CVE-2021-45640 : Certain NETGEAR devices are affected by incorrect configuration of security sett

Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D3600 before 1.0.0.72, D6000 before 1.0.0.72, D6200 before 1.1.00.34, D6220 before 1.0.0.52, D6400 before 1.0.0.86, D7000 before 1.0.1.74, D7000v2 before 1.0.0.53, D7800 before 1.0.1.56, D8500 before 1.0.3.44, DC112A before 1.0.0.42, DGN2200v4 before 1.0.0.110, DGND2200Bv4 before 1.0.0.109, DM200 before 1.0.0.61, EX3700 before 1.0.0.76, EX3800 before 1.0.0.76, EX6120 before 1.0.0.46, EX6130 before 1.0.0.28, EX7000 before 1.0.1.78, PR2000 before 1.0.0.28, R6220 before 1.1.0.100, R6230 before 1.1.0.100, R6250 before 1.0.4.34, R6300v2 before 1.0.4.34, R6400 before 1.0.1.46, R6400v2 before 1.0.2.66, R6700 before 1.0.2.6, R6700v3 before 1.0.2.66, R6900 before 1.0.2.6, R7000 before 1.0.9.34, R7100LG before 1.0.0.50, R7500v2 before 1.0.3.40, R7900P before 1.4.1.50, R8000P before 1.4.1.50, R8900 before 1.0.4.12, R9000 before 1.0.4.12, RBK20 before 2.3.0.28, RBK40 before 2.3.0.28, RBK50 before 2.3.0.32, RBR20 before 2.3.0.28, RBR40 before 2.3.0.28, RBR50 before 2.3.0.32, RBS20 before 2.3.0.28, RBS40 before 2.3.0.28, RBS50 before 2.3.0.32, WN3000RPv2 before 1.0.0.78, WNDR3400v3 before 1.0.1.24, WNR2000v5 before 1.0.0.70, WNR2020 before 1.1.0.62, WNR3500Lv2 before 1.2.0.62, XR450 before 2.3.2.56, and XR500 before 2.3.2.56.

Published 2021-12-26 01:15:20

Updated 2022-01-12 14:26:34

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2021-45640

Netgear » D3600 Firmware
Versions before (<) 1.0.0.72
cpe:2.3:o:netgear:d3600_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » D3600 » Version: N/A
Netgear » D6000 Firmware
Versions before (<) 1.0.0.72
cpe:2.3:o:netgear:d6000_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » D6000 » Version: N/A
Netgear » R6400 Firmware
Versions before (<) 1.0.1.46
cpe:2.3:o:netgear:r6400_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » R6400 » Version: N/A
Netgear » R6700 Firmware
Versions before (<) 1.0.2.6
cpe:2.3:o:netgear:r6700_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » R6700 » Version: N/A
Netgear » R6900 Firmware
Versions before (<) 1.0.2.6
cpe:2.3:o:netgear:r6900_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » R6900 » Version: N/A
Netgear » R7000 Firmware
Versions before (<) 1.0.9.34
cpe:2.3:o:netgear:r7000_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » R7000 » Version: N/A
Netgear » R7100lg Firmware
Versions before (<) 1.0.0.50
cpe:2.3:o:netgear:r7100lg_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » R7100lg » Version: N/A
Netgear » D6220 Firmware
Versions before (<) 1.0.0.52
cpe:2.3:o:netgear:d6220_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » D6220 » Version: N/A
Netgear » D6400 Firmware
Versions before (<) 1.0.0.86
cpe:2.3:o:netgear:d6400_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » D6400 » Version: N/A
Netgear » R6250 Firmware
Versions before (<) 1.0.4.34
cpe:2.3:o:netgear:r6250_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » R6250 » Version: N/A
Netgear » Dgn2200bv4 Firmware
Versions before (<) 1.0.0.109
cpe:2.3:o:netgear:dgn2200bv4_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » Dgn2200bv4 » Version: N/A
Netgear » Wnr2000v5 Firmware
Versions before (<) 1.0.0.70
cpe:2.3:o:netgear:wnr2000v5_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » Wnr2000v5 Firmware » Version: N/A
Netgear » Ex7000 Firmware
Versions before (<) 1.0.1.78
cpe:2.3:o:netgear:ex7000_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » Ex7000 » Version: N/A
Netgear » D6200 Firmware
Versions before (<) 1.1.00.34
cpe:2.3:o:netgear:d6200_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » D6200 » Version: N/A
Netgear » R6220 Firmware
Versions before (<) 1.1.0.100
cpe:2.3:o:netgear:r6220_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » R6220 » Version: N/A
Netgear » Wnr2020 Firmware
Versions before (<) 1.1.0.62
cpe:2.3:o:netgear:wnr2020_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » Wnr2020 » Version: N/A
Netgear » D7000 Firmware
Versions before (<) 1.0.1.74
cpe:2.3:o:netgear:d7000_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » D7000 » Version: N/A
Netgear » Pr2000 Firmware
Versions before (<) 1.0.0.28
cpe:2.3:o:netgear:pr2000_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » Pr2000 » Version: N/A
Netgear » Ex3700 Firmware
Versions before (<) 1.0.0.76
cpe:2.3:o:netgear:ex3700_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » Ex3700 » Version: N/A
Netgear » Ex3800 Firmware
Versions before (<) 1.0.0.76
cpe:2.3:o:netgear:ex3800_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » Ex3800 » Version: N/A
Netgear » Ex6120 Firmware
Versions before (<) 1.0.0.46
cpe:2.3:o:netgear:ex6120_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » Ex6120 » Version: N/A
Netgear » R9000 Firmware
Versions before (<) 1.0.4.12
cpe:2.3:o:netgear:r9000_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » R9000 » Version: N/A
Netgear » D8500 Firmware
Versions before (<) 1.0.3.44
cpe:2.3:o:netgear:d8500_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » D8500 » Version: N/A
Netgear » Ex6130 Firmware
Versions before (<) 1.0.0.28
cpe:2.3:o:netgear:ex6130_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » Ex6130 » Version: N/A
Netgear » D7800 Firmware
Versions before (<) 1.0.1.56
cpe:2.3:o:netgear:d7800_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » D7800 » Version: N/A
Netgear » R7900p Firmware
Versions before (<) 1.4.1.50
cpe:2.3:o:netgear:r7900p_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » R7900p » Version: N/A
Netgear » R8000p Firmware
Versions before (<) 1.4.1.50
cpe:2.3:o:netgear:r8000p_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » R8000p » Version: N/A
Netgear » R8900 Firmware
Versions before (<) 1.0.4.12
cpe:2.3:o:netgear:r8900_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » R8900 » Version: N/A
Netgear » Xr500 Firmware
Versions before (<) 2.3.2.56
cpe:2.3:o:netgear:xr500_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » Xr500 » Version: N/A
Netgear » Dm200 Firmware
Versions before (<) 1.0.0.61
cpe:2.3:o:netgear:dm200_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » Dm200 » Version: N/A
Netgear » Dc112a Firmware
Versions before (<) 1.0.0.42
cpe:2.3:o:netgear:dc112a_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » Dc112a » Version: N/A
Netgear » Wndr3400v3 Firmware
Versions before (<) 1.0.1.24
cpe:2.3:o:netgear:wndr3400v3_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » Wndr3400v3 » Version: N/A
Netgear » R6300v2 Firmware
Versions before (<) 1.0.4.34
cpe:2.3:o:netgear:r6300v2_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » R6300v2 » Version: N/A
Netgear » R6230 Firmware
Versions before (<) 1.1.0.100
cpe:2.3:o:netgear:r6230_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » R6230 » Version: N/A
Netgear » Rbr20 Firmware
Versions before (<) 2.3.0.28
cpe:2.3:o:netgear:rbr20_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » Rbr20 » Version: N/A
Netgear » Rbs20 Firmware
Versions before (<) 2.3.0.28
cpe:2.3:o:netgear:rbs20_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » Rbs20 » Version: N/A
Netgear » Rbk20 Firmware
Versions before (<) 2.3.0.28
cpe:2.3:o:netgear:rbk20_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » Rbk20 » Version: N/A
Netgear » Rbr40 Firmware
Versions before (<) 2.3.0.28
cpe:2.3:o:netgear:rbr40_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » Rbr40 » Version: N/A
Netgear » Rbs40 Firmware
Versions before (<) 2.3.0.28
cpe:2.3:o:netgear:rbs40_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » Rbs40 » Version: N/A
Netgear » Rbk40 Firmware
Versions before (<) 2.3.0.28
cpe:2.3:o:netgear:rbk40_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » Rbk40 » Version: N/A
Netgear » Rbr50 Firmware
Versions before (<) 2.3.0.32
cpe:2.3:o:netgear:rbr50_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » Rbr50 » Version: N/A
Netgear » Rbs50 Firmware
Versions before (<) 2.3.0.32
cpe:2.3:o:netgear:rbs50_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » Rbs50 » Version: N/A
Netgear » Rbk50 Firmware
Versions before (<) 2.3.0.32
cpe:2.3:o:netgear:rbk50_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » Rbk50 » Version: N/A
Netgear » Xr450 Firmware
Versions before (<) 2.3.2.56
cpe:2.3:o:netgear:xr450_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » Xr450 » Version: N/A
Netgear » Wn3000rpv2 Firmware
Versions before (<) 1.0.0.78
cpe:2.3:o:netgear:wn3000rpv2_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » Wn3000rpv2 » Version: N/A
Netgear » R7500v2 Firmware
Versions before (<) 1.0.3.40
cpe:2.3:o:netgear:r7500v2_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » R7500v2 » Version: N/A
Netgear » R6400v2 Firmware
Versions before (<) 1.0.2.66
cpe:2.3:o:netgear:r6400v2_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » R6400v2 » Version: N/A
Netgear » R6700v3 Firmware
Versions before (<) 1.0.2.66
cpe:2.3:o:netgear:r6700v3_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » R6700v3 » Version: N/A
Netgear » D7000v2 Firmware
Versions before (<) 1.0.0.53
cpe:2.3:o:netgear:d7000v2_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » D7000v2 » Version: N/A
Netgear » Dgn2200v4 Firmware
Versions before (<) 1.0.0.110
cpe:2.3:o:netgear:dgn2200v4_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » Dgn2200v4 » Version: N/A
Netgear » Wnr3500lv2 Firmware
Versions before (<) 1.2.0.62
cpe:2.3:o:netgear:wnr3500lv2_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » Wnr3500lv2 » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2021-45640

EPSS FAQ

0.59%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 66 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2021-45640

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
6.5	MEDIUM	AV:N/AC:L/Au:S/C:P/I:P/A:P	8.0	6.4	NIST
Access Vector: Network Access Complexity: Low Authentication: Single Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial
3.9	LOW	CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L	0.5	3.4	MITRE
Attack Vector: Adjacent Network Attack Complexity: High Privileges Required: High User Interaction: None Scope: Unchanged Confidentiality: Low Integrity: Low Availability: Low
7.2	HIGH	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	1.2	5.9	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: High User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

References for CVE-2021-45640

https://kb.netgear.com/000064045/Security-Advisory-for-Security-Misconfiguration-on-Some-Routers-Extenders-and-WiFi-Systems-PSV-2018-0228

Security Advisory for Security Misconfiguration on Some Routers, Extenders, and WiFi Systems, PSV-2018-0228 | Answer | NETGEAR Support
Patch;Vendor Advisory

Jump to

Vulnerability Details : CVE-2021-45640

Products affected by CVE-2021-45640

Exploit prediction scoring system (EPSS) score for CVE-2021-45640

CVSS scores for CVE-2021-45640

References for CVE-2021-45640