PT-2021-5725 · NetGear · Netgear Rbk352+1
Published
2021-09-26
·
Updated
2023-08-08
·
CVE-2021-45494
CVSS v3.1
8.4
High
| Vector | AC:L/AV:A/A:H/C:H/I:H/PR:H/S:C/UI:N |
Name of the Vulnerable Software and Affected Versions
NETGEAR RBK352 versions prior to 4.4.0.10
NETGEAR RBR350 versions prior to 4.4.0.10
NETGEAR RBS350 versions prior to 4.4.0.10
Description
The issue allows an attacker to read arbitrary files, potentially leading to unauthorized access to protected information. This is related to the disclosure of a resource to an erroneous area, which can be exploited by a remote attacker.
Recommendations
For NETGEAR RBK352 versions prior to 4.4.0.10, update to version 4.4.0.10 or later.
For NETGEAR RBR350 versions prior to 4.4.0.10, update to version 4.4.0.10 or later.
For NETGEAR RBS350 versions prior to 4.4.0.10, update to version 4.4.0.10 or later.
Fix
Exposure of Resource to Wrong Sphere
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Netgear Rbk352
Netgear Rbr350