⚠ Exploited in the wild
Exploitation observed in the wild. Not yet on CISA KEV.

CVE-2021-45511Improper Authentication in Netgear Ac2100 Firmware

CWE-287Improper Authentication4 documents4 sources
Severity
9.8CRITICALNVD
CNA6.8VulnCheck6.8
EPSS
48.0%
top 2.27%
CISA KEV
Not in KEV
Exploit
Exploited in wild
Active exploitation observed
Affected products
17
Netgear Ac2100 FirmwareNetgear Ac2400 FirmwareNetgear Ac2600 Firmware+14 more
Timeline
PublishedDec 26
Latest updateDec 27

Description

Certain NETGEAR devices are affected by authentication bypass. This affects AC2100 before 2021-08-27, AC2400 before 2021-08-27, AC2600 before 2021-08-27, D7000 before 2021-08-27, R6220 before 2021-08-27, R6230 before 2021-08-27, R6260 before 2021-08-27, R6330 before 2021-08-27, R6350 before 2021-08-27, R6700v2 before 2021-08-27, R6800 before 2021-08-27, R6850 before 2021-08-27, R6900v2 before 2021-08-27, R7200 before 2021-08-27, R7350 before 2021-08-27, R7400 before 2021-08-27, and R7450 before

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages17 packages

NVDnetgear/d7000_firmware< 1.0.1.80
NVDnetgear/r6220_firmware< 1.1.0.110
NVDnetgear/r6230_firmware< 1.1.0.110
NVDnetgear/r6260_firmware< 1.1.0.84
NVDnetgear/r6330_firmware< 1.1.0.84

Patches

Patch: kb.netgear.comPatch: kb.netgear.com

🔴Vulnerability Details

3
GHSA
GHSA-wr8v-6jgr-244v: Certain NETGEAR devices are affected by authentication bypass2021-12-27
CVEList
CVE-2021-45511: Certain NETGEAR devices are affected by authentication bypass2021-12-26
VulnCheck
Netgear D7000 and Other Routers Authentication Bypass Vulnerability2021
CVE-2021-45511 — Improper Authentication in Netgear | cvebase