CVE-2021-45611

CWE-120 — Classic Buffer Overflow3 documents3 sources

Severity

9.8CRITICAL

EPSS

0.3%

top 43.10%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Netgear Dc112a Firmware Netgear R6400 Firmware Netgear R8300 Firmware +6 more

Timeline

PublishedDec 26

Latest updateDec 27

Description

Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects DC112A before 1.0.0.52, R6400 before 1.0.1.68, RAX200 before 1.0.3.106, WNDR3400v3 before 1.0.1.38, XR300 before 1.0.3.68, R8500 before 1.0.2.144, RAX75 before 1.0.3.106, R8300 before 1.0.2.144, and RAX80 before 1.0.3.106.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:HExploitability: 2.8 | Impact: 6.0

Affected Packages9 packages

▶NVDnetgear/r6400_firmware< 1.0.1.68

▶NVDnetgear/r8300_firmware< 1.0.2.144

▶NVDnetgear/r8500_firmware< 1.0.2.144

▶NVDnetgear/rax75_firmware< 1.0.3.106

▶NVDnetgear/rax80_firmware< 1.0.3.106

Patches

Patch: kb.netgear.com ↗Patch: kb.netgear.com ↗

🔴Vulnerability Details

GHSA

GHSA-5m6r-6p2x-4hr9: Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker↗2021-12-27

▶

CVEList

CVE-2021-45611: Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker↗2021-12-26

▶