Vulnerability-Lookup

BDU:2022-00465

Vulnerability from fstec - Published: 24.09.2021

Title

Уязвимость микропрограммного обеспечения Wi-Fi роутеров NETGEAR D3600, D6000, D6200, D6220, D6400, D7000, D7000v2, D7800, D8500, DC112A, DGN2200v4, DGND2200Bv4, DM200, EX3700, EX3800, EX6120, EX6130, EX7000, PR2000, R6220, R6230, R6250, R6300v2, R6400, R6400v2, R6700, R6700v3, R6900, R7000, R7100LG, R7500v2, R7900P, R8000P, R8900, R9000, RBK20, RBK40, RBK50, RBR20, RBR40, RBR50, RBS20, RBS40, RBS50, WN3000RPv2, WNDR3400v3, WNR2000v5, WNR2020, WNR3500Lv2, XR450, XR500, связанная с ошибками в настройках безопасности, позволяющая нарушителю казать воздействие на целостность, доступность и конфиденциальность защищаемой информации

Description

Уязвимость микропрограммного обеспечения Wi-Fi роутеров NETGEAR D3600, D6000, D6200, D6220, D6400, D7000, D7000v2, D7800, D8500, DC112A, DGN2200v4, DGND2200Bv4, DM200, EX3700, EX3800, EX6120, EX6130, EX7000, PR2000, R6220, R6230, R6250, R6300v2, R6400, R6400v2, R6700, R6700v3, R6900, R7000, R7100LG, R7500v2, R7900P, R8000P, R8900, R9000, RBK20, RBK40, RBK50, RBR20, RBR40, RBR50, RBS20, RBS40, RBS50, WN3000RPv2, WNDR3400v3, WNR2000v5, WNR2020, WNR3500Lv2, XR450, XR500 связана с ошибками в настройках безопасности. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, оказать воздействие на целостность, доступность и конфиденциальность защищаемой информации

Severity ?


                    
                      AV:A/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L

Vendor

NETGEAR

Software Name

DM200, R7500v2, RBK50, RBR50, RBS50, RBK20, RBR20, RBS20, RBS40, R6220, R6230, EX7000, R6250, R6400, R7100LG, R6700v3, WNR3500Lv2, D6400, D7800, DGN2200Bv4, DGN2200v4, R6300v2, R6700, XR500, R7900P, R8000P, D3600, D6000, D6200, D6220, D7000, D7000v2, D8500, AirCards DC112A, EX3700, EX3800, EX6120, EX6130, PR2000, R6400v2, R6900, R7000, R8900, R9000, RBK40, RBR40, WN3000RPv2, WNDR3400v3, WNR2000v5, WNR2020, XR450

Software Version

до 1.0.0.61 (DM200), до 1.0.3.40 (R7500v2), до 2.3.0.32 (RBK50), до 2.3.0.32 (RBR50), до 2.3.0.32 (RBS50), до 2.3.0.28 (RBK20), до 2.3.0.28 (RBR20), до 2.3.0.28 (RBS20), до 2.3.0.28 (RBS40), до 1.1.0.100 (R6220), до 1.1.0.100 (R6230), до 1.0.1.78 (EX7000), до 1.0.4.34 (R6250), до 1.0.1.46 (R6400), до 1.0.0.50 (R7100LG), до 1.0.2.66 (R6700v3), до 1.2.0.62 (WNR3500Lv2), до 1.0.0.86 (D6400), до 1.0.1.56 (D7800), до 1.0.0.109 (DGN2200Bv4), до 1.0.0.110 (DGN2200v4), до 1.0.4.34 (R6300v2), до 1.0.2.6 (R6700), до 2.3.2.56 (XR500), до 1.4.1.50 (R7900P), до 1.4.1.50 (R8000P), до 1.0.0.72 (D3600), до 1.0.0.72 (D6000), до 1.1.00.34 (D6200), до 1.0.0.52 (D6220), до 1.0.1.74 (D7000), до 1.0.0.53 (D7000v2), до 1.0.3.44 (D8500), до 1.0.0.42 (AirCards DC112A), до 1.0.0.76 (EX3700), до 1.0.0.76 (EX3800), до 1.0.0.46 (EX6120), до 1.0.0.28 (EX6130), до 1.0.0.28 (PR2000), до 1.0.2.66 (R6400v2), до 1.0.2.6 (R6900), до 1.0.9.34 (R7000), до 1.0.4.12 (R8900), до 1.0.4.12 (R9000), до 2.3.0.28 (RBK40), до 2.3.0.28 (RBR40), до 1.0.0.78 (WN3000RPv2), до 1.0.1.24 (WNDR3400v3), до 1.0.0.70 (WNR2000v5), до 1.1.0.62 (WNR2020), до 2.3.2.56 (XR450)

Possible Mitigations

Использование рекомендаций: https://kb.netgear.com/000064045/Security-Advisory-for-Security-Misconfiguration-on-Some-Routers-Extenders-and-WiFi-Systems-PSV-2018-0228

Reference

https://kb.netgear.com/000064045/Security-Advisory-for-Security-Misconfiguration-on-Some-Routers-Extenders-and-WiFi-Systems-PSV-2018-0228 https://nvd.nist.gov/vuln/detail/CVE-2021-45640 https://vuldb.com/?id.189263

CWE

CWE-254

JSON

To clipboard

{
  "CVSS 2.0": "AV:A/AC:H/Au:S/C:P/I:P/A:P",
  "CVSS 3.0": "AV:A/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "NETGEAR",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "\u0434\u043e 1.0.0.61 (DM200), \u0434\u043e 1.0.3.40 (R7500v2), \u0434\u043e 2.3.0.32 (RBK50), \u0434\u043e 2.3.0.32 (RBR50), \u0434\u043e 2.3.0.32 (RBS50), \u0434\u043e 2.3.0.28 (RBK20), \u0434\u043e 2.3.0.28 (RBR20), \u0434\u043e 2.3.0.28 (RBS20), \u0434\u043e 2.3.0.28 (RBS40), \u0434\u043e 1.1.0.100 (R6220), \u0434\u043e 1.1.0.100 (R6230), \u0434\u043e 1.0.1.78 (EX7000), \u0434\u043e 1.0.4.34 (R6250), \u0434\u043e 1.0.1.46 (R6400), \u0434\u043e 1.0.0.50 (R7100LG), \u0434\u043e 1.0.2.66 (R6700v3), \u0434\u043e 1.2.0.62 (WNR3500Lv2), \u0434\u043e 1.0.0.86 (D6400), \u0434\u043e 1.0.1.56 (D7800), \u0434\u043e 1.0.0.109 (DGN2200Bv4), \u0434\u043e 1.0.0.110 (DGN2200v4), \u0434\u043e 1.0.4.34 (R6300v2), \u0434\u043e 1.0.2.6 (R6700), \u0434\u043e 2.3.2.56 (XR500), \u0434\u043e 1.4.1.50 (R7900P), \u0434\u043e 1.4.1.50 (R8000P), \u0434\u043e 1.0.0.72 (D3600), \u0434\u043e 1.0.0.72 (D6000), \u0434\u043e 1.1.00.34 (D6200), \u0434\u043e 1.0.0.52 (D6220), \u0434\u043e 1.0.1.74 (D7000), \u0434\u043e 1.0.0.53 (D7000v2), \u0434\u043e 1.0.3.44 (D8500), \u0434\u043e 1.0.0.42 (AirCards DC112A), \u0434\u043e 1.0.0.76 (EX3700), \u0434\u043e 1.0.0.76 (EX3800), \u0434\u043e 1.0.0.46 (EX6120), \u0434\u043e 1.0.0.28 (EX6130), \u0434\u043e 1.0.0.28 (PR2000), \u0434\u043e 1.0.2.66 (R6400v2), \u0434\u043e 1.0.2.6 (R6900), \u0434\u043e 1.0.9.34 (R7000), \u0434\u043e 1.0.4.12 (R8900), \u0434\u043e 1.0.4.12 (R9000), \u0434\u043e 2.3.0.28 (RBK40), \u0434\u043e 2.3.0.28 (RBR40), \u0434\u043e 1.0.0.78 (WN3000RPv2), \u0434\u043e 1.0.1.24 (WNDR3400v3), \u0434\u043e 1.0.0.70 (WNR2000v5), \u0434\u043e 1.1.0.62 (WNR2020), \u0434\u043e 2.3.2.56 (XR450)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\nhttps://kb.netgear.com/000064045/Security-Advisory-for-Security-Misconfiguration-on-Some-Routers-Extenders-and-WiFi-Systems-PSV-2018-0228",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "24.09.2021",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "25.01.2022",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "25.01.2022",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2022-00465",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2021-45640",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0430\u0440\u0445\u0438\u0442\u0435\u043a\u0442\u0443\u0440\u044b",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "DM200, R7500v2, RBK50, RBR50, RBS50, RBK20, RBR20, RBS20, RBS40, R6220, R6230, EX7000, R6250, R6400, R7100LG, R6700v3, WNR3500Lv2, D6400, D7800, DGN2200Bv4, DGN2200v4, R6300v2, R6700, XR500, R7900P, R8000P, D3600, D6000, D6200, D6220, D7000, D7000v2, D8500, AirCards DC112A, EX3700, EX3800, EX6120, EX6130, PR2000, R6400v2, R6900, R7000, R8900, R9000, RBK40, RBR40, WN3000RPv2, WNDR3400v3, WNR2000v5, WNR2020, XR450",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u0438\u043a\u0440\u043e\u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Wi-Fi \u0440\u043e\u0443\u0442\u0435\u0440\u043e\u0432 NETGEAR D3600, D6000, D6200, D6220, D6400, D7000, D7000v2, D7800, D8500, DC112A, DGN2200v4, DGND2200Bv4, DM200, EX3700, EX3800, EX6120, EX6130, EX7000, PR2000, R6220, R6230, R6250, R6300v2, R6400, R6400v2, R6700, R6700v3, R6900, R7000, R7100LG, R7500v2, R7900P, R8000P, R8900, R9000, RBK20, RBK40, RBK50, RBR20, RBR40, RBR50, RBS20, RBS40, RBS50, WN3000RPv2, WNDR3400v3, WNR2000v5, WNR2020, WNR3500Lv2, XR450, XR500, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043e\u0448\u0438\u0431\u043a\u0430\u043c\u0438 \u0432 \u043d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0430\u0445 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043a\u0430\u0437\u0430\u0442\u044c \u0432\u043e\u0437\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0435 \u043d\u0430 \u0446\u0435\u043b\u043e\u0441\u0442\u043d\u043e\u0441\u0442\u044c, \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u043e\u0441\u0442\u044c \u0438 \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u0441\u0442\u044c \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u042d\u043b\u0435\u043c\u0435\u043d\u0442\u044b \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (CWE-254)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u0438\u043a\u0440\u043e\u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Wi-Fi \u0440\u043e\u0443\u0442\u0435\u0440\u043e\u0432 NETGEAR D3600, D6000, D6200, D6220, D6400, D7000, D7000v2, D7800, D8500, DC112A, DGN2200v4, DGND2200Bv4, DM200, EX3700, EX3800, EX6120, EX6130, EX7000, PR2000, R6220, R6230, R6250, R6300v2, R6400, R6400v2, R6700, R6700v3, R6900, R7000, R7100LG, R7500v2, R7900P, R8000P, R8900, R9000, RBK20, RBK40, RBK50, RBR20, RBR40, RBR50, RBS20, RBS40, RBS50, WN3000RPv2, WNDR3400v3, WNR2000v5, WNR2020, WNR3500Lv2, XR450, XR500 \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043e\u0448\u0438\u0431\u043a\u0430\u043c\u0438 \u0432 \u043d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0430\u0445 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u043e\u043a\u0430\u0437\u0430\u0442\u044c \u0432\u043e\u0437\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0435 \u043d\u0430 \u0446\u0435\u043b\u043e\u0441\u0442\u043d\u043e\u0441\u0442\u044c, \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u043e\u0441\u0442\u044c \u0438 \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u0441\u0442\u044c \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041d\u0430\u0440\u0443\u0448\u0435\u043d\u0438\u0435 \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u0430\u0446\u0438\u0438",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://kb.netgear.com/000064045/Security-Advisory-for-Security-Misconfiguration-on-Some-Routers-Extenders-and-WiFi-Systems-PSV-2018-0228\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-45640\nhttps://vuldb.com/?id.189263",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041f\u041e \u0441\u0435\u0442\u0435\u0432\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-254",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 4)\n\u041d\u0438\u0437\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 3,9)"
}

CVE-2021-45640 (GCVE-0-2021-45640)

Vulnerability from cvelistv5 – Published: 2021-12-26 00:31 – Updated: 2024-08-04 04:47

Summary

Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D3600 before 1.0.0.72, D6000 before 1.0.0.72, D6200 before 1.1.00.34, D6220 before 1.0.0.52, D6400 before 1.0.0.86, D7000 before 1.0.1.74, D7000v2 before 1.0.0.53, D7800 before 1.0.1.56, D8500 before 1.0.3.44, DC112A before 1.0.0.42, DGN2200v4 before 1.0.0.110, DGND2200Bv4 before 1.0.0.109, DM200 before 1.0.0.61, EX3700 before 1.0.0.76, EX3800 before 1.0.0.76, EX6120 before 1.0.0.46, EX6130 before 1.0.0.28, EX7000 before 1.0.1.78, PR2000 before 1.0.0.28, R6220 before 1.1.0.100, R6230 before 1.1.0.100, R6250 before 1.0.4.34, R6300v2 before 1.0.4.34, R6400 before 1.0.1.46, R6400v2 before 1.0.2.66, R6700 before 1.0.2.6, R6700v3 before 1.0.2.66, R6900 before 1.0.2.6, R7000 before 1.0.9.34, R7100LG before 1.0.0.50, R7500v2 before 1.0.3.40, R7900P before 1.4.1.50, R8000P before 1.4.1.50, R8900 before 1.0.4.12, R9000 before 1.0.4.12, RBK20 before 2.3.0.28, RBK40 before 2.3.0.28, RBK50 before 2.3.0.32, RBR20 before 2.3.0.28, RBR40 before 2.3.0.28, RBR50 before 2.3.0.32, RBS20 before 2.3.0.28, RBS40 before 2.3.0.28, RBS50 before 2.3.0.32, WN3000RPv2 before 1.0.0.78, WNDR3400v3 before 1.0.1.24, WNR2000v5 before 1.0.0.70, WNR2020 before 1.1.0.62, WNR3500Lv2 before 1.2.0.62, XR450 before 2.3.2.56, and XR500 before 2.3.2.56.

Severity ?

3.9 (Low)


                        
                          CVSS:3.1/AC:H/AV:A/A:L/C:L/I:L/PR:H/S:U/UI:N

CWE

Assigner

mitre

References

URL

Tags

https://kb.netgear.com/000064045/Security-Advisor…

x_refsource_MISC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T04:47:01.875Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://kb.netgear.com/000064045/Security-Advisory-for-Security-Misconfiguration-on-Some-Routers-Extenders-and-WiFi-Systems-PSV-2018-0228"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D3600 before 1.0.0.72, D6000 before 1.0.0.72, D6200 before 1.1.00.34, D6220 before 1.0.0.52, D6400 before 1.0.0.86, D7000 before 1.0.1.74, D7000v2 before 1.0.0.53, D7800 before 1.0.1.56, D8500 before 1.0.3.44, DC112A before 1.0.0.42, DGN2200v4 before 1.0.0.110, DGND2200Bv4 before 1.0.0.109, DM200 before 1.0.0.61, EX3700 before 1.0.0.76, EX3800 before 1.0.0.76, EX6120 before 1.0.0.46, EX6130 before 1.0.0.28, EX7000 before 1.0.1.78, PR2000 before 1.0.0.28, R6220 before 1.1.0.100, R6230 before 1.1.0.100, R6250 before 1.0.4.34, R6300v2 before 1.0.4.34, R6400 before 1.0.1.46, R6400v2 before 1.0.2.66, R6700 before 1.0.2.6, R6700v3 before 1.0.2.66, R6900 before 1.0.2.6, R7000 before 1.0.9.34, R7100LG before 1.0.0.50, R7500v2 before 1.0.3.40, R7900P before 1.4.1.50, R8000P before 1.4.1.50, R8900 before 1.0.4.12, R9000 before 1.0.4.12, RBK20 before 2.3.0.28, RBK40 before 2.3.0.28, RBK50 before 2.3.0.32, RBR20 before 2.3.0.28, RBR40 before 2.3.0.28, RBR50 before 2.3.0.32, RBS20 before 2.3.0.28, RBS40 before 2.3.0.28, RBS50 before 2.3.0.32, WN3000RPv2 before 1.0.0.78, WNDR3400v3 before 1.0.1.24, WNR2000v5 before 1.0.0.70, WNR2020 before 1.1.0.62, WNR3500Lv2 before 1.2.0.62, XR450 before 2.3.2.56, and XR500 before 2.3.2.56."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 3.9,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AC:H/AV:A/A:L/C:L/I:L/PR:H/S:U/UI:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-12-26T00:31:04.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://kb.netgear.com/000064045/Security-Advisory-for-Security-Misconfiguration-on-Some-Routers-Extenders-and-WiFi-Systems-PSV-2018-0228"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2021-45640",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D3600 before 1.0.0.72, D6000 before 1.0.0.72, D6200 before 1.1.00.34, D6220 before 1.0.0.52, D6400 before 1.0.0.86, D7000 before 1.0.1.74, D7000v2 before 1.0.0.53, D7800 before 1.0.1.56, D8500 before 1.0.3.44, DC112A before 1.0.0.42, DGN2200v4 before 1.0.0.110, DGND2200Bv4 before 1.0.0.109, DM200 before 1.0.0.61, EX3700 before 1.0.0.76, EX3800 before 1.0.0.76, EX6120 before 1.0.0.46, EX6130 before 1.0.0.28, EX7000 before 1.0.1.78, PR2000 before 1.0.0.28, R6220 before 1.1.0.100, R6230 before 1.1.0.100, R6250 before 1.0.4.34, R6300v2 before 1.0.4.34, R6400 before 1.0.1.46, R6400v2 before 1.0.2.66, R6700 before 1.0.2.6, R6700v3 before 1.0.2.66, R6900 before 1.0.2.6, R7000 before 1.0.9.34, R7100LG before 1.0.0.50, R7500v2 before 1.0.3.40, R7900P before 1.4.1.50, R8000P before 1.4.1.50, R8900 before 1.0.4.12, R9000 before 1.0.4.12, RBK20 before 2.3.0.28, RBK40 before 2.3.0.28, RBK50 before 2.3.0.32, RBR20 before 2.3.0.28, RBR40 before 2.3.0.28, RBR50 before 2.3.0.32, RBS20 before 2.3.0.28, RBS40 before 2.3.0.28, RBS50 before 2.3.0.32, WN3000RPv2 before 1.0.0.78, WNDR3400v3 before 1.0.1.24, WNR2000v5 before 1.0.0.70, WNR2020 before 1.1.0.62, WNR3500Lv2 before 1.2.0.62, XR450 before 2.3.2.56, and XR500 before 2.3.2.56."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "HIGH",
            "attackVector": "ADJACENT",
            "availabilityImpact": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AC:H/AV:A/A:L/C:L/I:L/PR:H/S:U/UI:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://kb.netgear.com/000064045/Security-Advisory-for-Security-Misconfiguration-on-Some-Routers-Extenders-and-WiFi-Systems-PSV-2018-0228",
              "refsource": "MISC",
              "url": "https://kb.netgear.com/000064045/Security-Advisory-for-Security-Misconfiguration-on-Some-Routers-Extenders-and-WiFi-Systems-PSV-2018-0228"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2021-45640",
    "datePublished": "2021-12-26T00:31:04.000Z",
    "dateReserved": "2021-12-25T00:00:00.000Z",
    "dateUpdated": "2024-08-04T04:47:01.875Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

BDU:2022-00465

CVE-2021-45640 (GCVE-0-2021-45640)

Tags

Sightings

Nomenclature