PT-2021-5914 · NetGear · Netgear R7000+8

Published

2021-12-21

Updated

2022-01-07

CVE-2021-45609

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions NETGEAR D8500 versions prior to 1.0.3.58 NETGEAR R6250 versions prior to 1.0.4.48 NETGEAR R7000 versions prior to 1.0.11.116 NETGEAR R7100LG versions prior to 1.0.0.64 NETGEAR R7900 versions prior to 1.0.4.38 NETGEAR R8300 versions prior to 1.0.2.144 NETGEAR R8500 versions prior to 1.0.2.144 NETGEAR XR300 versions prior to 1.0.3.68 NETGEAR R7000P versions prior to 1.3.2.132 NETGEAR R6900P versions prior to 1.3.2.132

Description The issue is related to a buffer overflow due to the lack of input size validation. This can be exploited by a remote attacker to execute arbitrary code or cause a denial of service.

Recommendations For NETGEAR D8500, update to version 1.0.3.58 or later. For NETGEAR R6250, update to version 1.0.4.48 or later. For NETGEAR R7000, update to version 1.0.11.116 or later. For NETGEAR R7100LG, update to version 1.0.0.64 or later. For NETGEAR R7900, update to version 1.0.4.38 or later. For NETGEAR R8300, update to version 1.0.2.144 or later. For NETGEAR R8500, update to version 1.0.2.144 or later. For NETGEAR XR300, update to version 1.0.3.68 or later. For NETGEAR R7000P, update to version 1.3.2.132 or later. For NETGEAR R6900P, update to version 1.3.2.132 or later.

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-120

Related Identifiers

BDU:2022-00429

CVE-2021-45609

Affected Products

Netgear R8500

Netgear R6250

Netgear R6900P

Netgear R7000

Netgear R7000P

Netgear R7100Lg

Netgear R7900

Netgear R8300

Netgear Xr300

PT-2021-5914 · NetGear · Netgear R7000+8

CVE-2021-45609

Weakness Enumeration

Related Identifiers

Affected Products

References · 5