PT-2021-5851 · NetGear · Ex6120+20

Published

2021-09-26

·

Updated

2023-08-08

·

CVE-2021-45512

CVSS v3.1

9.8

Critical

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions NETGEAR D7000v2 versions prior to 1.0.0.62 NETGEAR D8500 versions prior to 1.0.3.50 NETGEAR EX3700 versions prior to 1.0.0.84 NETGEAR EX3800 versions prior to 1.0.0.84 NETGEAR EX6120 versions prior to 1.0.0.54 NETGEAR EX6130 versions prior to 1.0.0.36 NETGEAR EX7000 versions prior to 1.0.1.90 NETGEAR R6250 versions prior to 1.0.4.42 NETGEAR R6400v2 versions prior to 1.0.4.98 NETGEAR R6700v3 versions prior to 1.0.4.98 NETGEAR R6900P versions prior to 1.3.2.124 NETGEAR R7000 versions prior to 1.0.11.106 NETGEAR R7000P versions prior to 1.3.2.124 NETGEAR R7100LG versions prior to 1.0.0.56 NETGEAR R7900 versions prior to 1.0.4.26 NETGEAR R8000 versions prior to 1.0.4.58 NETGEAR R8300 versions prior to 1.0.2.134 NETGEAR R8500 versions prior to 1.0.2.134 NETGEAR RS400 versions prior to 1.5.0.48 NETGEAR WNR3500Lv2 versions prior to 1.2.0.62 NETGEAR XR300 versions prior to 1.0.3.50
Description The issue is related to weak cryptography in certain NETGEAR devices, which can allow a remote attacker to gain unauthorized access to protected information due to errors in traffic decryption.
Recommendations Update D7000v2 to version 1.0.0.62 or later Update D8500 to version 1.0.3.50 or later Update EX3700 to version 1.0.0.84 or later Update EX3800 to version 1.0.0.84 or later Update EX6120 to version 1.0.0.54 or later Update EX6130 to version 1.0.0.36 or later Update EX7000 to version 1.0.1.90 or later Update R6250 to version 1.0.4.42 or later Update R6400v2 to version 1.0.4.98 or later Update R6700v3 to version 1.0.4.98 or later Update R6900P to version 1.3.2.124 or later Update R7000 to version 1.0.11.106 or later Update R7000P to version 1.3.2.124 or later Update R7100LG to version 1.0.0.56 or later Update R7900 to version 1.0.4.26 or later Update R8000 to version 1.0.4.58 or later Update R8300 to version 1.0.2.134 or later Update R8500 to version 1.0.2.134 or later Update RS400 to version 1.5.0.48 or later Update WNR3500Lv2 to version 1.2.0.62 or later Update XR300 to version 1.0.3.50 or later

Fix

Use of a Broken Cryptographic Algorithm

Inadequate Encryption Strength

Weakness Enumeration

CWE-327CWE-326

Related Identifiers

BDU:2022-00366
CVE-2021-45512

Affected Products

D7000V2
D8500
Ex3700
Ex3800
Ex6120
Ex6130
Ex7000
R6250
R6400V2
R6700V3
R6900P
R7000
R7000P
R7100Lg
R7900
R8000
R8300
R8500
Rs400
Wnr3500Lv2
Xr300