CVE-2021-45608
published 2021-12-26CVE-2021-45608: Certain D-Link, Edimax, NETGEAR, TP-Link, Tenda, and Western Digital devices are affected by an integer overflow by an unauthenticated attacker. Remote code…
critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
Certain D-Link, Edimax, NETGEAR, TP-Link, Tenda, and Western Digital devices are affected by an integer overflow by an unauthenticated attacker. Remote code execution from the WAN interface (TCP port 20005) cannot be ruled out; however, exploitability was judged to be of "rather significant complexity" but not "impossible." The overflow is in SoftwareBus_dispatchNormalEPMsgOut in the KCodes NetUSB kernel module. Affected NETGEAR devices are D7800 before 1.0.1.68, R6400v2 before 1.0.4.122, and R6700v3 before 1.0.4.122.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| netgear | d7800_firmware | < 1.0.1.68 | 1.0.1.68 |
| netgear | r6400v2_firmware | < 1.0.4.122 | 1.0.4.122 |
| netgear | r6700v3_firmware | < 1.0.4.122 | 1.0.4.122 |