CVE-2021-45500 : Certain NETGEAR devices are affected by authentication bypass. This affects R7000P before 1.3.3.140 and R8000 before 1.0

Certain NETGEAR devices are affected by authentication bypass. This affects R7000P before 1.3.3.140 and R8000 before 1.0.4.68.

Published 2021-12-26 01:15:13

Updated 2022-07-12 17:42:04

Source MITRE

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2021-45500

Probability of exploitation activity in the next 30 days: 0.06%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 24 % EPSS Score History EPSS FAQ

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
5.8	MEDIUM	AV:A/AC:L/Au:N/C:P/I:P/A:P	6.5	6.4	NIST
Access Vector: Adjacent Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial
9.6	CRITICAL	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L	2.8	6.0	MITRE
Attack Vector: Adjacent Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Changed Confidentiality: High Integrity: High Availability: Low
8.8	HIGH	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	2.8	5.9	NIST
Attack Vector: Adjacent Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

https://kb.netgear.com/000064070/Security-Advisory-for-Authentication-Bypass-on-Some-Routers-PSV-2019-0183

Security Advisory for Authentication Bypass on Some Routers, PSV-2019-0183 | Answer | NETGEAR Support
Patch;Vendor Advisory

Netgear » R8000 Firmware
Versions before (<) 1.0.4.68
cpe:2.3:o:netgear:r8000_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » R8000 » Version: N/A
Netgear » R7000p Firmware
Versions before (<) 1.3.3.140
cpe:2.3:o:netgear:r7000p_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » R7000p » Version: N/A