4-4B2B-B3E5-A372645AE661", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex7320_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "E53DAB63-389B-4B73-8F75-231320DC71C8", versionEndExcluding: "1.0.0.134", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex7320:-:*:*:*:*:*:*:*", matchCriteriaId: "A1D4DF51-84EA-4296-9E06-CE5E1F4A53D1", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex7700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D8DC1B77-994C-473C-AC97-7CC06341C607", versionEndExcluding: "1.0.0.216", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex7700:-:*:*:*:*:*:*:*", matchCriteriaId: "0D140E3B-9AE5-473A-82DE-9B9DBAE4C34A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex8000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "B4F00B47-FFC8-4D45-B49E-8347504A9A4C", versionEndExcluding: "1.0.1.232", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex8000:-:*:*:*:*:*:*:*", matchCriteriaId: "8D9781C9-799A-4BDA-A027-987627A01633", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:lbr20_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "37C80013-2E0F-459F-BE08-18D60B109AC0", versionEndExcluding: "2.6.3.50", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:lbr20:-:*:*:*:*:*:*:*", matchCriteriaId: "863E45EA-2DA0-4C9A-9B87-79E42B3FF97C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7800_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "3A43D307-64B1-46BF-8237-75518D1703CC", versionEndExcluding: "1.0.2.80", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7800:-:*:*:*:*:*:*:*", matchCriteriaId: "17CF7445-6950-45FE-9D1A-E23F63316329", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r8900_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "01F57C27-EB5A-4F3E-ADF7-684DF8860DA2", versionEndExcluding: "1.0.5.28", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r8900:-:*:*:*:*:*:*:*", matchCriteriaId: "0F859165-8D89-4CDD-9D48-9C7923D2261F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r9000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "8F67B805-17B5-4053-8399-0AFB2EF6E1D4", versionEndExcluding: "1.0.5.28", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r9000:-:*:*:*:*:*:*:*", matchCriteriaId: "D74F1BFC-562E-4E7D-BBAB-2F8B593B5A57", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbk12_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "2135FFEC-0437-43C6-B146-3EF43E1B007B", versionEndExcluding: "2.7.2.104", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbk12:-:*:*:*:*:*:*:*", matchCriteriaId: "D5465A78-4826-4F72-9CBE-528CBF286A79", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbk13_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "5A413E57-A780-486E-AF85-EE460C99D696", versionEndExcluding: "2.7.2.104", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbk13:-:*:*:*:*:*:*:*", matchCriteriaId: "783EEEE0-BB9A-4C54-82B2-046B1033091C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbk14_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "0E9B0ED1-3D84-44A6-BA37-E5F8D0EBCB10", versionEndExcluding: "2.7.2.104", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbk14:-:*:*:*:*:*:*:*", matchCriteriaId: "4CD91050-5FE0-4810-8E6F-EF9B9B2F02E9", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbk15_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "E19C965E-FA8D-4B42-BCB1-23788621DF45", versionEndExcluding: "2.7.2.104", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbk15:-:*:*:*:*:*:*:*", matchCriteriaId: "B801EC38-5B86-49F2-AB81-63F0F07A9BBE", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbk20_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "DAA4BD93-AE89-4506-936F-26C605685193", versionEndExcluding: "2.6.2.104", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbk20:-:*:*:*:*:*:*:*", matchCriteriaId: "E6C9F31C-3E12-4787-9C9B-14883D9D152A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbk23_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "33146BAB-5A18-4A1F-BDD8-3BB33200CDB2", versionEndExcluding: "2.7.2.104", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbk23:-:*:*:*:*:*:*:*", matchCriteriaId: "17D7D346-6F52-4473-A4EA-6059C177BF0F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbk40_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "85AD5F45-F940-4FB5-B4D4-E44D816A3449", versionEndExcluding: "2.6.2.104", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbk40:-:*:*:*:*:*:*:*", matchCriteriaId: "12DDD83C-6FF1-433F-ACA1-7B4B147F9A8C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbk43_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "564B0FDF-7159-42EA-9CAA-BEF791274915", versionEndExcluding: "2.6.2.104", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbk43:-:*:*:*:*:*:*:*", matchCriteriaId: "EC2B9C48-9FE6-462B-88EE-046F15E66430", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbk43s_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "998C6A17-5ADC-47F1-AF63-9B425143C086", versionEndExcluding: "2.6.2.104", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbk43s:-:*:*:*:*:*:*:*", matchCriteriaId: "A5604E66-E9CC-4B78-AF6A-2341B30E3594", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbk44_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "252643DB-46F7-41E9-96E0-0669DD486E5F", versionEndExcluding: "2.6.2.104", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbk44:-:*:*:*:*:*:*:*", matchCriteriaId: "1924FC8B-4031-4EA3-B214-AF6F77D94654", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbk50_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "1FBFA62B-2EBC-426A-98DC-235879902E72", versionEndExcluding: "2.7.2.104", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbk50:-:*:*:*:*:*:*:*", matchCriteriaId: "8BA66D07-D017-49D6-8E72-5C48E940DE1B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbk53_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "66034CFD-1303-4B90-AF70-18B7EDBEFE32", versionEndExcluding: "2.7.2.104", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbk53:-:*:*:*:*:*:*:*", matchCriteriaId: "CF03B2BB-34BB-4A0D-81CD-1841E524F885", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbr10_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "237758B3-C096-465F-95C4-EB3F9835D91F", versionEndExcluding: "2.6.2.104", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbr10:-:*:*:*:*:*:*:*", matchCriteriaId: "5DADAA79-9A5C-4B6F-A58D-704ACD1C3334", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbr20_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "217B0E6E-BCC9-4D12-ADD4-E2C65323018B", versionEndExcluding: "2.6.2.104", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbr20:-:*:*:*:*:*:*:*", matchCriteriaId: "AE5DBD66-9C2A-4EFF-87AB-03E791D584B5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbr40_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "C8E13FC6-D0BF-4674-8A3B-FF5D81B15059", versionEndExcluding: "2.6.2.104", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbr40:-:*:*:*:*:*:*:*", matchCriteriaId: "A9E20E59-2B1E-4E43-A494-2C20FD716D4F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbr50_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "82504AE8-4D6F-4A49-A611-FBFB303CD237", versionEndExcluding: "2.7.2.104", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbr50:-:*:*:*:*:*:*:*", matchCriteriaId: "B2CAEA32-6934-4743-9E6B-22D52AC5E7F8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbs10_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "41B066B3-37CD-4839-909B-A8EC636E5F11", versionEndExcluding: "2.6.2.104", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbs10:-:*:*:*:*:*:*:*", matchCriteriaId: "32BAB5C0-F645-4A90-833F-6345335FA1AF", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbs20_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "9CED8944-D61A-4FDA-A9DB-76CBED16F338", versionEndExcluding: "2.6.2.104", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbs20:-:*:*:*:*:*:*:*", matchCriteriaId: "14FC7F5B-7E4F-4A68-8427-D1F553EBE8CA", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbs40_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "BDAE8049-9102-4B4A-A2CF-B6A2F638B4E3", versionEndExcluding: "2.6.2.104", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbs40:-:*:*:*:*:*:*:*", matchCriteriaId: "6FDCDE39-0355-43B9-BF57-F3718DA2988D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbs50_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "0484BCA5-6DD3-43B9-BB83-24B6BF99C4AA", versionEndExcluding: "2.7.2.104", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbs50:-:*:*:*:*:*:*:*", matchCriteriaId: "3BCFD959-D522-4FA0-AD01-2937DAEE1EDF", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbs50y_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "56489CFF-D34F-4C66-B69B-FB2CE4333D75", versionEndExcluding: "2.6.2.104", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbs50y:-:*:*:*:*:*:*:*", matchCriteriaId: "27F93A76-6EFF-4DA6-9129-4792E2C125D4", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:xr450_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "FF01111F-8A37-4366-A63E-210E6CE0DB0E", versionEndExcluding: "2.3.2.114", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:xr450:-:*:*:*:*:*:*:*", matchCriteriaId: "66B9CE4D-D1EC-4F55-8226-D159CF5F3AB6", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:xr500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "4476F0C6-0A7D-4735-940C-F5C75316EEE9", versionEndExcluding: "2.3.2.114", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:xr500:-:*:*:*:*:*:*:*", matchCriteriaId: "9E203D92-F97B-4F5B-B395-3A5DEDBF1C1C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:xr700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "1D92A0CE-769D-402F-8FD7-BDD8DF247CFD", versionEndExcluding: "1.0.1.38", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:xr700:-:*:*:*:*:*:*:*", matchCriteriaId: "E12892C8-5E01-49A6-BF47-09D630377093", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R7800 firmware version 1.0.2.76. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the vendor_specific DHCP opcode. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-12216.", }, { lang: "es", value: "Esta vulnerabilidad permite a atacantes adyacentes a la red ejecutar código arbitrario en las instalaciones afectadas de NETGEAR R7800 versiones de firmware 1.0.2.76. No es requerida una autenticación para explotar esta vulnerabilidad. El fallo específico se presenta dentro del manejo del código de operación DHCP específico del proveedor. El problema resulta de una falta de comprobación apropiada de una cadena suministrada por el usuario antes de usarla para ejecutar una llamada al sistema. Un atacante puede aprovechar esta vulnerabilidad para ejecutar código en el contexto de root. Era ZDI-CAN-12216", }, ], id: "CVE-2021-27252", lastModified: "2024-11-21T05:57:41.453", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 8.3, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:A/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 6.5, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "zdi-disclosures@trendmicro.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-04-14T16:15:13.737", references: [ { source: "zdi-disclosures@trendmicro.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://kb.netgear.com/000062883/Security-Advisory-for-Multiple-Vulnerabilities-on-Some-Routers-Satellites-and-Extenders", }, { source: "zdi-disclosures@trendmicro.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-21-248/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://kb.netgear.com/000062883/Security-Advisory-for-Multiple-Vulnerabilities-on-Some-Routers-Satellites-and-Extenders", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-21-248/", }, ], sourceIdentifier: "zdi-disclosures@trendmicro.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-78", }, ], source: "zdi-disclosures@trendmicro.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-12-26 01:15
Modified
2024-11-21 06:32
Severity ?
3.1 (Low) - CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
Certain NETGEAR devices are affected by disclosure of sensitive information. This affects EX6100v2 before 1.0.1.106, EX6150v2 before 1.0.1.106, EX6250 before 1.0.0.146, EX6400 before 1.0.2.164, EX6400v2 before 1.0.0.146, EX6410 before 1.0.0.146, EX6420 before 1.0.0.146, EX7300 before 1.0.2.164, EX7300v2 before 1.0.0.146, EX7320 before 1.0.0.146, EX7700 before 1.0.0.222, LBR1020 before 2.6.5.16, LBR20 before 2.6.5.2, RBK352 before 4.3.4.7, RBK50 before 2.7.3.22, RBR350 before 4.3.4.7, RBR50 before 2.7.3.22, and RBS350 before 4.3.4.7.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netgear | ex6100v2_firmware | * | |
| netgear | ex6100v2 | - | |
| netgear | ex6150v2_firmware | * | |
| netgear | ex6150v2 | - | |
| netgear | ex6250_firmware | * | |
| netgear | ex6250 | - | |
| netgear | ex6400_firmware | * | |
| netgear | ex6400 | - | |
| netgear | ex6400v2_firmware | * | |
| netgear | ex6400v2 | - | |
| netgear | ex6410_firmware | * | |
| netgear | ex6410 | - | |
| netgear | ex6420_firmware | * | |
| netgear | ex6420 | - | |
| netgear | ex7300_firmware | * | |
| netgear | ex7300 | - | |
| netgear | ex7300v2_firmware | * | |
| netgear | ex7300v2 | - | |
| netgear | ex7320_firmware | * | |
| netgear | ex7320 | - | |
| netgear | ex7700_firmware | * | |
| netgear | ex7700 | - | |
| netgear | lbr1020_firmware | * | |
| netgear | lbr1020 | - | |
| netgear | lbr20_firmware | * | |
| netgear | lbr20 | - | |
| netgear | rbk352_firmware | * | |
| netgear | rbk352 | - | |
| netgear | rbk50_firmware | * | |
| netgear | rbk50 | - | |
| netgear | rbr350_firmware | * | |
| netgear | rbr350 | - | |
| netgear | rbr50_firmware | * | |
| netgear | rbr50 | - | |
| netgear | rbs350_firmware | * | |
| netgear | rbs350 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex6100v2_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "9448185F-D941-447D-B90E-2E69CB60E739", versionEndExcluding: "1.0.1.106", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex6100v2:-:*:*:*:*:*:*:*", matchCriteriaId: "4DCFF79A-8ACE-455B-90F3-FFC745E8BAD4", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex6150v2_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "7E4E9866-2B10-44B6-BB6E-EC1B77E08EC3", versionEndExcluding: "1.0.1.106", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex6150v2:-:*:*:*:*:*:*:*", matchCriteriaId: "5828F04B-E373-4E4F-942D-08CCA038418C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex6250_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "CAD1DF05-2F79-4334-83EF-D0EAEB5BCDA8", versionEndExcluding: "1.0.0.146", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex6250:-:*:*:*:*:*:*:*", matchCriteriaId: "B7694D0C-2CC6-4A6E-A251-5CBFC67D2AA9", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex6400_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "BB6C6DF7-00B6-458E-BC69-A8F1EA94F034", versionEndExcluding: "1.0.2.164", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex6400:-:*:*:*:*:*:*:*", matchCriteriaId: "1289BBB4-1955-46A4-B5FE-BF11153C24F5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex6400v2_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "834234D5-E773-4950-96E0-E4451DCDE206", versionEndExcluding: "1.0.0.146", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex6400v2:-:*:*:*:*:*:*:*", matchCriteriaId: "5882095F-B22A-4937-BA08-6640140F10AE", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex6410_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "971A6ED9-90D3-4DBD-A5D6-7788C66E9905", versionEndExcluding: "1.0.0.146", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex6410:-:*:*:*:*:*:*:*", matchCriteriaId: "C63267D8-4632-4D14-B39C-BEEC62AD8F87", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex6420_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "E3F5F41F-15DC-4FD4-BDA7-9351EF922C51", versionEndExcluding: "1.0.0.146", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex6420:-:*:*:*:*:*:*:*", matchCriteriaId: "0B2C00E1-4A23-4304-B92F-B7D9F4818D90", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex7300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "E2794682-2094-4FB4-A968-A914138F3143", versionEndExcluding: "1.0.2.164", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex7300:-:*:*:*:*:*:*:*", matchCriteriaId: "F285D60D-A5DA-4467-8F79-15EF8135D007", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex7300v2_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "0C26D833-D61A-4AE8-BA31-59E991292CB4", versionEndExcluding: "1.0.0.146", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex7300v2:-:*:*:*:*:*:*:*", matchCriteriaId: "0A88D2A3-3B22-4639-94E9-69CE80F37392", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex7320_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "158F6EF8-613F-4EF7-95CE-D285E05FC135", versionEndExcluding: "1.0.0.146", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex7320:-:*:*:*:*:*:*:*", matchCriteriaId: "A1D4DF51-84EA-4296-9E06-CE5E1F4A53D1", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex7700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "037B3306-22A2-4072-80AC-7CB3FC39BC6F", versionEndExcluding: "1.0.0.222", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex7700:-:*:*:*:*:*:*:*", matchCriteriaId: "0D140E3B-9AE5-473A-82DE-9B9DBAE4C34A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:lbr1020_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "F5A78D3C-13F1-4ABA-B26D-96F50E245520", versionEndExcluding: "2.6.5.16", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:lbr1020:-:*:*:*:*:*:*:*", matchCriteriaId: "953F0743-4B34-4CE9-815E-D87253720CBE", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:lbr20_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D3441E02-8A61-43C5-AD92-F6D5A5C3DB66", versionEndExcluding: "2.6.5.2", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:lbr20:-:*:*:*:*:*:*:*", matchCriteriaId: "863E45EA-2DA0-4C9A-9B87-79E42B3FF97C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbk352_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "DD2667C9-3B5F-42EB-89BE-01E628DDC326", versionEndExcluding: "4.3.4.7", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbk352:-:*:*:*:*:*:*:*", matchCriteriaId: "E33DA6FB-9AEE-44DA-9FAA-164E145D8C4B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbk50_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "455B1063-8507-4713-82B3-DB1BC4B22A21", versionEndExcluding: "2.7.3.22", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbk50:-:*:*:*:*:*:*:*", matchCriteriaId: "8BA66D07-D017-49D6-8E72-5C48E940DE1B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbr350_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "9D56EF24-F7D3-42E4-B783-87EBAA9088BB", versionEndExcluding: "4.3.4.7", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbr350:-:*:*:*:*:*:*:*", matchCriteriaId: "C967BD79-D46C-4E73-9063-394454C33180", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbr50_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "C1AC74B5-C42B-40BC-8AF9-3E9E0C68084E", versionEndExcluding: "2.7.3.22", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbr50:-:*:*:*:*:*:*:*", matchCriteriaId: "B2CAEA32-6934-4743-9E6B-22D52AC5E7F8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbs350_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "8DDD5366-ED77-49B4-BC8B-B4AECB9A5A9C", versionEndExcluding: "4.3.4.7", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbs350:-:*:*:*:*:*:*:*", matchCriteriaId: "D69C0384-012F-4F3C-B5B2-EE2087C8187D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by disclosure of sensitive information. This affects EX6100v2 before 1.0.1.106, EX6150v2 before 1.0.1.106, EX6250 before 1.0.0.146, EX6400 before 1.0.2.164, EX6400v2 before 1.0.0.146, EX6410 before 1.0.0.146, EX6420 before 1.0.0.146, EX7300 before 1.0.2.164, EX7300v2 before 1.0.0.146, EX7320 before 1.0.0.146, EX7700 before 1.0.0.222, LBR1020 before 2.6.5.16, LBR20 before 2.6.5.2, RBK352 before 4.3.4.7, RBK50 before 2.7.3.22, RBR350 before 4.3.4.7, RBR50 before 2.7.3.22, and RBS350 before 4.3.4.7.", }, { lang: "es", value: "Determinados dispositivos NETGEAR están afectados por una divulgación de información confidencial. Esto afecta a EX6100v2 versiones anteriores a 1.0.1.106, a EX6150v2 versiones anteriores a 1.0.1.106, a EX6250 versiones anteriores a 1.0.0.146, a EX6400 versiones anteriores a 1.0.2.164, a EX6400v2 versiones anteriores a 1.0.0.146, a EX6410 versiones anteriores a 1.0.0.146, a EX6420 versiones anteriores a 1.0.0.146, a EX7300 versiones anteriores a 1.0.2.164, a EX7300v2 versiones anteriores a 1.0.0.146 y a EX7300v2 versiones anteriores a 1.0.2.164. 0.0.146, EX7320 versiones anteriores a 1.0.0.146, EX7700 versiones anteriores a 1.0.0.222, LBR1020 versiones anteriores a 2.6.5.16, LBR20 versiones anteriores a 2.6.5.2, RBK352 versiones anteriores a 4.3.4.7, RBK50 versiones anteriores a 2.7.3.22, RBR350 versiones anteriores a 4.3.4.7, RBR50 versiones anteriores a 2.7.3.22 y RBS350 versiones anteriores a 4.3.4.7", }, ], id: "CVE-2021-45648", lastModified: "2024-11-21T06:32:46.740", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "ADJACENT_NETWORK", availabilityImpact: "NONE", baseScore: 3.1, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.6, impactScore: 1.4, source: "cve@mitre.org", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-12-26T01:15:20.010", references: [ { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "https://kb.netgear.com/000064494/Security-Advisory-for-Sensitive-Information-Disclosure-on-Some-Routers-Extenders-and-WiFi-Systems-PSV-2020-0453", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://kb.netgear.com/000064494/Security-Advisory-for-Sensitive-Information-Disclosure-on-Some-Routers-Extenders-and-WiFi-Systems-PSV-2020-0453", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-12-26 01:15
Modified
2024-11-21 06:32
Severity ?
6.1 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
Certain NETGEAR devices are affected by disclosure of sensitive information. A UPnP request reveals a device's serial number, which can be used for a password reset. This affects D7800 before 1.0.1.66, EX2700 before 1.0.1.68, WN3000RPv2 before 1.0.0.90, WN3000RPv3 before 1.0.2.100, LBR1020 before 2.6.5.20, LBR20 before 2.6.5.32, R6700AX before 1.0.10.110, R7800 before 1.0.2.86, R8900 before 1.0.5.38, R9000 before 1.0.5.38, RAX10 before 1.0.10.110, RAX120v1 before 1.2.3.28, RAX120v2 before 1.2.3.28, RAX70 before 1.0.10.110, RAX78 before 1.0.10.110, XR450 before 2.3.2.130, XR500 before 2.3.2.130, and XR700 before 1.0.1.46.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netgear | d7800_firmware | * | |
| netgear | d7800 | - | |
| netgear | ex2700_firmware | * | |
| netgear | ex2700 | - | |
| netgear | wn3000rpv2_firmware | * | |
| netgear | wn3000rpv2 | - | |
| netgear | wn3000rpv3_firmware | * | |
| netgear | wn3000rpv3 | - | |
| netgear | lbr1020_firmware | * | |
| netgear | lbr1020 | - | |
| netgear | lbr20_firmware | * | |
| netgear | lbr20 | - | |
| netgear | r6700ax_firmware | * | |
| netgear | r6700ax | - | |
| netgear | r7800_firmware | * | |
| netgear | r7800 | - | |
| netgear | r8900_firmware | * | |
| netgear | r8900 | - | |
| netgear | r9000_firmware | * | |
| netgear | r9000 | - | |
| netgear | rax10_firmware | * | |
| netgear | rax10 | - | |
| netgear | rax120v1_firmware | * | |
| netgear | rax120v1 | - | |
| netgear | rax120v2_firmware | * | |
| netgear | rax120v2 | - | |
| netgear | rax70_firmware | * | |
| netgear | rax70 | - | |
| netgear | rax78_firmware | * | |
| netgear | rax78 | - | |
| netgear | xr450_firmware | * | |
| netgear | xr450 | - | |
| netgear | xr500_firmware | * | |
| netgear | xr500 | - | |
| netgear | xr700_firmware | * | |
| netgear | xr700 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d7800_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "EBB7728E-4535-4A67-9F8F-3CD4FE29C4A9", versionEndExcluding: "1.0.1.66", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d7800:-:*:*:*:*:*:*:*", matchCriteriaId: "DA2D4987-3726-4A72-8D32-592F59FAC46D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex2700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "110B4669-7AA6-4444-BFEF-9F7DF5C40D0B", versionEndExcluding: "1.0.1.68", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex2700:-:*:*:*:*:*:*:*", matchCriteriaId: "5341B659-DE7D-43F1-954D-82049CBE18AD", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wn3000rpv2_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "A7305D0F-6995-411B-BDF6-106102C717AB", versionEndExcluding: "1.0.0.90", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wn3000rpv2:-:*:*:*:*:*:*:*", matchCriteriaId: "50BC8FA2-F9D5-4286-97DD-BD2A55EA234D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wn3000rpv3_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "28C0758E-2793-4342-AEA0-DA7F49C4A38E", versionEndExcluding: "1.0.2.100", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wn3000rpv3:-:*:*:*:*:*:*:*", matchCriteriaId: "958243A2-6829-464F-80EA-7DD5B6F0DD7A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:lbr1020_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "05E6F6DD-5CC6-426B-92F5-34B9A8525810", versionEndExcluding: "2.6.5.20", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:lbr1020:-:*:*:*:*:*:*:*", matchCriteriaId: "953F0743-4B34-4CE9-815E-D87253720CBE", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:lbr20_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "8AAD88A5-E90E-4A96-BE01-DF14ADC44881", versionEndExcluding: "2.6.5.32", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:lbr20:-:*:*:*:*:*:*:*", matchCriteriaId: "863E45EA-2DA0-4C9A-9B87-79E42B3FF97C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6700ax_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "C65624DD-9DDF-4167-89D9-8629587082A6", versionEndExcluding: "1.0.10.110", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6700ax:-:*:*:*:*:*:*:*", matchCriteriaId: "F9B37178-0C67-4EF0-A9B8-5BB5B9DBFB8F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7800_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "76FAB8C7-79BA-4592-AF47-198D3EE48DCF", versionEndExcluding: "1.0.2.86", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7800:-:*:*:*:*:*:*:*", matchCriteriaId: "17CF7445-6950-45FE-9D1A-E23F63316329", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r8900_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "13593203-FB80-4BDA-96CC-AAE5C33E560A", versionEndExcluding: "1.0.5.38", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r8900:-:*:*:*:*:*:*:*", matchCriteriaId: "0F859165-8D89-4CDD-9D48-9C7923D2261F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r9000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "4D90EEE2-4D7C-46ED-9DF4-C232F30D97ED", versionEndExcluding: "1.0.5.38", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r9000:-:*:*:*:*:*:*:*", matchCriteriaId: "D74F1BFC-562E-4E7D-BBAB-2F8B593B5A57", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rax10_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "FB930C5E-4232-4212-AFEB-A4D0904F2B22", versionEndExcluding: "1.0.10.110", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rax10:-:*:*:*:*:*:*:*", matchCriteriaId: "1742F1BB-3D78-4E5E-9479-6614A56B4700", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rax120v1_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "E370208B-8A35-4F76-8C79-BD5F1ABECA4D", versionEndExcluding: "1.2.3.28", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rax120v1:-:*:*:*:*:*:*:*", matchCriteriaId: "774148F4-42EA-4F2A-98AB-1511DAB5774A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rax120v2_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "91CED146-E9DC-4F73-A2CF-A6D78F29D0F7", versionEndExcluding: "1.2.3.28", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rax120v2:-:*:*:*:*:*:*:*", matchCriteriaId: "50D741E6-43F9-4BDC-B1A4-281AC73A7C19", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rax70_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "EE615E08-904D-4DD5-835F-CE48B6D87650", versionEndExcluding: "1.0.10.110", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rax70:-:*:*:*:*:*:*:*", matchCriteriaId: "AE1314C3-4950-4F5A-9900-789710CE7F98", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rax78_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "A4940E3E-2320-4B73-B5DB-DDB7BE410EF0", versionEndExcluding: "1.0.10.110", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rax78:-:*:*:*:*:*:*:*", matchCriteriaId: "EABDFEEF-228C-429E-9B80-B6A0CA7D5AA9", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:xr450_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "1EC1DFC6-B5A7-486B-BD50-BB79B3FF368A", versionEndExcluding: "2.3.2.130", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:xr450:-:*:*:*:*:*:*:*", matchCriteriaId: "66B9CE4D-D1EC-4F55-8226-D159CF5F3AB6", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:xr500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "E50B1D80-6C4A-488D-8CAC-638DFFE23E6F", versionEndExcluding: "2.3.2.130", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:xr500:-:*:*:*:*:*:*:*", matchCriteriaId: "9E203D92-F97B-4F5B-B395-3A5DEDBF1C1C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:xr700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "E3539C94-0B31-48FC-A432-3DC3E4E0CBBC", versionEndExcluding: "1.0.1.46", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:xr700:-:*:*:*:*:*:*:*", matchCriteriaId: "E12892C8-5E01-49A6-BF47-09D630377093", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by disclosure of sensitive information. A UPnP request reveals a device's serial number, which can be used for a password reset. This affects D7800 before 1.0.1.66, EX2700 before 1.0.1.68, WN3000RPv2 before 1.0.0.90, WN3000RPv3 before 1.0.2.100, LBR1020 before 2.6.5.20, LBR20 before 2.6.5.32, R6700AX before 1.0.10.110, R7800 before 1.0.2.86, R8900 before 1.0.5.38, R9000 before 1.0.5.38, RAX10 before 1.0.10.110, RAX120v1 before 1.2.3.28, RAX120v2 before 1.2.3.28, RAX70 before 1.0.10.110, RAX78 before 1.0.10.110, XR450 before 2.3.2.130, XR500 before 2.3.2.130, and XR700 before 1.0.1.46.", }, { lang: "es", value: "Determinados dispositivos NETGEAR están afectados por una divulgación de información confidencial. Una petición UPnP revela el número de serie de un dispositivo, que puede ser usado para restablecer la contraseña. Esto afecta a D7800 versiones anteriores a 1.0.1.66, a EX2700 versiones anteriores a 1.0.1.68, al WN3000RPv2 versiones anteriores a 1.0.0.90, al WN3000RPv3 versiones anteriores a 1.0.2.100, a LBR1020 versiones anteriores a 2.6.5.20, a LBR20 versiones anteriores a 2.6.5.32, a R6700AX versiones anteriores a 1.0.10.110, a R7800 versiones anteriores a 1.0.2.86, a R8900 versiones anteriores a 1. 0.5.38, R9000 versiones anteriores a 1.0.5.38, RAX10 versiones anteriores a 1.0.10.110, RAX120v1 versiones anteriores a 1.2.3.28, RAX120v2 versiones anteriores a 1.2.3.28, RAX70 versiones anteriores a 1.0.10.110, RAX78 versiones anteriores a 1.0.10.110, XR450 versiones anteriores a 2.3.2.130, XR500 versiones anteriores a 2.3.2.130 y XR700 versiones anteriores a 1.0.1.46", }, ], id: "CVE-2021-45603", lastModified: "2024-11-21T06:32:38.527", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "NONE", baseScore: 2.1, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:L/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 4.2, source: "cve@mitre.org", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-12-26T01:15:17.853", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://immersivelabs.com/resources/blog/netgear-vulnerabilities-could-put-small-business-routers-at-risk/", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "https://kb.netgear.com/000064407/Security-Advisory-for-Post-Authentication-Command-Injection-Sensitive-Information-Disclosure-on-Multiple-Products-PSV-2021-0169-PSV-2021-0171", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://immersivelabs.com/resources/blog/netgear-vulnerabilities-could-put-small-business-routers-at-risk/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://kb.netgear.com/000064407/Security-Advisory-for-Post-Authentication-Command-Injection-Sensitive-Information-Disclosure-on-Multiple-Products-PSV-2021-0169-PSV-2021-0171", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-03-05 20:15
Modified
2024-11-21 05:57
Severity ?
Summary
This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of NETGEAR R7800 firmware version 1.0.2.76. Authentication is not required to exploit this vulnerability. The specific flaw exists within the downloading of files via FTP. The issue results from the lack of proper validation of the certificate presented by the server. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-12362.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:br200_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "9680E98E-021B-4C71-AAA0-AEF49C6AD95F", versionEndExcluding: "5.10.0.5", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:br200:-:*:*:*:*:*:*:*", matchCriteriaId: "CED01605-09B9-417E-AE6F-1F62888A0C93", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:br500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "89EDAF30-2238-495C-920F-F32CC17C046B", versionEndExcluding: "5.10.0.5", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:br500:-:*:*:*:*:*:*:*", matchCriteriaId: "261C0D85-C951-4F0C-B9C4-0E42B15834EE", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d7800_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "6CBD5FC4-2EF7-49A9-8F23-C9398441E7BD", versionEndExcluding: "1.0.1.60", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d7800:-:*:*:*:*:*:*:*", matchCriteriaId: "DA2D4987-3726-4A72-8D32-592F59FAC46D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex6100v2_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "53C5C134-0778-4098-B8B4-F9589516C297", versionEndExcluding: "1.0.1.98", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex6100v2:-:*:*:*:*:*:*:*", matchCriteriaId: "4DCFF79A-8ACE-455B-90F3-FFC745E8BAD4", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex6150v2_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "597D1ED8-FE6A-4325-83AB-5CA544CFA1AF", versionEndExcluding: "1.0.1.98", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex6150v2:-:*:*:*:*:*:*:*", matchCriteriaId: "5828F04B-E373-4E4F-942D-08CCA038418C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex6250_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "F0F8C423-2E5C-4A50-AF7B-AC67C3771DD3", versionEndExcluding: "1.0.0.134", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex6250:-:*:*:*:*:*:*:*", matchCriteriaId: "B7694D0C-2CC6-4A6E-A251-5CBFC67D2AA9", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex6400_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "9A60E332-CA18-4617-B7C1-4BE82470DE34", versionEndExcluding: "1.0.2.158", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex6400:-:*:*:*:*:*:*:*", matchCriteriaId: "1289BBB4-1955-46A4-B5FE-BF11153C24F5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex6400v2_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "208CF907-B3ED-4A7D-BA5B-16A00F44683D", versionEndExcluding: "1.0.0.134", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex6400v2:-:*:*:*:*:*:*:*", matchCriteriaId: "5882095F-B22A-4937-BA08-6640140F10AE", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex6410_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "74ED019D-C07A-44BE-BD3E-30885C748DDA", versionEndExcluding: "1.0.0.134", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex6410:-:*:*:*:*:*:*:*", matchCriteriaId: "C63267D8-4632-4D14-B39C-BEEC62AD8F87", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex6420_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "34EB68F4-B710-47C9-A01B-A6361B185A19", versionEndExcluding: "1.0.0.134", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex6420:-:*:*:*:*:*:*:*", matchCriteriaId: "0B2C00E1-4A23-4304-B92F-B7D9F4818D90", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex7300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "374F6EAA-A607-4A8F-BA86-EA770BA99189", versionEndExcluding: "1.0.2.158", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex7300:-:*:*:*:*:*:*:*", matchCriteriaId: "F285D60D-A5DA-4467-8F79-15EF8135D007", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex7300v2_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "E02DD6E2-3A3E-4857-9761-1B40FFA4E755", versionEndExcluding: "1.0.0.134", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex7300v2:-:*:*:*:*:*:*:*", matchCriteriaId: "0A88D2A3-3B22-4639-94E9-69CE80F37392", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex7320_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "E53DAB63-389B-4B73-8F75-231320DC71C8", versionEndExcluding: "1.0.0.134", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex7320:-:*:*:*:*:*:*:*", matchCriteriaId: "A1D4DF51-84EA-4296-9E06-CE5E1F4A53D1", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex7700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D8DC1B77-994C-473C-AC97-7CC06341C607", versionEndExcluding: "1.0.0.216", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex7700:-:*:*:*:*:*:*:*", matchCriteriaId: "0D140E3B-9AE5-473A-82DE-9B9DBAE4C34A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex8000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "B4F00B47-FFC8-4D45-B49E-8347504A9A4C", versionEndExcluding: "1.0.1.232", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex8000:-:*:*:*:*:*:*:*", matchCriteriaId: "8D9781C9-799A-4BDA-A027-987627A01633", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:lbr20_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "37C80013-2E0F-459F-BE08-18D60B109AC0", versionEndExcluding: "2.6.3.50", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:lbr20:-:*:*:*:*:*:*:*", matchCriteriaId: "863E45EA-2DA0-4C9A-9B87-79E42B3FF97C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7800_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "3A43D307-64B1-46BF-8237-75518D1703CC", versionEndExcluding: "1.0.2.80", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7800:-:*:*:*:*:*:*:*", matchCriteriaId: "17CF7445-6950-45FE-9D1A-E23F63316329", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r8900_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "01F57C27-EB5A-4F3E-ADF7-684DF8860DA2", versionEndExcluding: "1.0.5.28", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r8900:-:*:*:*:*:*:*:*", matchCriteriaId: "0F859165-8D89-4CDD-9D48-9C7923D2261F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r9000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "8F67B805-17B5-4053-8399-0AFB2EF6E1D4", versionEndExcluding: "1.0.5.28", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r9000:-:*:*:*:*:*:*:*", matchCriteriaId: "D74F1BFC-562E-4E7D-BBAB-2F8B593B5A57", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbk12_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "2135FFEC-0437-43C6-B146-3EF43E1B007B", versionEndExcluding: "2.7.2.104", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbk12:-:*:*:*:*:*:*:*", matchCriteriaId: "D5465A78-4826-4F72-9CBE-528CBF286A79", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbk13_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "5A413E57-A780-486E-AF85-EE460C99D696", versionEndExcluding: "2.7.2.104", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbk13:-:*:*:*:*:*:*:*", matchCriteriaId: "783EEEE0-BB9A-4C54-82B2-046B1033091C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbk14_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "0E9B0ED1-3D84-44A6-BA37-E5F8D0EBCB10", versionEndExcluding: "2.7.2.104", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbk14:-:*:*:*:*:*:*:*", matchCriteriaId: "4CD91050-5FE0-4810-8E6F-EF9B9B2F02E9", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbk15_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "E19C965E-FA8D-4B42-BCB1-23788621DF45", versionEndExcluding: "2.7.2.104", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbk15:-:*:*:*:*:*:*:*", matchCriteriaId: "B801EC38-5B86-49F2-AB81-63F0F07A9BBE", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbk20_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "DAA4BD93-AE89-4506-936F-26C605685193", versionEndExcluding: "2.6.2.104", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbk20:-:*:*:*:*:*:*:*", matchCriteriaId: "E6C9F31C-3E12-4787-9C9B-14883D9D152A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbk23_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "33146BAB-5A18-4A1F-BDD8-3BB33200CDB2", versionEndExcluding: "2.7.2.104", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbk23:-:*:*:*:*:*:*:*", matchCriteriaId: "17D7D346-6F52-4473-A4EA-6059C177BF0F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbk40_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "85AD5F45-F940-4FB5-B4D4-E44D816A3449", versionEndExcluding: "2.6.2.104", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbk40:-:*:*:*:*:*:*:*", matchCriteriaId: "12DDD83C-6FF1-433F-ACA1-7B4B147F9A8C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbk43_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "564B0FDF-7159-42EA-9CAA-BEF791274915", versionEndExcluding: "2.6.2.104", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbk43:-:*:*:*:*:*:*:*", matchCriteriaId: "EC2B9C48-9FE6-462B-88EE-046F15E66430", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbk43s_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "998C6A17-5ADC-47F1-AF63-9B425143C086", versionEndExcluding: "2.6.2.104", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbk43s:-:*:*:*:*:*:*:*", matchCriteriaId: "A5604E66-E9CC-4B78-AF6A-2341B30E3594", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbk44_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "252643DB-46F7-41E9-96E0-0669DD486E5F", versionEndExcluding: "2.6.2.104", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbk44:-:*:*:*:*:*:*:*", matchCriteriaId: "1924FC8B-4031-4EA3-B214-AF6F77D94654", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbk50_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "1FBFA62B-2EBC-426A-98DC-235879902E72", versionEndExcluding: "2.7.2.104", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbk50:-:*:*:*:*:*:*:*", matchCriteriaId: "8BA66D07-D017-49D6-8E72-5C48E940DE1B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbk53_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "66034CFD-1303-4B90-AF70-18B7EDBEFE32", versionEndExcluding: "2.7.2.104", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbk53:-:*:*:*:*:*:*:*", matchCriteriaId: "CF03B2BB-34BB-4A0D-81CD-1841E524F885", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbr10_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "237758B3-C096-465F-95C4-EB3F9835D91F", versionEndExcluding: "2.6.2.104", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbr10:-:*:*:*:*:*:*:*", matchCriteriaId: "5DADAA79-9A5C-4B6F-A58D-704ACD1C3334", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbr20_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "217B0E6E-BCC9-4D12-ADD4-E2C65323018B", versionEndExcluding: "2.6.2.104", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbr20:-:*:*:*:*:*:*:*", matchCriteriaId: "AE5DBD66-9C2A-4EFF-87AB-03E791D584B5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbr40_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "C8E13FC6-D0BF-4674-8A3B-FF5D81B15059", versionEndExcluding: "2.6.2.104", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbr40:-:*:*:*:*:*:*:*", matchCriteriaId: "A9E20E59-2B1E-4E43-A494-2C20FD716D4F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbr50_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "82504AE8-4D6F-4A49-A611-FBFB303CD237", versionEndExcluding: "2.7.2.104", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbr50:-:*:*:*:*:*:*:*", matchCriteriaId: "B2CAEA32-6934-4743-9E6B-22D52AC5E7F8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbs10_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "41B066B3-37CD-4839-909B-A8EC636E5F11", versionEndExcluding: "2.6.2.104", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbs10:-:*:*:*:*:*:*:*", matchCriteriaId: "32BAB5C0-F645-4A90-833F-6345335FA1AF", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbs20_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "9CED8944-D61A-4FDA-A9DB-76CBED16F338", versionEndExcluding: "2.6.2.104", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbs20:-:*:*:*:*:*:*:*", matchCriteriaId: "14FC7F5B-7E4F-4A68-8427-D1F553EBE8CA", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbs40_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "BDAE8049-9102-4B4A-A2CF-B6A2F638B4E3", versionEndExcluding: "2.6.2.104", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbs40:-:*:*:*:*:*:*:*", matchCriteriaId: "6FDCDE39-0355-43B9-BF57-F3718DA2988D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbs50_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "0484BCA5-6DD3-43B9-BB83-24B6BF99C4AA", versionEndExcluding: "2.7.2.104", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbs50:-:*:*:*:*:*:*:*", matchCriteriaId: "3BCFD959-D522-4FA0-AD01-2937DAEE1EDF", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbs50y_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "56489CFF-D34F-4C66-B69B-FB2CE4333D75", versionEndExcluding: "2.6.2.104", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbs50y:-:*:*:*:*:*:*:*", matchCriteriaId: "27F93A76-6EFF-4DA6-9129-4792E2C125D4", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:xr450_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "FF01111F-8A37-4366-A63E-210E6CE0DB0E", versionEndExcluding: "2.3.2.114", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:xr450:-:*:*:*:*:*:*:*", matchCriteriaId: "66B9CE4D-D1EC-4F55-8226-D159CF5F3AB6", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:xr500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "4476F0C6-0A7D-4735-940C-F5C75316EEE9", versionEndExcluding: "2.3.2.114", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:xr500:-:*:*:*:*:*:*:*", matchCriteriaId: "9E203D92-F97B-4F5B-B395-3A5DEDBF1C1C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:xr700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "1D92A0CE-769D-402F-8FD7-BDD8DF247CFD", versionEndExcluding: "1.0.1.38", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:xr700:-:*:*:*:*:*:*:*", matchCriteriaId: "E12892C8-5E01-49A6-BF47-09D630377093", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of NETGEAR R7800 firmware version 1.0.2.76. Authentication is not required to exploit this vulnerability. The specific flaw exists within the downloading of files via FTP. The issue results from the lack of proper validation of the certificate presented by the server. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-12362.", }, { lang: "es", value: "Esta vulnerabilidad permite a atacantes adyacentes a la red comprometer la integridad de la información descargada en instalaciones afectadas de NETGEAR R7800 versión de firmware 1.0.2.76. No es requerida una autenticación para explotar esta vulnerabilidad. El fallo específico se presenta dentro de la descarga de archivos por medio de FTP. El problema resulta de la falta de comprobación apropiada del certificado presentado por el servidor. Un atacante puede aprovechar esto junto con otras vulnerabilidades para ejecutar código arbitrario en el contexto de root. Era ZDI-CAN-12362", }, ], id: "CVE-2021-27257", lastModified: "2024-11-21T05:57:42.320", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 3.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:A/AC:L/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 6.5, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "zdi-disclosures@trendmicro.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-03-05T20:15:12.660", references: [ { source: "zdi-disclosures@trendmicro.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://kb.netgear.com/000062883/Security-Advisory-for-Multiple-Vulnerabilities-on-Some-Routers-Satellites-and-Extenders", }, { source: "zdi-disclosures@trendmicro.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-21-264/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://kb.netgear.com/000062883/Security-Advisory-for-Multiple-Vulnerabilities-on-Some-Routers-Satellites-and-Extenders", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-21-264/", }, ], sourceIdentifier: "zdi-disclosures@trendmicro.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-295", }, ], source: "zdi-disclosures@trendmicro.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-12-26 01:15
Modified
2024-11-21 06:32
Severity ?
9.6 (Critical) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects EX6200v2 before 1.0.1.86, EX6250 before 1.0.0.134, EX7700 before 1.0.0.216, EX8000 before 1.0.1.232, LBR1020 before 2.6.3.58, LBR20 before 2.6.3.50, R7800 before 1.0.2.80, R8900 before 1.0.5.26, R9000 before 1.0.5.26, RBS50Y before 2.7.3.22, WNR2000v5 before 1.0.0.76, XR700 before 1.0.1.36, EX6150v2 before 1.0.1.98, EX7300 before 1.0.2.158, EX7320 before 1.0.0.134, RAX10 before 1.0.2.88, RAX120 before 1.2.0.16, RAX70 before 1.0.2.88, EX6100v2 before 1.0.1.98, EX6400 before 1.0.2.158, EX7300v2 before 1.0.0.134, R6700AX before 1.0.2.88, RAX120v2 before 1.2.0.16, RAX78 before 1.0.2.88, EX6410 before 1.0.0.134, RBR10 before 2.7.3.22, RBR20 before 2.7.3.22, RBR350 before 4.3.4.7, RBR40 before 2.7.3.22, RBR50 before 2.7.3.22, EX6420 before 1.0.0.134, RBS10 before 2.7.3.22, RBS20 before 2.7.3.22, RBS350 before 4.3.4.7, RBS40 before 2.7.3.22, RBS50 before 2.7.3.22, EX6400v2 before 1.0.0.134, RBK12 before 2.7.3.22, RBK20 before 2.7.3.22, RBK352 before 4.3.4.7, RBK40 before 2.7.3.22, and RBK50 before 2.7.3.22.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex6250_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "F0F8C423-2E5C-4A50-AF7B-AC67C3771DD3", versionEndExcluding: "1.0.0.134", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex6250:-:*:*:*:*:*:*:*", matchCriteriaId: "B7694D0C-2CC6-4A6E-A251-5CBFC67D2AA9", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex7700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D8DC1B77-994C-473C-AC97-7CC06341C607", versionEndExcluding: "1.0.0.216", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex7700:-:*:*:*:*:*:*:*", matchCriteriaId: "0D140E3B-9AE5-473A-82DE-9B9DBAE4C34A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex8000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "B4F00B47-FFC8-4D45-B49E-8347504A9A4C", versionEndExcluding: "1.0.1.232", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex8000:-:*:*:*:*:*:*:*", matchCriteriaId: "8D9781C9-799A-4BDA-A027-987627A01633", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:lbr1020_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "89B4E089-C3D1-41FC-97F6-D72CA27E37B8", versionEndExcluding: "2.6.3.58", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:lbr1020:-:*:*:*:*:*:*:*", matchCriteriaId: "953F0743-4B34-4CE9-815E-D87253720CBE", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:lbr20_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "37C80013-2E0F-459F-BE08-18D60B109AC0", versionEndExcluding: "2.6.3.50", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:lbr20:-:*:*:*:*:*:*:*", matchCriteriaId: "863E45EA-2DA0-4C9A-9B87-79E42B3FF97C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7800_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "3A43D307-64B1-46BF-8237-75518D1703CC", versionEndExcluding: "1.0.2.80", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7800:-:*:*:*:*:*:*:*", matchCriteriaId: "17CF7445-6950-45FE-9D1A-E23F63316329", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r8900_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "617156D5-63CB-4533-A816-C7FCA2F1C0EF", versionEndExcluding: "1.0.5.26", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r8900:-:*:*:*:*:*:*:*", matchCriteriaId: "0F859165-8D89-4CDD-9D48-9C7923D2261F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbs50y_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "818BD0BA-DF73-481B-91BF-4E2F6DA7B4A7", versionEndExcluding: "2.7.3.22", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbs50y:-:*:*:*:*:*:*:*", matchCriteriaId: "27F93A76-6EFF-4DA6-9129-4792E2C125D4", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wnr2000v5_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "6E5CCE1F-CC08-4C10-90C6-55ED8D3F3CE4", versionEndExcluding: "1.0.0.76", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wnr2000v5:-:*:*:*:*:*:*:*", matchCriteriaId: "671EC923-DC84-47D6-B943-0F7DA8168334", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:xr700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "80D6658B-FF1E-49C3-988E-1DFEA0E980C3", versionEndExcluding: "1.0.1.36", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:xr700:-:*:*:*:*:*:*:*", matchCriteriaId: "E12892C8-5E01-49A6-BF47-09D630377093", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex6150v2_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "597D1ED8-FE6A-4325-83AB-5CA544CFA1AF", versionEndExcluding: "1.0.1.98", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex6150v2:-:*:*:*:*:*:*:*", matchCriteriaId: "5828F04B-E373-4E4F-942D-08CCA038418C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex7300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "374F6EAA-A607-4A8F-BA86-EA770BA99189", versionEndExcluding: "1.0.2.158", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex7300:-:*:*:*:*:*:*:*", matchCriteriaId: "F285D60D-A5DA-4467-8F79-15EF8135D007", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex7320_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "E53DAB63-389B-4B73-8F75-231320DC71C8", versionEndExcluding: "1.0.0.134", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex7320:-:*:*:*:*:*:*:*", matchCriteriaId: "A1D4DF51-84EA-4296-9E06-CE5E1F4A53D1", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rax10_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "FCE28B87-99D0-4538-B854-270C71120AA8", versionEndExcluding: "1.0.2.88", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rax10:-:*:*:*:*:*:*:*", matchCriteriaId: "1742F1BB-3D78-4E5E-9479-6614A56B4700", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rax120_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "1F3FBDF5-28D8-47BE-B518-E4C68ABC34C4", versionEndExcluding: "1.2.0.16", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rax120:-:*:*:*:*:*:*:*", matchCriteriaId: "1742BD56-84E4-40E1-8C04-098B3715161E", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rax70_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "66392B98-C8A3-4DE3-86C5-501F903ACED0", versionEndExcluding: "1.0.2.88", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rax70:-:*:*:*:*:*:*:*", matchCriteriaId: "AE1314C3-4950-4F5A-9900-789710CE7F98", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex6100v2_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "53C5C134-0778-4098-B8B4-F9589516C297", versionEndExcluding: "1.0.1.98", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex6100v2:-:*:*:*:*:*:*:*", matchCriteriaId: "4DCFF79A-8ACE-455B-90F3-FFC745E8BAD4", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex6400_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "9A60E332-CA18-4617-B7C1-4BE82470DE34", versionEndExcluding: "1.0.2.158", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex6400:-:*:*:*:*:*:*:*", matchCriteriaId: "1289BBB4-1955-46A4-B5FE-BF11153C24F5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex7300v2_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "E02DD6E2-3A3E-4857-9761-1B40FFA4E755", versionEndExcluding: "1.0.0.134", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex7300v2:-:*:*:*:*:*:*:*", matchCriteriaId: "0A88D2A3-3B22-4639-94E9-69CE80F37392", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6700ax_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "38BEF837-BD63-410B-82DD-8F0B69B72E51", versionEndExcluding: "1.0.2.88", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6700ax:-:*:*:*:*:*:*:*", matchCriteriaId: "F9B37178-0C67-4EF0-A9B8-5BB5B9DBFB8F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rax120v2_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "C5749992-BE4A-4764-9389-B91FAEBD09AE", versionEndExcluding: "1.2.0.16", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rax120v2:-:*:*:*:*:*:*:*", matchCriteriaId: "50D741E6-43F9-4BDC-B1A4-281AC73A7C19", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rax78_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "BC89943B-7AE4-42CE-95F9-A5BF1D557F31", versionEndExcluding: "1.0.2.88", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rax78:-:*:*:*:*:*:*:*", matchCriteriaId: "EABDFEEF-228C-429E-9B80-B6A0CA7D5AA9", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex6410_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "74ED019D-C07A-44BE-BD3E-30885C748DDA", versionEndExcluding: "1.0.0.134", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex6410:-:*:*:*:*:*:*:*", matchCriteriaId: "C63267D8-4632-4D14-B39C-BEEC62AD8F87", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbr10_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "CCAC5A0E-0648-4504-A040-BA9859474FFA", versionEndExcluding: "2.7.3.22", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbr10:-:*:*:*:*:*:*:*", matchCriteriaId: "5DADAA79-9A5C-4B6F-A58D-704ACD1C3334", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbr20_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "4E0AC598-D991-49E0-86ED-4ABF0E42E504", versionEndExcluding: "2.7.3.22", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbr20:-:*:*:*:*:*:*:*", matchCriteriaId: "AE5DBD66-9C2A-4EFF-87AB-03E791D584B5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbr350_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "9D56EF24-F7D3-42E4-B783-87EBAA9088BB", versionEndExcluding: "4.3.4.7", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbr350:-:*:*:*:*:*:*:*", matchCriteriaId: "C967BD79-D46C-4E73-9063-394454C33180", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbr40_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "1FD3226E-1B9D-420E-AD7B-7D1DDC867D3F", versionEndExcluding: "2.7.3.22", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbr40:-:*:*:*:*:*:*:*", matchCriteriaId: "A9E20E59-2B1E-4E43-A494-2C20FD716D4F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbr50_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "C1AC74B5-C42B-40BC-8AF9-3E9E0C68084E", versionEndExcluding: "2.7.3.22", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbr50:-:*:*:*:*:*:*:*", matchCriteriaId: "B2CAEA32-6934-4743-9E6B-22D52AC5E7F8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex6420_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "34EB68F4-B710-47C9-A01B-A6361B185A19", versionEndExcluding: "1.0.0.134", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex6420:-:*:*:*:*:*:*:*", matchCriteriaId: "0B2C00E1-4A23-4304-B92F-B7D9F4818D90", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbs10_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "A00846AE-C198-4608-934F-41B6FE7A6038", versionEndExcluding: "2.7.3.22", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbs10:-:*:*:*:*:*:*:*", matchCriteriaId: "32BAB5C0-F645-4A90-833F-6345335FA1AF", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbs20_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "3C936668-6B8C-4497-A5A3-7C4B6CADB09B", versionEndExcluding: "2.7.3.22", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbs20:-:*:*:*:*:*:*:*", matchCriteriaId: "14FC7F5B-7E4F-4A68-8427-D1F553EBE8CA", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbs350_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "8DDD5366-ED77-49B4-BC8B-B4AECB9A5A9C", versionEndExcluding: "4.3.4.7", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbs350:-:*:*:*:*:*:*:*", matchCriteriaId: "D69C0384-012F-4F3C-B5B2-EE2087C8187D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbs40_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "40435599-FC79-4563-BF8B-BB1F84BDA82D", versionEndExcluding: "2.7.3.22", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbs40:-:*:*:*:*:*:*:*", matchCriteriaId: "6FDCDE39-0355-43B9-BF57-F3718DA2988D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbs50_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "6C4886CD-5890-4314-AC30-85DBDB69B594", versionEndExcluding: "2.7.3.22", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbs50:-:*:*:*:*:*:*:*", matchCriteriaId: "3BCFD959-D522-4FA0-AD01-2937DAEE1EDF", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex6400v2_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "208CF907-B3ED-4A7D-BA5B-16A00F44683D", versionEndExcluding: "1.0.0.134", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex6400v2:-:*:*:*:*:*:*:*", matchCriteriaId: "5882095F-B22A-4937-BA08-6640140F10AE", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbk12_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "EDB5A906-6623-4DE0-8A14-B0917F7242E2", versionEndExcluding: "2.7.3.22", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbk12:-:*:*:*:*:*:*:*", matchCriteriaId: "D5465A78-4826-4F72-9CBE-528CBF286A79", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbk20_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "A4021DFA-AEBD-4C6C-9793-48171990F8B3", versionEndExcluding: "2.7.3.22", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbk20:-:*:*:*:*:*:*:*", matchCriteriaId: "E6C9F31C-3E12-4787-9C9B-14883D9D152A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbk352_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "DD2667C9-3B5F-42EB-89BE-01E628DDC326", versionEndExcluding: "4.3.4.7", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbk352:-:*:*:*:*:*:*:*", matchCriteriaId: "E33DA6FB-9AEE-44DA-9FAA-164E145D8C4B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbk40_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "CA096BE4-3AE5-4AEA-B4C4-359D3A0C7F1E", versionEndExcluding: "2.7.3.22", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbk40:-:*:*:*:*:*:*:*", matchCriteriaId: "12DDD83C-6FF1-433F-ACA1-7B4B147F9A8C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbk50_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "455B1063-8507-4713-82B3-DB1BC4B22A21", versionEndExcluding: "2.7.3.22", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbk50:-:*:*:*:*:*:*:*", matchCriteriaId: "8BA66D07-D017-49D6-8E72-5C48E940DE1B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex6200v2_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "033E6FD3-A903-438D-88B2-F6AF7B2ECBCE", versionEndExcluding: "1.0.1.86", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex6200v2:-:*:*:*:*:*:*:*", matchCriteriaId: "2141AE0A-18CB-4142-A850-B2153DAEE5A8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r9000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "18313A0F-E562-423F-AA3E-14825DD8A22C", versionEndExcluding: "1.0.5.26", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r9000:-:*:*:*:*:*:*:*", matchCriteriaId: "D74F1BFC-562E-4E7D-BBAB-2F8B593B5A57", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects EX6200v2 before 1.0.1.86, EX6250 before 1.0.0.134, EX7700 before 1.0.0.216, EX8000 before 1.0.1.232, LBR1020 before 2.6.3.58, LBR20 before 2.6.3.50, R7800 before 1.0.2.80, R8900 before 1.0.5.26, R9000 before 1.0.5.26, RBS50Y before 2.7.3.22, WNR2000v5 before 1.0.0.76, XR700 before 1.0.1.36, EX6150v2 before 1.0.1.98, EX7300 before 1.0.2.158, EX7320 before 1.0.0.134, RAX10 before 1.0.2.88, RAX120 before 1.2.0.16, RAX70 before 1.0.2.88, EX6100v2 before 1.0.1.98, EX6400 before 1.0.2.158, EX7300v2 before 1.0.0.134, R6700AX before 1.0.2.88, RAX120v2 before 1.2.0.16, RAX78 before 1.0.2.88, EX6410 before 1.0.0.134, RBR10 before 2.7.3.22, RBR20 before 2.7.3.22, RBR350 before 4.3.4.7, RBR40 before 2.7.3.22, RBR50 before 2.7.3.22, EX6420 before 1.0.0.134, RBS10 before 2.7.3.22, RBS20 before 2.7.3.22, RBS350 before 4.3.4.7, RBS40 before 2.7.3.22, RBS50 before 2.7.3.22, EX6400v2 before 1.0.0.134, RBK12 before 2.7.3.22, RBK20 before 2.7.3.22, RBK352 before 4.3.4.7, RBK40 before 2.7.3.22, and RBK50 before 2.7.3.22.", }, { lang: "es", value: "Determinados dispositivos NETGEAR están afectados por una inyección de comandos por parte de un atacante no autenticado. Esto afecta a EX6200v2 versiones anteriores a 1.0.1.86, EX6250 versiones anteriores a 1.0.0.134, EX7700 versiones anteriores a 1.0.0.216, EX8000 versiones anteriores a 1.0.1.232, LBR1020 versiones anteriores a 2.6.3.58, LBR20 versiones anteriores a 2.6.3.50, R7800 versiones anteriores a 1.0.2.80, R8900 versiones anteriores a 1.0.5.26, R9000 versiones anteriores a 1.0.5.26, RBS50Y versiones anteriores a 2.7.3. 22, WNR2000v5 versiones anteriores a 1.0.0.76, XR700 versiones anteriores a 1.0.1.36, EX6150v2 versiones anteriores a 1.0.1.98, EX7300 versiones anteriores a 1.0.2.158, EX7320 versiones anteriores a 1.0.0. 134, RAX10 versiones anteriores a 1.0.2.88, RAX120 versiones anteriores a 1.2.0.16, RAX70 versiones anteriores a 1.0.2.88, EX6100v2 versiones anteriores a 1.0.1.98, EX6400 versiones anteriores a 1.0.2.158, EX7300v2 versiones anteriores a 1. 0.0.134, R6700AX versiones anteriores a 1.0.2.88, RAX120v2 versiones anteriores a 1.2.0.16, RAX78 versiones anteriores a 1.0.2.88, EX6410 versiones anteriores a 1.0.0.134, RBR10 versiones anteriores a 2.7.3. 22, RBR20 versiones anteriores a 2.7.3.22, RBR350 versiones anteriores a 4.3.4.7, RBR40 versiones anteriores a 2.7.3.22, RBR50 versiones anteriores a 2.7.3.22, EX6420 versiones anteriores a 1.0.0.134, RBS10 versiones anteriores a 2. 7.3.22, RBS20 versiones anteriores a 2.7.3.22, RBS350 versiones anteriores a 4.3.4.7, RBS40 versiones anteriores a 2.7.3.22, RBS50 versiones anteriores a 2.7.3.22, EX6400v2 versiones anteriores a 1.0.0. 134, RBK12 versiones anteriores a 2.7.3.22, RBK20 versiones anteriores a 2.7.3.22, RBK352 versiones anteriores a 4.3.4.7, RBK40 versiones anteriores a 2.7.3.22 y RBK50 versiones anteriores a 2.7.3.22", }, ], id: "CVE-2021-45619", lastModified: "2024-11-21T06:32:41.523", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 9.6, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 6, source: "cve@mitre.org", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-12-26T01:15:18.657", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000064492/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-Routers-Extenders-and-WiFi-Systems-PSV-2020-0435", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000064492/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-Routers-Extenders-and-WiFi-Systems-PSV-2020-0435", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-77", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-03-05 20:15
Modified
2024-11-21 05:57
Severity ?
Summary
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R7800. Authentication is not required to exploit this vulnerability. The specific flaw exists within the apply_save.cgi endpoint. This issue results from the use of hard-coded encryption key. An attacker can leverage this vulnerability to execute arbitrary code in the context of root. Was ZDI-CAN-12287.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:br200_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "9680E98E-021B-4C71-AAA0-AEF49C6AD95F", versionEndExcluding: "5.10.0.5", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:br200:-:*:*:*:*:*:*:*", matchCriteriaId: "CED01605-09B9-417E-AE6F-1F62888A0C93", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:br500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "89EDAF30-2238-495C-920F-F32CC17C046B", versionEndExcluding: "5.10.0.5", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:br500:-:*:*:*:*:*:*:*", matchCriteriaId: "261C0D85-C951-4F0C-B9C4-0E42B15834EE", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d7800_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "6CBD5FC4-2EF7-49A9-8F23-C9398441E7BD", versionEndExcluding: "1.0.1.60", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d7800:-:*:*:*:*:*:*:*", matchCriteriaId: "DA2D4987-3726-4A72-8D32-592F59FAC46D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex6100v2_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "53C5C134-0778-4098-B8B4-F9589516C297", versionEndExcluding: "1.0.1.98", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex6100v2:-:*:*:*:*:*:*:*", matchCriteriaId: "4DCFF79A-8ACE-455B-90F3-FFC745E8BAD4", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex6150v2_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "597D1ED8-FE6A-4325-83AB-5CA544CFA1AF", versionEndExcluding: "1.0.1.98", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex6150v2:-:*:*:*:*:*:*:*", matchCriteriaId: "5828F04B-E373-4E4F-942D-08CCA038418C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex6250_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "F0F8C423-2E5C-4A50-AF7B-AC67C3771DD3", versionEndExcluding: "1.0.0.134", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex6250:-:*:*:*:*:*:*:*", matchCriteriaId: "B7694D0C-2CC6-4A6E-A251-5CBFC67D2AA9", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex6400_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "9A60E332-CA18-4617-B7C1-4BE82470DE34", versionEndExcluding: "1.0.2.158", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex6400:-:*:*:*:*:*:*:*", matchCriteriaId: "1289BBB4-1955-46A4-B5FE-BF11153C24F5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex6400v2_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "208CF907-B3ED-4A7D-BA5B-16A00F44683D", versionEndExcluding: "1.0.0.134", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex6400v2:-:*:*:*:*:*:*:*", matchCriteriaId: "5882095F-B22A-4937-BA08-6640140F10AE", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex6410_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "74ED019D-C07A-44BE-BD3E-30885C748DDA", versionEndExcluding: "1.0.0.134", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex6410:-:*:*:*:*:*:*:*", matchCriteriaId: "C63267D8-4632-4D14-B39C-BEEC62AD8F87", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex6420_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "34EB68F4-B710-47C9-A01B-A6361B185A19", versionEndExcluding: "1.0.0.134", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex6420:-:*:*:*:*:*:*:*", matchCriteriaId: "0B2C00E1-4A23-4304-B92F-B7D9F4818D90", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex7300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "374F6EAA-A607-4A8F-BA86-EA770BA99189", versionEndExcluding: "1.0.2.158", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex7300:-:*:*:*:*:*:*:*", matchCriteriaId: "F285D60D-A5DA-4467-8F79-15EF8135D007", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex7300v2_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "E02DD6E2-3A3E-4857-9761-1B40FFA4E755", versionEndExcluding: "1.0.0.134", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex7300v2:-:*:*:*:*:*:*:*", matchCriteriaId: "0A88D2A3-3B22-4639-94E9-69CE80F37392", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex7320_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "E53DAB63-389B-4B73-8F75-231320DC71C8", versionEndExcluding: "1.0.0.134", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex7320:-:*:*:*:*:*:*:*", matchCriteriaId: "A1D4DF51-84EA-4296-9E06-CE5E1F4A53D1", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex7700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D8DC1B77-994C-473C-AC97-7CC06341C607", versionEndExcluding: "1.0.0.216", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex7700:-:*:*:*:*:*:*:*", matchCriteriaId: "0D140E3B-9AE5-473A-82DE-9B9DBAE4C34A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex8000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "B4F00B47-FFC8-4D45-B49E-8347504A9A4C", versionEndExcluding: "1.0.1.232", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex8000:-:*:*:*:*:*:*:*", matchCriteriaId: "8D9781C9-799A-4BDA-A027-987627A01633", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:lbr20_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "37C80013-2E0F-459F-BE08-18D60B109AC0", versionEndExcluding: "2.6.3.50", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:lbr20:-:*:*:*:*:*:*:*", matchCriteriaId: "863E45EA-2DA0-4C9A-9B87-79E42B3FF97C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7800_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "3A43D307-64B1-46BF-8237-75518D1703CC", versionEndExcluding: "1.0.2.80", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7800:-:*:*:*:*:*:*:*", matchCriteriaId: "17CF7445-6950-45FE-9D1A-E23F63316329", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r8900_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "01F57C27-EB5A-4F3E-ADF7-684DF8860DA2", versionEndExcluding: "1.0.5.28", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r8900:-:*:*:*:*:*:*:*", matchCriteriaId: "0F859165-8D89-4CDD-9D48-9C7923D2261F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r9000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "8F67B805-17B5-4053-8399-0AFB2EF6E1D4", versionEndExcluding: "1.0.5.28", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r9000:-:*:*:*:*:*:*:*", matchCriteriaId: "D74F1BFC-562E-4E7D-BBAB-2F8B593B5A57", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbk12_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "2135FFEC-0437-43C6-B146-3EF43E1B007B", versionEndExcluding: "2.7.2.104", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbk12:-:*:*:*:*:*:*:*", matchCriteriaId: "D5465A78-4826-4F72-9CBE-528CBF286A79", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbk13_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "5A413E57-A780-486E-AF85-EE460C99D696", versionEndExcluding: "2.7.2.104", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbk13:-:*:*:*:*:*:*:*", matchCriteriaId: "783EEEE0-BB9A-4C54-82B2-046B1033091C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbk14_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "0E9B0ED1-3D84-44A6-BA37-E5F8D0EBCB10", versionEndExcluding: "2.7.2.104", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbk14:-:*:*:*:*:*:*:*", matchCriteriaId: "4CD91050-5FE0-4810-8E6F-EF9B9B2F02E9", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbk15_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "E19C965E-FA8D-4B42-BCB1-23788621DF45", versionEndExcluding: "2.7.2.104", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbk15:-:*:*:*:*:*:*:*", matchCriteriaId: "B801EC38-5B86-49F2-AB81-63F0F07A9BBE", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbk20_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "DAA4BD93-AE89-4506-936F-26C605685193", versionEndExcluding: "2.6.2.104", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbk20:-:*:*:*:*:*:*:*", matchCriteriaId: "E6C9F31C-3E12-4787-9C9B-14883D9D152A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbk23_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "33146BAB-5A18-4A1F-BDD8-3BB33200CDB2", versionEndExcluding: "2.7.2.104", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbk23:-:*:*:*:*:*:*:*", matchCriteriaId: "17D7D346-6F52-4473-A4EA-6059C177BF0F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbk40_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "85AD5F45-F940-4FB5-B4D4-E44D816A3449", versionEndExcluding: "2.6.2.104", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbk40:-:*:*:*:*:*:*:*", matchCriteriaId: "12DDD83C-6FF1-433F-ACA1-7B4B147F9A8C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbk43_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "564B0FDF-7159-42EA-9CAA-BEF791274915", versionEndExcluding: "2.6.2.104", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbk43:-:*:*:*:*:*:*:*", matchCriteriaId: "EC2B9C48-9FE6-462B-88EE-046F15E66430", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbk43s_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "998C6A17-5ADC-47F1-AF63-9B425143C086", versionEndExcluding: "2.6.2.104", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbk43s:-:*:*:*:*:*:*:*", matchCriteriaId: "A5604E66-E9CC-4B78-AF6A-2341B30E3594", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbk44_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "252643DB-46F7-41E9-96E0-0669DD486E5F", versionEndExcluding: "2.6.2.104", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbk44:-:*:*:*:*:*:*:*", matchCriteriaId: "1924FC8B-4031-4EA3-B214-AF6F77D94654", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbk50_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "1FBFA62B-2EBC-426A-98DC-235879902E72", versionEndExcluding: "2.7.2.104", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbk50:-:*:*:*:*:*:*:*", matchCriteriaId: "8BA66D07-D017-49D6-8E72-5C48E940DE1B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbk53_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "66034CFD-1303-4B90-AF70-18B7EDBEFE32", versionEndExcluding: "2.7.2.104", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbk53:-:*:*:*:*:*:*:*", matchCriteriaId: "CF03B2BB-34BB-4A0D-81CD-1841E524F885", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbr10_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "237758B3-C096-465F-95C4-EB3F9835D91F", versionEndExcluding: "2.6.2.104", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbr10:-:*:*:*:*:*:*:*", matchCriteriaId: "5DADAA79-9A5C-4B6F-A58D-704ACD1C3334", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbr20_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "217B0E6E-BCC9-4D12-ADD4-E2C65323018B", versionEndExcluding: "2.6.2.104", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbr20:-:*:*:*:*:*:*:*", matchCriteriaId: "AE5DBD66-9C2A-4EFF-87AB-03E791D584B5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbr40_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "C8E13FC6-D0BF-4674-8A3B-FF5D81B15059", versionEndExcluding: "2.6.2.104", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbr40:-:*:*:*:*:*:*:*", matchCriteriaId: "A9E20E59-2B1E-4E43-A494-2C20FD716D4F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbr50_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "82504AE8-4D6F-4A49-A611-FBFB303CD237", versionEndExcluding: "2.7.2.104", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbr50:-:*:*:*:*:*:*:*", matchCriteriaId: "B2CAEA32-6934-4743-9E6B-22D52AC5E7F8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbs10_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "41B066B3-37CD-4839-909B-A8EC636E5F11", versionEndExcluding: "2.6.2.104", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbs10:-:*:*:*:*:*:*:*", matchCriteriaId: "32BAB5C0-F645-4A90-833F-6345335FA1AF", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbs20_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "9CED8944-D61A-4FDA-A9DB-76CBED16F338", versionEndExcluding: "2.6.2.104", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbs20:-:*:*:*:*:*:*:*", matchCriteriaId: "14FC7F5B-7E4F-4A68-8427-D1F553EBE8CA", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbs40_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "BDAE8049-9102-4B4A-A2CF-B6A2F638B4E3", versionEndExcluding: "2.6.2.104", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbs40:-:*:*:*:*:*:*:*", matchCriteriaId: "6FDCDE39-0355-43B9-BF57-F3718DA2988D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbs50_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "0484BCA5-6DD3-43B9-BB83-24B6BF99C4AA", versionEndExcluding: "2.7.2.104", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbs50:-:*:*:*:*:*:*:*", matchCriteriaId: "3BCFD959-D522-4FA0-AD01-2937DAEE1EDF", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbs50y_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "56489CFF-D34F-4C66-B69B-FB2CE4333D75", versionEndExcluding: "2.6.2.104", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbs50y:-:*:*:*:*:*:*:*", matchCriteriaId: "27F93A76-6EFF-4DA6-9129-4792E2C125D4", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:xr450_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "FF01111F-8A37-4366-A63E-210E6CE0DB0E", versionEndExcluding: "2.3.2.114", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:xr450:-:*:*:*:*:*:*:*", matchCriteriaId: "66B9CE4D-D1EC-4F55-8226-D159CF5F3AB6", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:xr500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "4476F0C6-0A7D-4735-940C-F5C75316EEE9", versionEndExcluding: "2.3.2.114", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:xr500:-:*:*:*:*:*:*:*", matchCriteriaId: "9E203D92-F97B-4F5B-B395-3A5DEDBF1C1C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:xr700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "1D92A0CE-769D-402F-8FD7-BDD8DF247CFD", versionEndExcluding: "1.0.1.38", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:xr700:-:*:*:*:*:*:*:*", matchCriteriaId: "E12892C8-5E01-49A6-BF47-09D630377093", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R7800. Authentication is not required to exploit this vulnerability. The specific flaw exists within the apply_save.cgi endpoint. This issue results from the use of hard-coded encryption key. An attacker can leverage this vulnerability to execute arbitrary code in the context of root. Was ZDI-CAN-12287.", }, { lang: "es", value: "Esta vulnerabilidad permite a atacantes adyacentes a la red omitir una autenticación en instalaciones afectadas de NETGEAR R7800. No es requerida una autenticación para explotar esta vulnerabilidad. El fallo específico se presenta dentro del endpoint apply_save.cgi. Este problema resulta del uso de una clave de cifrado embebida. Un atacante puede aprovechar esta vulnerabilidad para ejecutar código arbitrario en el contexto de root. Era ZDI-CAN-12287", }, ], id: "CVE-2021-27254", lastModified: "2024-11-21T05:57:41.790", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 8.3, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:A/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 6.5, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "LOW", baseScore: 6.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 3.4, source: "zdi-disclosures@trendmicro.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-03-05T20:15:12.317", references: [ { source: "zdi-disclosures@trendmicro.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://kb.netgear.com/000062883/Security-Advisory-for-Multiple-Vulnerabilities-on-Some-Routers-Satellites-and-Extenders", }, { source: "zdi-disclosures@trendmicro.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-21-252/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://kb.netgear.com/000062883/Security-Advisory-for-Multiple-Vulnerabilities-on-Some-Routers-Satellites-and-Extenders", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-21-252/", }, ], sourceIdentifier: "zdi-disclosures@trendmicro.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-259", }, ], source: "zdi-disclosures@trendmicro.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-798", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-12-26 01:15
Modified
2024-11-21 06:32
Severity ?
6.1 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D7800 before 1.0.1.66, EX2700 before 1.0.1.68, WN3000RPv2 before 1.0.0.90, WN3000RPv3 before 1.0.2.100, LBR1020 before 2.6.5.20, LBR20 before 2.6.5.32, R6700AX before 1.0.10.110, R7800 before 1.0.2.86, R8900 before 1.0.5.38, R9000 before 1.0.5.38, RAX10 before 1.0.10.110, RAX120v1 before 1.2.3.28, RAX120v2 before 1.2.3.28, RAX70 before 1.0.10.110, RAX78 before 1.0.10.110, XR450 before 2.3.2.130, XR500 before 2.3.2.130, and XR700 before 1.0.1.46.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netgear | d7800_firmware | * | |
| netgear | d7800 | - | |
| netgear | ex2700_firmware | * | |
| netgear | ex2700 | - | |
| netgear | wn3000rpv2_firmware | * | |
| netgear | wn3000rpv2 | - | |
| netgear | wn3000rpv3_firmware | * | |
| netgear | wn3000rpv3 | - | |
| netgear | lbr1020_firmware | * | |
| netgear | lbr1020 | - | |
| netgear | lbr20_firmware | * | |
| netgear | lbr20 | - | |
| netgear | r6700ax_firmware | * | |
| netgear | r6700ax | - | |
| netgear | r7800_firmware | * | |
| netgear | r7800 | - | |
| netgear | r8900_firmware | * | |
| netgear | r8900 | - | |
| netgear | r9000_firmware | * | |
| netgear | r9000 | - | |
| netgear | rax10_firmware | * | |
| netgear | rax10 | - | |
| netgear | rax120v1_firmware | * | |
| netgear | rax120v1 | - | |
| netgear | rax120v2_firmware | * | |
| netgear | rax120v2 | - | |
| netgear | rax70_firmware | * | |
| netgear | rax70 | - | |
| netgear | rax78_firmware | * | |
| netgear | rax78 | - | |
| netgear | xr450_firmware | * | |
| netgear | xr450 | - | |
| netgear | xr500_firmware | * | |
| netgear | xr500 | - | |
| netgear | xr700_firmware | * | |
| netgear | xr700 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d7800_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "EBB7728E-4535-4A67-9F8F-3CD4FE29C4A9", versionEndExcluding: "1.0.1.66", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d7800:-:*:*:*:*:*:*:*", matchCriteriaId: "DA2D4987-3726-4A72-8D32-592F59FAC46D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex2700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "110B4669-7AA6-4444-BFEF-9F7DF5C40D0B", versionEndExcluding: "1.0.1.68", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex2700:-:*:*:*:*:*:*:*", matchCriteriaId: "5341B659-DE7D-43F1-954D-82049CBE18AD", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wn3000rpv2_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "A7305D0F-6995-411B-BDF6-106102C717AB", versionEndExcluding: "1.0.0.90", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wn3000rpv2:-:*:*:*:*:*:*:*", matchCriteriaId: "50BC8FA2-F9D5-4286-97DD-BD2A55EA234D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wn3000rpv3_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "28C0758E-2793-4342-AEA0-DA7F49C4A38E", versionEndExcluding: "1.0.2.100", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wn3000rpv3:-:*:*:*:*:*:*:*", matchCriteriaId: "958243A2-6829-464F-80EA-7DD5B6F0DD7A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:lbr1020_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "05E6F6DD-5CC6-426B-92F5-34B9A8525810", versionEndExcluding: "2.6.5.20", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:lbr1020:-:*:*:*:*:*:*:*", matchCriteriaId: "953F0743-4B34-4CE9-815E-D87253720CBE", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:lbr20_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "8AAD88A5-E90E-4A96-BE01-DF14ADC44881", versionEndExcluding: "2.6.5.32", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:lbr20:-:*:*:*:*:*:*:*", matchCriteriaId: "863E45EA-2DA0-4C9A-9B87-79E42B3FF97C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6700ax_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "C65624DD-9DDF-4167-89D9-8629587082A6", versionEndExcluding: "1.0.10.110", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6700ax:-:*:*:*:*:*:*:*", matchCriteriaId: "F9B37178-0C67-4EF0-A9B8-5BB5B9DBFB8F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7800_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "76FAB8C7-79BA-4592-AF47-198D3EE48DCF", versionEndExcluding: "1.0.2.86", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7800:-:*:*:*:*:*:*:*", matchCriteriaId: "17CF7445-6950-45FE-9D1A-E23F63316329", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r8900_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "13593203-FB80-4BDA-96CC-AAE5C33E560A", versionEndExcluding: "1.0.5.38", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r8900:-:*:*:*:*:*:*:*", matchCriteriaId: "0F859165-8D89-4CDD-9D48-9C7923D2261F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r9000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "4D90EEE2-4D7C-46ED-9DF4-C232F30D97ED", versionEndExcluding: "1.0.5.38", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r9000:-:*:*:*:*:*:*:*", matchCriteriaId: "D74F1BFC-562E-4E7D-BBAB-2F8B593B5A57", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rax10_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "FB930C5E-4232-4212-AFEB-A4D0904F2B22", versionEndExcluding: "1.0.10.110", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rax10:-:*:*:*:*:*:*:*", matchCriteriaId: "1742F1BB-3D78-4E5E-9479-6614A56B4700", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rax120v1_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "E370208B-8A35-4F76-8C79-BD5F1ABECA4D", versionEndExcluding: "1.2.3.28", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rax120v1:-:*:*:*:*:*:*:*", matchCriteriaId: "774148F4-42EA-4F2A-98AB-1511DAB5774A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rax120v2_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "91CED146-E9DC-4F73-A2CF-A6D78F29D0F7", versionEndExcluding: "1.2.3.28", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rax120v2:-:*:*:*:*:*:*:*", matchCriteriaId: "50D741E6-43F9-4BDC-B1A4-281AC73A7C19", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rax70_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "EE615E08-904D-4DD5-835F-CE48B6D87650", versionEndExcluding: "1.0.10.110", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rax70:-:*:*:*:*:*:*:*", matchCriteriaId: "AE1314C3-4950-4F5A-9900-789710CE7F98", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rax78_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "A4940E3E-2320-4B73-B5DB-DDB7BE410EF0", versionEndExcluding: "1.0.10.110", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rax78:-:*:*:*:*:*:*:*", matchCriteriaId: "EABDFEEF-228C-429E-9B80-B6A0CA7D5AA9", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:xr450_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "1EC1DFC6-B5A7-486B-BD50-BB79B3FF368A", versionEndExcluding: "2.3.2.130", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:xr450:-:*:*:*:*:*:*:*", matchCriteriaId: "66B9CE4D-D1EC-4F55-8226-D159CF5F3AB6", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:xr500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "E50B1D80-6C4A-488D-8CAC-638DFFE23E6F", versionEndExcluding: "2.3.2.130", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:xr500:-:*:*:*:*:*:*:*", matchCriteriaId: "9E203D92-F97B-4F5B-B395-3A5DEDBF1C1C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:xr700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "E3539C94-0B31-48FC-A432-3DC3E4E0CBBC", versionEndExcluding: "1.0.1.46", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:xr700:-:*:*:*:*:*:*:*", matchCriteriaId: "E12892C8-5E01-49A6-BF47-09D630377093", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D7800 before 1.0.1.66, EX2700 before 1.0.1.68, WN3000RPv2 before 1.0.0.90, WN3000RPv3 before 1.0.2.100, LBR1020 before 2.6.5.20, LBR20 before 2.6.5.32, R6700AX before 1.0.10.110, R7800 before 1.0.2.86, R8900 before 1.0.5.38, R9000 before 1.0.5.38, RAX10 before 1.0.10.110, RAX120v1 before 1.2.3.28, RAX120v2 before 1.2.3.28, RAX70 before 1.0.10.110, RAX78 before 1.0.10.110, XR450 before 2.3.2.130, XR500 before 2.3.2.130, and XR700 before 1.0.1.46.", }, { lang: "es", value: "Determinados dispositivos NETGEAR están afectados por una inyección de comandos por parte de un usuario autenticado. Esto afecta a D7800 versiones anteriores a 1.0.1.66, a EX2700 versiones anteriores a 1.0.1.68, al WN3000RPv2 versiones anteriores a 1.0.0.90, al WN3000RPv3 versiones anteriores a 1.0.2.100, a LBR1020 versiones anteriores a 2.6.5.20, a LBR20 versiones anteriores a 2.6.5.32, a R6700AX versiones anteriores a 1.0.10.110, a R7800 versiones anteriores a 1.0.2.86, a R8900 versiones anteriores a 1. 0.5.38, R9000 versiones anteriores a 1.0.5.38, RAX10 versiones anteriores a 1.0.10.110, RAX120v1 versiones anteriores a 1.2.3.28, RAX120v2 versiones anteriores a 1.2.3.28, RAX70 versiones anteriores a 1.0.10.110, RAX78 versiones anteriores a 1.0.10.110, XR450 versiones anteriores a 2.3.2.130, XR500 versiones anteriores a 2.3.2.130 y XR700 versiones anteriores a 1.0.1.46", }, ], id: "CVE-2021-45602", lastModified: "2024-11-21T06:32:38.330", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.6, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 4.2, source: "cve@mitre.org", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-12-26T01:15:17.803", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://immersivelabs.com/resources/blog/netgear-vulnerabilities-could-put-small-business-routers-at-risk/", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "https://kb.netgear.com/000064407/Security-Advisory-for-Post-Authentication-Command-Injection-Sensitive-Information-Disclosure-on-Multiple-Products-PSV-2021-0169-PSV-2021-0171", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://immersivelabs.com/resources/blog/netgear-vulnerabilities-could-put-small-business-routers-at-risk/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://kb.netgear.com/000064407/Security-Advisory-for-Post-Authentication-Command-Injection-Sensitive-Information-Disclosure-on-Multiple-Products-PSV-2021-0169-PSV-2021-0171", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-78", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-03-29 19:15
Modified
2024-11-21 06:56
Severity ?
Summary
This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the downloading of files via HTTPS. The issue results from the lack of proper validation of the certificate presented by the server. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-15797.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6400_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "AFC79CFE-9036-472C-AB28-FF293BBE1780", versionEndExcluding: "1.0.4.126", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6400:v2:*:*:*:*:*:*:*", matchCriteriaId: "52AE9AD2-BC8D-477D-A3D3-891AE52FA5F3", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "169E2D0D-7D18-4AF1-8683-346BD1069DC1", versionEndExcluding: "1.0.4.126", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6700:v3:*:*:*:*:*:*:*", matchCriteriaId: "5A09A9E8-8C77-4EDB-9483-B3C540EF083A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6900p_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "E52E9373-C896-405F-9CEC-2E8707B249F5", versionEndExcluding: "1.3.3.148", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6900p:-:*:*:*:*:*:*:*", matchCriteriaId: "C41908FF-AE64-4949-80E3-BEE061B2DA8A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "5376DD03-0DDD-4B0C-A185-EC226515B32A", versionEndExcluding: "1.0.11.134", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7000:-:*:*:*:*:*:*:*", matchCriteriaId: "C9F86FF6-AB32-4E51-856A-DDE790C0A9A6", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7000p_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "5D67D8C3-98DA-4B7D-BA7D-AB5F13E627F9", versionEndExcluding: "1.3.3.148", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7000p:-:*:*:*:*:*:*:*", matchCriteriaId: "DFE55F4D-E98B-46D3-B870-041141934CD1", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7850_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "8EA99A24-E836-40F4-BF61-C4489E3713F0", versionEndExcluding: "1.0.5.84", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7850:-:*:*:*:*:*:*:*", matchCriteriaId: "DAF94D73-B6D0-4334-9A41-83AA92B7C6DF", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7960p_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "150CF98F-A933-4CF2-A4FF-5AF15A9E1E18", versionEndExcluding: "1.4.3.88", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7960p:-:*:*:*:*:*:*:*", matchCriteriaId: "091CEDB5-0069-4253-86D8-B9FE17CB9F24", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r8000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "72325BC2-C9AC-4B24-865E-662BDF05BD99", versionEndExcluding: "1.0.4.84", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r8000:-:*:*:*:*:*:*:*", matchCriteriaId: "5B39F095-8FE8-43FD-A866-7B613B495984", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r8000p_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "994D00CD-350B-4059-9C51-BF843C72B45E", versionEndExcluding: "1.4.3.88", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r8000p:-:*:*:*:*:*:*:*", matchCriteriaId: "F7EF872D-2537-4FEB-8799-499FC9D44339", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rax200_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "C706F152-6163-4276-B608-C4AF196E070F", versionEndExcluding: "1.0.6.138", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rax200:-:*:*:*:*:*:*:*", matchCriteriaId: "58EB0F2F-FB5C-47D9-9AE6-087AE517B3F9", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rax75_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "E301ACAC-E217-4329-8A32-83946E61999E", versionEndExcluding: "1.0.6.138", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rax75:-:*:*:*:*:*:*:*", matchCriteriaId: "1BAA74D7-36A1-4494-96A2-BD0D2D6BF22F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rax80_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "F8028906-D5AB-4CE6-8431-844E6F98B9AD", versionEndExcluding: "1.0.6.138", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rax80:-:*:*:*:*:*:*:*", matchCriteriaId: "06B5A85C-3588-4263-B9AD-4E56D3F6CB16", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rs400_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "3BC7E8C9-62BD-45E2-8A7A-D29A6150622A", versionEndExcluding: "1.5.1.86", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rs400:-:*:*:*:*:*:*:*", matchCriteriaId: "2700644E-0940-4D05-B3CA-904D91739E58", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:cbr40_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "9C1671BC-AB3B-493F-81F6-C38D1489BF9C", versionEndExcluding: "2.5.0.28", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:cbr40:-:*:*:*:*:*:*:*", matchCriteriaId: "AE0F7E9E-196C-4106-B1C9-C16FA5910A0F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:lbr1020_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "03942539-865D-4920-8C59-D211C6A5E97C", versionEndExcluding: "2.7.4.2", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:lbr1020:-:*:*:*:*:*:*:*", matchCriteriaId: "953F0743-4B34-4CE9-815E-D87253720CBE", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:lbr20_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "22C90106-692A-4574-907A-86B7BA743AEF", versionEndExcluding: "2.7.4.2", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:lbr20:-:*:*:*:*:*:*:*", matchCriteriaId: "863E45EA-2DA0-4C9A-9B87-79E42B3FF97C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbr10_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "6AC9F546-DE9F-4B4F-B6C0-166A109FC4F6", versionEndExcluding: "2.7.4.24", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbr10:-:*:*:*:*:*:*:*", matchCriteriaId: "5DADAA79-9A5C-4B6F-A58D-704ACD1C3334", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbr20_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "0583B690-ABA5-4E18-AE1F-2ADA800B2AF3", versionEndExcluding: "2.7.4.24", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbr20:-:*:*:*:*:*:*:*", matchCriteriaId: "AE5DBD66-9C2A-4EFF-87AB-03E791D584B5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbr40_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "008227D9-B549-48EB-BEE5-492461CD3654", versionEndExcluding: "2.7.4.24", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbr40:-:*:*:*:*:*:*:*", matchCriteriaId: "A9E20E59-2B1E-4E43-A494-2C20FD716D4F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbr50_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "0789B88D-574A-4FF7-A579-6FD0DF5CCA1F", versionEndExcluding: "2.7.4.24", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbr50:-:*:*:*:*:*:*:*", matchCriteriaId: "B2CAEA32-6934-4743-9E6B-22D52AC5E7F8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbs10_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "C119E51F-AC11-48F9-85AA-29255E64F8DC", versionEndExcluding: "2.7.4.24", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbs10:-:*:*:*:*:*:*:*", matchCriteriaId: "32BAB5C0-F645-4A90-833F-6345335FA1AF", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbs20_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "35792D02-E5E4-41D1-9AB8-C595015A6608", versionEndExcluding: "2.7.4.24", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbs20:-:*:*:*:*:*:*:*", matchCriteriaId: "14FC7F5B-7E4F-4A68-8427-D1F553EBE8CA", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbs40_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "8ED42A4B-C04A-431D-8CE5-F219BFC1FA39", versionEndExcluding: "2.7.4.24", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbs40:-:*:*:*:*:*:*:*", matchCriteriaId: "6FDCDE39-0355-43B9-BF57-F3718DA2988D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbs50_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "26315AA3-35C7-415F-B12E-D0081DCA5A52", versionEndExcluding: "2.7.4.24", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbs50:-:*:*:*:*:*:*:*", matchCriteriaId: "3BCFD959-D522-4FA0-AD01-2937DAEE1EDF", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the downloading of files via HTTPS. The issue results from the lack of proper validation of the certificate presented by the server. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-15797.", }, ], id: "CVE-2022-27644", lastModified: "2024-11-21T06:56:05.187", metrics: { cvssMetricV30: [ { cvssData: { attackComplexity: "HIGH", attackVector: "ADJACENT_NETWORK", availabilityImpact: "LOW", baseScore: 5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, exploitabilityScore: 1.6, impactScore: 3.4, source: "zdi-disclosures@trendmicro.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-03-29T19:15:08.563", references: [ { source: "zdi-disclosures@trendmicro.com", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000064721/Security-Advisory-for-Multiple-Vulnerabilities-on-Multiple-Products-PSV-2021-0324", }, { source: "zdi-disclosures@trendmicro.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-22-520/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000064721/Security-Advisory-for-Multiple-Vulnerabilities-on-Multiple-Products-PSV-2021-0324", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-22-520/", }, ], sourceIdentifier: "zdi-disclosures@trendmicro.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-295", }, ], source: "zdi-disclosures@trendmicro.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-03-29 19:15
Modified
2024-11-21 06:56
Severity ?
Summary
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the circled daemon. A crafted circleinfo.txt file can trigger an overflow of a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15879.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6400_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "AFC79CFE-9036-472C-AB28-FF293BBE1780", versionEndExcluding: "1.0.4.126", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6400:v2:*:*:*:*:*:*:*", matchCriteriaId: "52AE9AD2-BC8D-477D-A3D3-891AE52FA5F3", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "169E2D0D-7D18-4AF1-8683-346BD1069DC1", versionEndExcluding: "1.0.4.126", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6700:v3:*:*:*:*:*:*:*", matchCriteriaId: "5A09A9E8-8C77-4EDB-9483-B3C540EF083A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6900p_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "E52E9373-C896-405F-9CEC-2E8707B249F5", versionEndExcluding: "1.3.3.148", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6900p:-:*:*:*:*:*:*:*", matchCriteriaId: "C41908FF-AE64-4949-80E3-BEE061B2DA8A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "5376DD03-0DDD-4B0C-A185-EC226515B32A", versionEndExcluding: "1.0.11.134", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7000:-:*:*:*:*:*:*:*", matchCriteriaId: "C9F86FF6-AB32-4E51-856A-DDE790C0A9A6", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7000p_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "5D67D8C3-98DA-4B7D-BA7D-AB5F13E627F9", versionEndExcluding: "1.3.3.148", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7000p:-:*:*:*:*:*:*:*", matchCriteriaId: "DFE55F4D-E98B-46D3-B870-041141934CD1", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7850_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "8EA99A24-E836-40F4-BF61-C4489E3713F0", versionEndExcluding: "1.0.5.84", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7850:-:*:*:*:*:*:*:*", matchCriteriaId: "DAF94D73-B6D0-4334-9A41-83AA92B7C6DF", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7960p_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "150CF98F-A933-4CF2-A4FF-5AF15A9E1E18", versionEndExcluding: "1.4.3.88", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7960p:-:*:*:*:*:*:*:*", matchCriteriaId: "091CEDB5-0069-4253-86D8-B9FE17CB9F24", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r8000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "72325BC2-C9AC-4B24-865E-662BDF05BD99", versionEndExcluding: "1.0.4.84", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r8000:-:*:*:*:*:*:*:*", matchCriteriaId: "5B39F095-8FE8-43FD-A866-7B613B495984", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r8000p_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "994D00CD-350B-4059-9C51-BF843C72B45E", versionEndExcluding: "1.4.3.88", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r8000p:-:*:*:*:*:*:*:*", matchCriteriaId: "F7EF872D-2537-4FEB-8799-499FC9D44339", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rax200_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "C706F152-6163-4276-B608-C4AF196E070F", versionEndExcluding: "1.0.6.138", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rax200:-:*:*:*:*:*:*:*", matchCriteriaId: "58EB0F2F-FB5C-47D9-9AE6-087AE517B3F9", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rax75_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "E301ACAC-E217-4329-8A32-83946E61999E", versionEndExcluding: "1.0.6.138", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rax75:-:*:*:*:*:*:*:*", matchCriteriaId: "1BAA74D7-36A1-4494-96A2-BD0D2D6BF22F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rax80_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "F8028906-D5AB-4CE6-8431-844E6F98B9AD", versionEndExcluding: "1.0.6.138", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rax80:-:*:*:*:*:*:*:*", matchCriteriaId: "06B5A85C-3588-4263-B9AD-4E56D3F6CB16", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rs400_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "3BC7E8C9-62BD-45E2-8A7A-D29A6150622A", versionEndExcluding: "1.5.1.86", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rs400:-:*:*:*:*:*:*:*", matchCriteriaId: "2700644E-0940-4D05-B3CA-904D91739E58", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:cbr40_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "9C1671BC-AB3B-493F-81F6-C38D1489BF9C", versionEndExcluding: "2.5.0.28", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:cbr40:-:*:*:*:*:*:*:*", matchCriteriaId: "AE0F7E9E-196C-4106-B1C9-C16FA5910A0F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:lbr1020_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "03942539-865D-4920-8C59-D211C6A5E97C", versionEndExcluding: "2.7.4.2", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:lbr1020:-:*:*:*:*:*:*:*", matchCriteriaId: "953F0743-4B34-4CE9-815E-D87253720CBE", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:lbr20_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "22C90106-692A-4574-907A-86B7BA743AEF", versionEndExcluding: "2.7.4.2", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:lbr20:-:*:*:*:*:*:*:*", matchCriteriaId: "863E45EA-2DA0-4C9A-9B87-79E42B3FF97C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbr10_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "6AC9F546-DE9F-4B4F-B6C0-166A109FC4F6", versionEndExcluding: "2.7.4.24", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbr10:-:*:*:*:*:*:*:*", matchCriteriaId: "5DADAA79-9A5C-4B6F-A58D-704ACD1C3334", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbr20_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "0583B690-ABA5-4E18-AE1F-2ADA800B2AF3", versionEndExcluding: "2.7.4.24", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbr20:-:*:*:*:*:*:*:*", matchCriteriaId: "AE5DBD66-9C2A-4EFF-87AB-03E791D584B5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbr40_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "008227D9-B549-48EB-BEE5-492461CD3654", versionEndExcluding: "2.7.4.24", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbr40:-:*:*:*:*:*:*:*", matchCriteriaId: "A9E20E59-2B1E-4E43-A494-2C20FD716D4F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbr50_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "0789B88D-574A-4FF7-A579-6FD0DF5CCA1F", versionEndExcluding: "2.7.4.24", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbr50:-:*:*:*:*:*:*:*", matchCriteriaId: "B2CAEA32-6934-4743-9E6B-22D52AC5E7F8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbs10_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "C119E51F-AC11-48F9-85AA-29255E64F8DC", versionEndExcluding: "2.7.4.24", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbs10:-:*:*:*:*:*:*:*", matchCriteriaId: "32BAB5C0-F645-4A90-833F-6345335FA1AF", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbs20_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "35792D02-E5E4-41D1-9AB8-C595015A6608", versionEndExcluding: "2.7.4.24", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbs20:-:*:*:*:*:*:*:*", matchCriteriaId: "14FC7F5B-7E4F-4A68-8427-D1F553EBE8CA", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbs40_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "8ED42A4B-C04A-431D-8CE5-F219BFC1FA39", versionEndExcluding: "2.7.4.24", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbs40:-:*:*:*:*:*:*:*", matchCriteriaId: "6FDCDE39-0355-43B9-BF57-F3718DA2988D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbs50_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "26315AA3-35C7-415F-B12E-D0081DCA5A52", versionEndExcluding: "2.7.4.24", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbs50:-:*:*:*:*:*:*:*", matchCriteriaId: "3BCFD959-D522-4FA0-AD01-2937DAEE1EDF", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the circled daemon. A crafted circleinfo.txt file can trigger an overflow of a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15879.", }, ], id: "CVE-2022-27646", lastModified: "2024-11-21T06:56:05.500", metrics: { cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 2.1, impactScore: 5.9, source: "zdi-disclosures@trendmicro.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-03-29T19:15:08.707", references: [ { source: "zdi-disclosures@trendmicro.com", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000064721/Security-Advisory-for-Multiple-Vulnerabilities-on-Multiple-Products-PSV-2021-0324", }, { source: "zdi-disclosures@trendmicro.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-22-523/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000064721/Security-Advisory-for-Multiple-Vulnerabilities-on-Multiple-Products-PSV-2021-0324", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-22-523/", }, ], sourceIdentifier: "zdi-disclosures@trendmicro.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-121", }, ], source: "zdi-disclosures@trendmicro.com", type: "Primary", }, ], }