CVE-2021-45604

CWE-787 — Out-of-bounds Write3 documents3 sources

Severity

4.5MEDIUM

EPSS

0.1%

top 75.71%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Netgear Cbr750 Firmware Netgear D6220 Firmware Netgear D6400 Firmware +35 more

Timeline

PublishedDec 26

Latest updateDec 27

Description

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects CBR750 before 3.2.18.2, D6220 before 1.0.0.68, D6400 before 1.0.0.102, D8500 before 1.0.3.60, LAX20 before 1.1.6.28, MK62 before 1.0.6.116, MR60 before 1.0.6.116, MS60 before 1.0.6.116, R6300v2 before 1.0.4.50, R6400 before 1.0.1.68, R6400v2 before 1.0.4.118, R6700v3 before 1.0.4.118, R6900P before 1.3.3.140, R7000 before 1.0.11.116, R7000P before 1.3.3.140, R7850 before 1.0.5.68, R7900 b…

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:HExploitability: 0.9 | Impact: 3.6

Affected Packages38 packages

▶NVDnetgear/r7000p_firmware< 1.3.3.140

▶NVDnetgear/r7900p_firmware< 1.4.2.84

▶NVDnetgear/r8000p_firmware< 1.4.2.84

▶NVDnetgear/rax200_firmware< 1.0.4.120

▶NVDnetgear/mk62_firmware< 1.0.6.116

Patches

Patch: kb.netgear.com ↗Patch: kb.netgear.com ↗

🔴Vulnerability Details

GHSA

GHSA-cxv8-ggg4-fhvm: Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user↗2021-12-27

▶

CVEList

CVE-2021-45604: Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user↗2021-12-26

▶