CVE-2021-38516

CWE-863 — Incorrect Authorization3 documents3 sources

Severity

9.8CRITICAL

EPSS

0.5%

top 32.07%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Netgear Ac2100 Firmware Netgear Ac2400 Firmware Netgear Ac2600 Firmware +56 more

Timeline

PublishedAug 11

Latest updateMay 24

Description

Certain NETGEAR devices are affected by lack of access control at the function level. This affects D6220 before 1.0.0.48, D6400 before 1.0.0.82, D7000v2 before 1.0.0.52, D7800 before 1.0.1.44, D8500 before 1.0.3.43, DC112A before 1.0.0.40, DGN2200v4 before 1.0.0.108, RBK50 before 2.3.0.32, RBR50 before 2.3.0.32, RBS50 before 2.3.0.32, RBK20 before 2.3.0.28, RBR20 before 2.3.0.28, RBS20 before 2.3.0.28, RBK40 before 2.3.0.28, RBR40 before 2.3.0.28, RBS40 before 2.3.0.28, R6020 before 1.0.0.34, R6…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:HExploitability: 3.9 | Impact: 6.0

Affected Packages59 packages

▶NVDnetgear/r7000p_firmware< 1.3.1.44

▶NVDnetgear/r7900p_firmware< 1.4.1.30

▶NVDnetgear/r8000p_firmware< 1.4.1.30

▶NVDnetgear/d6220_firmware< 1.0.0.48

▶NVDnetgear/d6400_firmware< 1.0.0.82

🔴Vulnerability Details

GHSA

GHSA-73gm-85xf-8699: Certain NETGEAR devices are affected by lack of access control at the function level↗2022-05-24

▶

CVEList

CVE-2021-38516: Certain NETGEAR devices are affected by lack of access control at the function level↗2021-08-11

▶