CVE-2021-45603

Name of the Vulnerable Software and Affected Versions NETGEAR D7800 versions prior to 1.0.1.66 NETGEAR EX2700 versions prior to 1.0.1.68 NETGEAR WN3000RPv2 versions prior to 1.0.0.90 NETGEAR WN3000RPv3 versions prior to 1.0.2.100 NETGEAR LBR1020 versions prior to 2.6.5.20 NETGEAR LBR20 versions prior to 2.6.5.32 NETGEAR R6700AX versions prior to 1.0.10.110 NETGEAR R7800 versions prior to 1.0.2.86 NETGEAR R8900 versions prior to 1.0.5.38 NETGEAR R9000 versions prior to 1.0.5.38 NETGEAR RAX10 versions prior to 1.0.10.110 NETGEAR RAX120v1 versions prior to 1.2.3.28 NETGEAR RAX120v2 versions prior to 1.2.3.28 NETGEAR RAX70 versions prior to 1.0.10.110 NETGEAR RAX78 versions prior to 1.0.10.110 NETGEAR XR450 versions prior to 2.3.2.130 NETGEAR XR500 versions prior to 2.3.2.130 NETGEAR XR700 versions prior to 1.0.1.46

Description The issue is related to the disclosure of sensitive information in certain NETGEAR devices. A UPnP request can reveal a device's serial number, which can then be used for a password reset. This is due to insufficient protection of service data, allowing an attacker to gain unauthorized access to protected information or execute arbitrary commands.

Recommendations For NETGEAR D7800 version prior to 1.0.1.66, update to version 1.0.1.66 or later. For NETGEAR EX2700 version prior to 1.0.1.68, update to version 1.0.1.68 or later. For NETGEAR WN3000RPv2 version prior to 1.0.0.90, update to version 1.0.0.90 or later. For NETGEAR WN3000RPv3 version prior to 1.0.2.100, update to version 1.0.2.100 or later. For NETGEAR LBR1020 version prior to 2.6.5.20, update to version 2.6.5.20 or later. For NETGEAR LBR20 version prior to 2.6.5.32, update to version 2.6.5.32 or later. For NETGEAR R6700AX version prior to 1.0.10.110, update to version 1.0.10.110 or later. For NETGEAR R7800 version prior to 1.0.2.86, update to version 1.0.2.86 or later. For NETGEAR R8900 version prior to 1.0.5.38, update to version 1.0.5.38 or later. For NETGEAR R9000 version prior to 1.0.5.38, update to version 1.0.5.38 or later. For NETGEAR RAX10 version prior to 1.0.10.110, update to version 1.0.10.110 or later. For NETGEAR RAX120v1 version prior to 1.2.3.28, update to version 1.2.3.28 or later. For NETGEAR RAX120v2 version prior to 1.2.3.28, update to version 1.2.3.28 or later. For NETGEAR RAX70 version prior to 1.0.10.110, update to version 1.0.10.110 or later. For NETGEAR RAX78 version prior to 1.0.10.110, update to version 1.0.10.110 or later. For NETGEAR XR450 version prior to 2.3.2.130, update to version 2.3.2.130 or later. For NETGEAR XR500 version prior to 2.3.2.130, update to version 2.3.2.130 or later. For NETGEAR XR700 version prior to 1.0.1.46, update to version 1.0.1.46 or later.