PT-2021-5912 · NetGear · Netgear R7450+15

Published

2021-09-26

·

Updated

2022-01-10

·

CVE-2021-45644

CVSS v3.1

9.8

Critical

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions NETGEAR AC2100 versions prior to 1.2.0.88 NETGEAR AC2400 versions prior to 1.2.0.88 NETGEAR AC2600 versions prior to 1.2.0.88 NETGEAR R6220 versions prior to 1.1.0.110 NETGEAR R6230 versions prior to 1.1.0.110 NETGEAR R6260 versions prior to 1.1.0.84 NETGEAR R6330 versions prior to 1.1.0.84 NETGEAR R6350 versions prior to 1.1.0.84 NETGEAR R6700v2 versions prior to 1.2.0.88 NETGEAR R6800 versions prior to 1.2.0.88 NETGEAR R6850 versions prior to 1.1.0.84 NETGEAR R6900v2 versions prior to 1.2.0.88 NETGEAR R7200 versions prior to 1.2.0.88 NETGEAR R7350 versions prior to 1.2.0.88 NETGEAR R7400 versions prior to 1.2.0.88 NETGEAR R7450 versions prior to 1.2.0.88
Description The issue is related to the incorrect configuration of security settings in certain NETGEAR devices, which may allow a remote attacker to cause a denial of service or execute arbitrary code due to insufficient protection of service data.
Recommendations For NETGEAR AC2100 versions prior to 1.2.0.88, update to version 1.2.0.88 or later. For NETGEAR AC2400 versions prior to 1.2.0.88, update to version 1.2.0.88 or later. For NETGEAR AC2600 versions prior to 1.2.0.88, update to version 1.2.0.88 or later. For NETGEAR R6220 versions prior to 1.1.0.110, update to version 1.1.0.110 or later. For NETGEAR R6230 versions prior to 1.1.0.110, update to version 1.1.0.110 or later. For NETGEAR R6260 versions prior to 1.1.0.84, update to version 1.1.0.84 or later. For NETGEAR R6330 versions prior to 1.1.0.84, update to version 1.1.0.84 or later. For NETGEAR R6350 versions prior to 1.1.0.84, update to version 1.1.0.84 or later. For NETGEAR R6700v2 versions prior to 1.2.0.88, update to version 1.2.0.88 or later. For NETGEAR R6800 versions prior to 1.2.0.88, update to version 1.2.0.88 or later. For NETGEAR R6850 versions prior to 1.1.0.84, update to version 1.1.0.84 or later. For NETGEAR R6900v2 versions prior to 1.2.0.88, update to version 1.2.0.88 or later. For NETGEAR R7200 versions prior to 1.2.0.88, update to version 1.2.0.88 or later. For NETGEAR R7350 versions prior to 1.2.0.88, update to version 1.2.0.88 or later. For NETGEAR R7400 versions prior to 1.2.0.88, update to version 1.2.0.88 or later. For NETGEAR R7450 versions prior to 1.2.0.88, update to version 1.2.0.88 or later.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

BDU:2022-00427
CVE-2021-45644

Affected Products

Netgear Ac2100
Netgear Ac2400
Netgear Ac2600
Netgear R6220
Netgear R6230
Netgear R6260
Netgear R6330
Netgear R6350
Netgear R6700V2
Netgear R6800
Netgear R6850
Netgear R6900V2
Netgear R7200
Netgear R7350
Netgear R7400
Netgear R7450