PT-2021-5931 · NetGear · Netgear R7000+6

Published

2021-09-25

·

Updated

2022-01-05

·

CVE-2021-45516

CVSS v3.1

6.9

Medium

VectorAC:L/AV:A/A:H/C:N/I:L/PR:H/S:C/UI:N
Name of the Vulnerable Software and Affected Versions NETGEAR R6400 versions prior to 1.0.1.70 NETGEAR R7000 versions prior to 1.0.11.126 NETGEAR R6900P versions prior to 1.3.3.140 NETGEAR R7000P versions prior to 1.3.3.140 NETGEAR R8000 versions prior to 1.0.4.74 NETGEAR RBK852 versions prior to 3.2.10.11 NETGEAR RBR850 versions prior to 3.2.10.11 NETGEAR RBS850 versions prior to 3.2.10.11
Description The issue is related to a denial of service that affects certain NETGEAR devices. It is caused by incorrect resource release, which can be exploited by a remote attacker to cause a denial of service.
Recommendations For NETGEAR R6400 version prior to 1.0.1.70, update to version 1.0.1.70 or later. For NETGEAR R7000 version prior to 1.0.11.126, update to version 1.0.11.126 or later. For NETGEAR R6900P version prior to 1.3.3.140, update to version 1.3.3.140 or later. For NETGEAR R7000P version prior to 1.3.3.140, update to version 1.3.3.140 or later. For NETGEAR R8000 version prior to 1.0.4.74, update to version 1.0.4.74 or later. For NETGEAR RBK852 version prior to 3.2.10.11, update to version 3.2.10.11 or later. For NETGEAR RBR850 version prior to 3.2.10.11, update to version 3.2.10.11 or later. For NETGEAR RBS850 version prior to 3.2.10.11, update to version 3.2.10.11 or later.

Fix

Improper Resource Release

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-404

Related Identifiers

BDU:2022-00446
CVE-2021-45516

Affected Products

Netgear R6400
Netgear R6900P
Netgear R7000
Netgear R7000P
Netgear R8000
Netgear Rbk852
Netgear Rbr850