Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects DC112A before 1.0.0.52, R6400 before 1.0.1.68, RAX200 before 1.0.3.106, WNDR3400v3 before 1.0.1.38, XR300 before 1.0.3.68, R8500 before 1.0.2.144, RAX75 before 1.0.3.106, R8300 before 1.0.2.144, and RAX80 before 1.0.3.106.
References
Link | Resource |
---|---|
https://kb.netgear.com/000064488/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Routers-PSV-2020-0323 | Patch Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
AND |
|
Configuration 8 (hide)
AND |
|
Configuration 9 (hide)
AND |
|
History
07 Jan 2022, 21:18
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:netgear:rax75_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:netgear:wndr3400v3_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:netgear:xr300_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:netgear:wndr3400v3:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:dc112a:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:dc112a_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:netgear:rax80_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:netgear:rax75:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:r8300:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:r6400:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:r6400_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:netgear:rax200_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:netgear:rax80:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:r8300_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:netgear:xr300:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:r8500:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:r8500_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:netgear:rax200:-:*:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : 7.5
v3 : 9.8 |
CWE | CWE-120 | |
References | (MISC) https://kb.netgear.com/000064488/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Routers-PSV-2020-0323 - Patch, Vendor Advisory | |
First Time |
Netgear r8500
Netgear r6400 Firmware Netgear r8500 Firmware Netgear dc112a Netgear r8300 Firmware Netgear rax80 Netgear xr300 Netgear wndr3400v3 Firmware Netgear rax75 Netgear Netgear rax80 Firmware Netgear dc112a Firmware Netgear xr300 Firmware Netgear rax200 Firmware Netgear rax75 Firmware Netgear r6400 Netgear r8300 Netgear rax200 Netgear wndr3400v3 |
26 Dec 2021, 01:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-12-26 01:15
Updated : 2023-12-10 14:09
NVD link : CVE-2021-45611
Mitre link : CVE-2021-45611
CVE.ORG link : CVE-2021-45611
JSON object : View
Products Affected
netgear
- rax80_firmware
- r8500
- rax75_firmware
- rax80
- r8300_firmware
- r6400_firmware
- xr300
- r8500_firmware
- xr300_firmware
- rax75
- wndr3400v3
- wndr3400v3_firmware
- r8300
- r6400
- dc112a_firmware
- rax200_firmware
- rax200
- dc112a
CWE
CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')