PT-2021-6236 · NetGear · Netgear R7450+7

Published

2021-09-25

·

Updated

2022-01-07

·

CVE-2021-45637

CVSS v2.0

10

Critical

VectorAV:N/AC:L/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions NETGEAR R6260 versions prior to 1.1.0.76 NETGEAR R6800 versions prior to 1.2.0.62 NETGEAR R6700v2 versions prior to 1.2.0.62 NETGEAR R6900v2 versions prior to 1.2.0.62 NETGEAR R7450 versions prior to 1.2.0.62 NETGEAR AC2100 versions prior to 1.2.0.62 NETGEAR AC2400 versions prior to 1.2.0.62 NETGEAR AC2600 versions prior to 1.2.0.62
Description The issue is caused by a stack-based buffer overflow. This can be exploited by an unauthenticated attacker, allowing them to impact the confidentiality, integrity, and availability of protected information.
Recommendations For R6260 version prior to 1.1.0.76, update to version 1.1.0.76 or later. For R6800 version prior to 1.2.0.62, update to version 1.2.0.62 or later. For R6700v2 version prior to 1.2.0.62, update to version 1.2.0.62 or later. For R6900v2 version prior to 1.2.0.62, update to version 1.2.0.62 or later. For R7450 version prior to 1.2.0.62, update to version 1.2.0.62 or later. For AC2100 version prior to 1.2.0.62, update to version 1.2.0.62 or later. For AC2400 version prior to 1.2.0.62, update to version 1.2.0.62 or later. For AC2600 version prior to 1.2.0.62, update to version 1.2.0.62 or later.

Fix

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

BDU:2022-01161
CVE-2021-45637

Affected Products

Netgear Ac2100
Netgear Ac2400
Netgear Ac2600
Netgear R6260
Netgear R6700V2
Netgear R6800
Netgear R6900V2
Netgear R7450