CVE-2021-38513

EUVD-2021-24963
Certain NETGEAR devices are affected by authentication bypass. This affects RBK852 before 3.2.10.11, RBR850 before 3.2.10.11, RBS850 before 3.2.10.11, CBR40 before 2.5.0.10, EAX20 before 1.0.0.48, MK62 before 1.0.6.110, MR60 before 1.0.6.110, MS60 before 1.0.6.110, RBK752 before 3.2.10.10, RBR750 before 3.2.10.10, and RBS750 before 3.2.10.10.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.6 CRITICAL
ADJACENT_NETWORK
LOW
NONE
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L
mitreCNA
9.6 CRITICAL
ADJACENT_NETWORK
LOW
NONE
CVSS:3.1/AC:L/AV:A/A:L/C:H/I:H/PR:N/S:C/UI:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 54%
Affected Products (NVD)
VendorProductVersion
netgearrbk852_firmware
𝑥
< 3.2.10.11
netgearrbr850_firmware
𝑥
< 3.2.10.11
netgearrbs850_firmware
𝑥
< 3.2.10.11
netgearcbr40_firmware
𝑥
< 2.5.0.10
netgeareax20_firmware
𝑥
< 1.0.0.48
netgearmk62_firmware
𝑥
< 1.0.6.110
netgearmr60_firmware
𝑥
< 1.0.6.110
netgearms60_firmware
𝑥
< 1.0.6.110
netgearrbk752_firmware
𝑥
< 3.2.10.10
netgearrbr750_firmware
𝑥
< 3.2.10.10
netgearrbs750_firmware
𝑥
< 3.2.10.10
𝑥
= Vulnerable software versions
References
https://kb.netgear.com/000063777/Security-Advisory-for-Authentication-Bypass-on-Some-Extenders-and-WiFi-Systems-PSV-2020-0008
https://kb.netgear.com/000063777/Security-Advisory-for-Authentication-Bypass-on-Some-Extenders-and-WiFi-Systems-PSV-2020-0008