CVE-2021-45638

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects D6220 before 1.0.0.68, D6400 before 1.0.0.102, D7000v2 before 1.0.0.74, D8500 before 1.0.3.60, DC112A before 1.0.0.56, R6300v2 before 1.0.4.50, R6400 before 1.0.1.68, R7000 before 1.0.11.116, R7100LG before 1.0.0.70, RBS40V before 2.6.2.8, RBW30 before 2.6.2.2, RS400 before 1.5.1.80, R7000P before 1.3.2.132, and R6900P before 1.3.2.132.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:netgear:d6220_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:d6220:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:netgear:d6400_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:d6400:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:netgear:d7000v2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:d7000v2:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:netgear:d8500_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:d8500:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:netgear:dc112a_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:dc112a:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:netgear:r6300v2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:r6300v2:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:netgear:r6400_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:r6400:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:netgear:r7000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:r7000:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:netgear:r7100lg_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:r7100lg:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:netgear:r7000p_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:r7000p:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
cpe:2.3:o:netgear:rbs40v_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:rbs40v:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND
cpe:2.3:o:netgear:rbw30_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:rbw30:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND
cpe:2.3:o:netgear:rs400_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:rs400:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND
cpe:2.3:o:netgear:r6900p_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:r6900p:-:*:*:*:*:*:*:*

History

10 Jan 2022, 20:17

Type Values Removed Values Added
First Time Netgear r6400 Firmware
Netgear d6400
Netgear dc112a
Netgear r6900p Firmware
Netgear r6900p
Netgear r7000p Firmware
Netgear rbw30 Firmware
Netgear d6220
Netgear d8500 Firmware
Netgear
Netgear r7000
Netgear d7000v2
Netgear rs400 Firmware
Netgear r7100lg
Netgear d8500
Netgear r6300v2 Firmware
Netgear dc112a Firmware
Netgear d6220 Firmware
Netgear rs400
Netgear r6300v2
Netgear r7100lg Firmware
Netgear rbw30
Netgear d7000v2 Firmware
Netgear r6400
Netgear rbs40v Firmware
Netgear r7000 Firmware
Netgear r7000p
Netgear rbs40v
Netgear d6400 Firmware
References (MISC) https://kb.netgear.com/000064496/Security-Advisory-for-Pre-Authentication-Stack-Overflow-on-Some-Routers-PSV-2020-0464 - (MISC) https://kb.netgear.com/000064496/Security-Advisory-for-Pre-Authentication-Stack-Overflow-on-Some-Routers-PSV-2020-0464 - Patch, Vendor Advisory
CPE cpe:2.3:h:netgear:r6900p:-:*:*:*:*:*:*:*
cpe:2.3:o:netgear:d7000v2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:netgear:d6400_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:netgear:r6900p_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:d8500:-:*:*:*:*:*:*:*
cpe:2.3:h:netgear:dc112a:-:*:*:*:*:*:*:*
cpe:2.3:o:netgear:r7000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:netgear:d8500_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:rs400:-:*:*:*:*:*:*:*
cpe:2.3:o:netgear:d6220_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:netgear:r7000p_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:netgear:dc112a_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:netgear:rbs40v_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:rbs40v:-:*:*:*:*:*:*:*
cpe:2.3:o:netgear:rbw30_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:netgear:r7100lg_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:r6400:-:*:*:*:*:*:*:*
cpe:2.3:o:netgear:r6400_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:netgear:r6300v2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:d7000v2:-:*:*:*:*:*:*:*
cpe:2.3:h:netgear:r7100lg:-:*:*:*:*:*:*:*
cpe:2.3:o:netgear:rs400_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:r6300v2:-:*:*:*:*:*:*:*
cpe:2.3:h:netgear:rbw30:-:*:*:*:*:*:*:*
cpe:2.3:h:netgear:d6220:-:*:*:*:*:*:*:*
cpe:2.3:h:netgear:d6400:-:*:*:*:*:*:*:*
cpe:2.3:h:netgear:r7000p:-:*:*:*:*:*:*:*
cpe:2.3:h:netgear:r7000:-:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : 7.5
v3 : 9.8
CWE CWE-787

26 Dec 2021, 01:15

Type Values Removed Values Added
New CVE

Information

Published : 2021-12-26 01:15

Updated : 2023-12-10 14:09


NVD link : CVE-2021-45638

Mitre link : CVE-2021-45638

CVE.ORG link : CVE-2021-45638


JSON object : View

Products Affected

netgear

  • d8500_firmware
  • r6300v2
  • d6400_firmware
  • r6900p_firmware
  • d6220_firmware
  • dc112a_firmware
  • d8500
  • r7000p_firmware
  • d6400
  • r7000p
  • rbs40v_firmware
  • r6900p
  • d6220
  • rbs40v
  • r6400_firmware
  • rbw30_firmware
  • d7000v2_firmware
  • d7000v2
  • rs400
  • dc112a
  • rbw30
  • r6300v2_firmware
  • r7000_firmware
  • rs400_firmware
  • r7000
  • r6400
  • r7100lg
  • r7100lg_firmware
CWE
CWE-787

Out-of-bounds Write