CVE-2021-27254 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	8.8 HIGH	ADJACENT_NETWORK	LOW	NONE	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
zdi	CNA	6.3 MEDIUM	ADJACENT_NETWORK	LOW	NONE	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 8%

Vendor	Product	Version
netgear	br200_firmware	𝑥 < 5.10.0.5
netgear	br500_firmware	𝑥 < 5.10.0.5
netgear	d7800_firmware	𝑥 < 1.0.1.60
netgear	ex6100v2_firmware	𝑥 < 1.0.1.98
netgear	ex6150v2_firmware	𝑥 < 1.0.1.98
netgear	ex6250_firmware	𝑥 < 1.0.0.134
netgear	ex6400_firmware	𝑥 < 1.0.2.158
netgear	ex6400v2_firmware	𝑥 < 1.0.0.134
netgear	ex6410_firmware	𝑥 < 1.0.0.134
netgear	ex6420_firmware	𝑥 < 1.0.0.134
netgear	ex7300_firmware	𝑥 < 1.0.2.158
netgear	ex7300v2_firmware	𝑥 < 1.0.0.134
netgear	ex7320_firmware	𝑥 < 1.0.0.134
netgear	ex7700_firmware	𝑥 < 1.0.0.216
netgear	ex8000_firmware	𝑥 < 1.0.1.232
netgear	lbr20_firmware	𝑥 < 2.6.3.50
netgear	r7800_firmware	𝑥 < 1.0.2.80
netgear	r8900_firmware	𝑥 < 1.0.5.28
netgear	r9000_firmware	𝑥 < 1.0.5.28
netgear	rbk12_firmware	𝑥 < 2.7.2.104
netgear	rbk13_firmware	𝑥 < 2.7.2.104
netgear	rbk14_firmware	𝑥 < 2.7.2.104
netgear	rbk15_firmware	𝑥 < 2.7.2.104
netgear	rbk20_firmware	𝑥 < 2.6.2.104
netgear	rbk23_firmware	𝑥 < 2.7.2.104
netgear	rbk40_firmware	𝑥 < 2.6.2.104
netgear	rbk43_firmware	𝑥 < 2.6.2.104
netgear	rbk43s_firmware	𝑥 < 2.6.2.104
netgear	rbk44_firmware	𝑥 < 2.6.2.104
netgear	rbk50_firmware	𝑥 < 2.7.2.104
netgear	rbk53_firmware	𝑥 < 2.7.2.104
netgear	rbr10_firmware	𝑥 < 2.6.2.104
netgear	rbr20_firmware	𝑥 < 2.6.2.104
netgear	rbr40_firmware	𝑥 < 2.6.2.104
netgear	rbr50_firmware	𝑥 < 2.7.2.104
netgear	rbs10_firmware	𝑥 < 2.6.2.104
netgear	rbs20_firmware	𝑥 < 2.6.2.104
netgear	rbs40_firmware	𝑥 < 2.6.2.104
netgear	rbs50_firmware	𝑥 < 2.7.2.104
netgear	rbs50y_firmware	𝑥 < 2.6.2.104
netgear	xr450_firmware	𝑥 < 2.3.2.114
netgear	xr500_firmware	𝑥 < 2.3.2.114
netgear	xr700_firmware	𝑥 < 1.0.1.38

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-259 - Use of Hard-coded Password
The software contains a hard-coded password, which it uses for its own inbound authentication or for outbound communication to external components.
CWE-798 - Use of Hard-coded Credentials
The software contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.

References

https://kb.netgear.com/000062883/Security-Advisory-for-Multiple-Vulnerabilities-on-Some-Routers-Satellites-and-Extenders

https://www.zerodayinitiative.com/advisories/ZDI-21-252/

https://kb.netgear.com/000062883/Security-Advisory-for-Multiple-Vulnerabilities-on-Some-Routers-Satellites-and-Extenders

https://www.zerodayinitiative.com/advisories/ZDI-21-252/