CVE-2021-45530Classic Buffer Overflow in Netgear R7000 Firmware

CWE-120Classic Buffer Overflow3 documents3 sources
Severity
8.8HIGHNVD
CNA4.5
EPSS
0.5%
top 32.08%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
12
Netgear R7000 FirmwareNetgear R7000p FirmwareNetgear R7960p Firmware+9 more
Timeline
PublishedDec 26
Latest updateDec 27

Description

Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. This affects R7000 before 1.0.11.126, R7960P before 1.4.2.84, R8000 before 1.0.4.74, RAX200 before 1.0.4.120, R8000P before 1.4.2.84, RAX20 before 1.0.2.82, RAX45 before 1.0.2.82, RAX80 before 1.0.4.120, R7900P before 1.4.2.84, RAX15 before 1.0.2.82, RAX50 before 1.0.2.82, and RAX75 before 1.0.4.120.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages12 packages

NVDnetgear/r8000p_firmware< 1.4.2.84
NVDnetgear/rax200_firmware< 1.0.4.120
NVDnetgear/r7000_firmware< 1.0.11.126
NVDnetgear/r8000_firmware< 1.0.4.74
NVDnetgear/rax15_firmware< 1.0.2.82

Patches

Patch: kb.netgear.comPatch: kb.netgear.com

🔴Vulnerability Details

2
GHSA
GHSA-c22f-2mc2-g4mc: Certain NETGEAR devices are affected by a buffer overflow by an authenticated user2021-12-27
CVEList
CVE-2021-45530: Certain NETGEAR devices are affected by a buffer overflow by an authenticated user2021-12-26
CVE-2021-45530 — Classic Buffer Overflow in Netgear | cvebase