CVE-2021-45603

{"id": "CVE-2021-45603", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.8}, {"type": "Secondary", "source": "cve@mitre.org", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 4.2, "exploitabilityScore": 1.8}]}, "published": "2021-12-26T01:15:17.853", "references": [{"url": "https://immersivelabs.com/resources/blog/netgear-vulnerabilities-could-put-small-business-routers-at-risk/", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://kb.netgear.com/000064407/Security-Advisory-for-Post-Authentication-Command-Injection-Sensitive-Information-Disclosure-on-Multiple-Products-PSV-2021-0169-PSV-2021-0171", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "Certain NETGEAR devices are affected by disclosure of sensitive information. A UPnP request reveals a device's serial number, which can be used for a password reset. This affects D7800 before 1.0.1.66, EX2700 before 1.0.1.68, WN3000RPv2 before 1.0.0.90, WN3000RPv3 before 1.0.2.100, LBR1020 before 2.6.5.20, LBR20 before 2.6.5.32, R6700AX before 1.0.10.110, R7800 before 1.0.2.86, R8900 before 1.0.5.38, R9000 before 1.0.5.38, RAX10 before 1.0.10.110, RAX120v1 before 1.2.3.28, RAX120v2 before 1.2.3.28, RAX70 before 1.0.10.110, RAX78 before 1.0.10.110, XR450 before 2.3.2.130, XR500 before 2.3.2.130, and XR700 before 1.0.1.46."}, {"lang": "es", "value": "Determinados dispositivos NETGEAR est\u00e1n afectados por una divulgaci\u00f3n de informaci\u00f3n confidencial. Una petici\u00f3n UPnP revela el n\u00famero de serie de un dispositivo, que puede ser usado para restablecer la contrase\u00f1a. Esto afecta a D7800 versiones anteriores a 1.0.1.66, a EX2700 versiones anteriores a 1.0.1.68, al WN3000RPv2 versiones anteriores a 1.0.0.90, al WN3000RPv3 versiones anteriores a 1.0.2.100, a LBR1020 versiones anteriores a 2.6.5.20, a LBR20 versiones anteriores a 2.6.5.32, a R6700AX versiones anteriores a 1.0.10.110, a R7800 versiones anteriores a 1.0.2.86, a R8900 versiones anteriores a 1. 0.5.38, R9000 versiones anteriores a 1.0.5.38, RAX10 versiones anteriores a 1.0.10.110, RAX120v1 versiones anteriores a 1.2.3.28, RAX120v2 versiones anteriores a 1.2.3.28, RAX70 versiones anteriores a 1.0.10.110, RAX78 versiones anteriores a 1.0.10.110, XR450 versiones anteriores a 2.3.2.130, XR500 versiones anteriores a 2.3.2.130 y XR700 versiones anteriores a 1.0.1.46"}], "lastModified": "2022-01-06T18:54:44.427", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netgear:d7800_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EBB7728E-4535-4A67-9F8F-3CD4FE29C4A9", "versionEndExcluding": "1.0.1.66"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netgear:d7800:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "DA2D4987-3726-4A72-8D32-592F59FAC46D"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netgear:ex2700_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "110B4669-7AA6-4444-BFEF-9F7DF5C40D0B", "versionEndExcluding": "1.0.1.68"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netgear:ex2700:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "5341B659-DE7D-43F1-954D-82049CBE18AD"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netgear:wn3000rpv2_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A7305D0F-6995-411B-BDF6-106102C717AB", "versionEndExcluding": "1.0.0.90"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netgear:wn3000rpv2:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "50BC8FA2-F9D5-4286-97DD-BD2A55EA234D"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netgear:wn3000rpv3_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "28C0758E-2793-4342-AEA0-DA7F49C4A38E", "versionEndExcluding": "1.0.2.100"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netgear:wn3000rpv3:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "958243A2-6829-464F-80EA-7DD5B6F0DD7A"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netgear:lbr1020_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "05E6F6DD-5CC6-426B-92F5-34B9A8525810", "versionEndExcluding": "2.6.5.20"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netgear:lbr1020:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "953F0743-4B34-4CE9-815E-D87253720CBE"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netgear:lbr20_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8AAD88A5-E90E-4A96-BE01-DF14ADC44881", "versionEndExcluding": "2.6.5.32"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netgear:lbr20:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "863E45EA-2DA0-4C9A-9B87-79E42B3FF97C"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netgear:r6700ax_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C65624DD-9DDF-4167-89D9-8629587082A6", "versionEndExcluding": "1.0.10.110"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netgear:r6700ax:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F9B37178-0C67-4EF0-A9B8-5BB5B9DBFB8F"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netgear:r7800_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "76FAB8C7-79BA-4592-AF47-198D3EE48DCF", "versionEndExcluding": "1.0.2.86"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netgear:r7800:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "17CF7445-6950-45FE-9D1A-E23F63316329"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netgear:r8900_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "13593203-FB80-4BDA-96CC-AAE5C33E560A", "versionEndExcluding": "1.0.5.38"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netgear:r8900:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "0F859165-8D89-4CDD-9D48-9C7923D2261F"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netgear:r9000_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4D90EEE2-4D7C-46ED-9DF4-C232F30D97ED", "versionEndExcluding": "1.0.5.38"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netgear:r9000:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "D74F1BFC-562E-4E7D-BBAB-2F8B593B5A57"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netgear:rax10_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FB930C5E-4232-4212-AFEB-A4D0904F2B22", "versionEndExcluding": "1.0.10.110"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netgear:rax10:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "1742F1BB-3D78-4E5E-9479-6614A56B4700"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netgear:rax120v1_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E370208B-8A35-4F76-8C79-BD5F1ABECA4D", "versionEndExcluding": "1.2.3.28"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netgear:rax120v1:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "774148F4-42EA-4F2A-98AB-1511DAB5774A"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netgear:rax120v2_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "91CED146-E9DC-4F73-A2CF-A6D78F29D0F7", "versionEndExcluding": "1.2.3.28"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netgear:rax120v2:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "50D741E6-43F9-4BDC-B1A4-281AC73A7C19"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netgear:rax70_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EE615E08-904D-4DD5-835F-CE48B6D87650", "versionEndExcluding": "1.0.10.110"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netgear:rax70:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "AE1314C3-4950-4F5A-9900-789710CE7F98"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netgear:rax78_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A4940E3E-2320-4B73-B5DB-DDB7BE410EF0", "versionEndExcluding": "1.0.10.110"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netgear:rax78:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "EABDFEEF-228C-429E-9B80-B6A0CA7D5AA9"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netgear:xr450_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1EC1DFC6-B5A7-486B-BD50-BB79B3FF368A", "versionEndExcluding": "2.3.2.130"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netgear:xr450:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "66B9CE4D-D1EC-4F55-8226-D159CF5F3AB6"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netgear:xr500_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E50B1D80-6C4A-488D-8CAC-638DFFE23E6F", "versionEndExcluding": "2.3.2.130"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netgear:xr500:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "9E203D92-F97B-4F5B-B395-3A5DEDBF1C1C"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netgear:xr700_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E3539C94-0B31-48FC-A432-3DC3E4E0CBBC", "versionEndExcluding": "1.0.1.46"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netgear:xr700:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E12892C8-5E01-49A6-BF47-09D630377093"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}