PT-2021-6251 · NetGear · Netgear Rbk352+15

Published

2021-12-21

·

Updated

2022-01-10

·

CVE-2021-45648

CVSS v2.0

7.8

High

VectorAV:N/AC:L/Au:N/C:C/I:N/A:N
Name of the Vulnerable Software and Affected Versions NETGEAR EX6100v2 versions 1.0.1.106 and earlier NETGEAR EX6150v2 versions 1.0.1.106 and earlier NETGEAR EX6250 versions 1.0.0.146 and earlier NETGEAR EX6400 versions 1.0.2.164 and earlier NETGEAR EX6400v2 versions 1.0.0.146 and earlier NETGEAR EX6410 versions 1.0.0.146 and earlier NETGEAR EX6420 versions 1.0.0.146 and earlier NETGEAR EX7300 versions 1.0.2.164 and earlier NETGEAR EX7300v2 versions 1.0.0.146 and earlier NETGEAR EX7320 versions 1.0.0.146 and earlier NETGEAR EX7700 versions 1.0.0.222 and earlier NETGEAR LBR1020 versions 2.6.5.16 and earlier NETGEAR LBR20 versions 2.6.5.2 and earlier NETGEAR RBK352 versions 4.3.4.7 and earlier NETGEAR RBK50 versions 2.7.3.22 and earlier NETGEAR RBR350 versions 4.3.4.7 and earlier NETGEAR RBR50 versions 2.7.3.22 and earlier NETGEAR RBS350 versions 4.3.4.7 and earlier
Description The issue is related to the disclosure of sensitive information in certain NETGEAR devices. This is due to a lack of protection for service data. Exploitation of the issue may allow a remote attacker to reveal protected information.
Recommendations For NETGEAR EX6100v2 versions 1.0.1.106 and earlier, update to version 1.0.1.106 or later. For NETGEAR EX6150v2 versions 1.0.1.106 and earlier, update to version 1.0.1.106 or later. For NETGEAR EX6250 versions 1.0.0.146 and earlier, update to version 1.0.0.146 or later. For NETGEAR EX6400 versions 1.0.2.164 and earlier, update to version 1.0.2.164 or later. For NETGEAR EX6400v2 versions 1.0.0.146 and earlier, update to version 1.0.0.146 or later. For NETGEAR EX6410 versions 1.0.0.146 and earlier, update to version 1.0.0.146 or later. For NETGEAR EX6420 versions 1.0.0.146 and earlier, update to version 1.0.0.146 or later. For NETGEAR EX7300 versions 1.0.2.164 and earlier, update to version 1.0.2.164 or later. For NETGEAR EX7300v2 versions 1.0.0.146 and earlier, update to version 1.0.0.146 or later. For NETGEAR EX7320 versions 1.0.0.146 and earlier, update to version 1.0.0.146 or later. For NETGEAR EX7700 versions 1.0.0.222 and earlier, update to version 1.0.0.222 or later. For NETGEAR LBR1020 versions 2.6.5.16 and earlier, update to version 2.6.5.16 or later. For NETGEAR LBR20 versions 2.6.5.2 and earlier, update to version 2.6.5.2 or later. For NETGEAR RBK352 versions 4.3.4.7 and earlier, update to version 4.3.4.7 or later. For NETGEAR RBK50 versions 2.7.3.22 and earlier, update to version 2.7.3.22 or later. For NETGEAR RBR350 versions 4.3.4.7 and earlier, update to version 4.3.4.7 or later. For NETGEAR RBR50 versions 2.7.3.22 and earlier, update to version 2.7.3.22 or later. For NETGEAR RBS350 versions 4.3.4.7 and earlier, update to version 4.3.4.7 or later.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

BDU:2022-01189
CVE-2021-45648

Affected Products

Netgear Ex6100V2
Netgear Ex6150V2
Netgear Ex6250
Netgear Ex6400
Netgear Ex6400V2
Netgear Ex6410
Netgear Ex6420
Netgear Ex7300
Netgear Ex7300V2
Netgear Ex7320
Netgear Ex7700
Netgear Lbr1020
Netgear Rbr20
Netgear Rbk352
Netgear Rbr50
Netgear Rbr350