CVE-2021-45512Use of a Broken or Risky Cryptographic Algorithm in Netgear D7000 Firmware

CWE-327Use of a Broken or Risky Cryptographic AlgorithmCWE-326Inadequate Encryption Strength3 documents3 sources
Severity
9.8CRITICALNVD
CNA8.6
EPSS
0.2%
top 63.45%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
21
Netgear D7000 FirmwareNetgear D8500 FirmwareNetgear Ex3700 Firmware+18 more
Timeline
PublishedDec 26
Latest updateDec 27

Description

Certain NETGEAR devices are affected by weak cryptography. This affects D7000v2 before 1.0.0.62, D8500 before 1.0.3.50, EX3700 before 1.0.0.84, EX3800 before 1.0.0.84, EX6120 before 1.0.0.54, EX6130 before 1.0.0.36, EX7000 before 1.0.1.90, R6250 before 1.0.4.42, R6400v2 before 1.0.4.98, R6700v3 before 1.0.4.98, R6900P before 1.3.2.124, R7000 before 1.0.11.106, R7000P before 1.3.2.124, R7100LG before 1.0.0.56, R7900 before 1.0.4.26, R8000 before 1.0.4.58, R8300 before 1.0.2.134, R8500 before 1.0.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages21 packages

NVDnetgear/r7000p_firmware< 1.3.2.124
NVDnetgear/d8500_firmware< 1.0.3.50
NVDnetgear/r6250_firmware< 1.0.4.42
NVDnetgear/r7000_firmware< 1.0.11.106
NVDnetgear/r7900_firmware< 1.0.4.26

🔴Vulnerability Details

2
GHSA
GHSA-59h7-2c4x-36qm: Certain NETGEAR devices are affected by weak cryptography2021-12-27
CVEList
CVE-2021-45512: Certain NETGEAR devices are affected by weak cryptography2021-12-26
CVE-2021-45512 — Netgear D7000 Firmware vulnerability | cvebase