CVE-2021-45603

CWE-200 — Information Exposure3 documents3 sources

Severity

5.5MEDIUM

EPSS

0.0%

top 88.28%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Netgear D7800 Firmware Netgear Ex2700 Firmware Netgear Lbr1020 Firmware +15 more

Timeline

PublishedDec 26

Latest updateDec 27

Description

Certain NETGEAR devices are affected by disclosure of sensitive information. A UPnP request reveals a device's serial number, which can be used for a password reset. This affects D7800 before 1.0.1.66, EX2700 before 1.0.1.68, WN3000RPv2 before 1.0.0.90, WN3000RPv3 before 1.0.2.100, LBR1020 before 2.6.5.20, LBR20 before 2.6.5.32, R6700AX before 1.0.10.110, R7800 before 1.0.2.86, R8900 before 1.0.5.38, R9000 before 1.0.5.38, RAX10 before 1.0.10.110, RAX120v1 before 1.2.3.28, RAX120v2 before 1.2.3.…

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:LExploitability: 1.8 | Impact: 4.2

Affected Packages18 packages

▶NVDnetgear/d7800_firmware< 1.0.1.66

▶NVDnetgear/lbr20_firmware< 2.6.5.32

▶NVDnetgear/r7800_firmware< 1.0.2.86

▶NVDnetgear/r8900_firmware< 1.0.5.38

▶NVDnetgear/r9000_firmware< 1.0.5.38

Patches

Patch: kb.netgear.com ↗Patch: kb.netgear.com ↗

🔴Vulnerability Details

GHSA

GHSA-qx9q-hrrj-rj5g: Certain NETGEAR devices are affected by disclosure of sensitive information↗2021-12-27

▶

CVEList

CVE-2021-45603: Certain NETGEAR devices are affected by disclosure of sensitive information↗2021-12-26

▶