CVE-2021-38513

Certain NETGEAR devices are affected by authentication bypass. This affects RBK852 before 3.2.10.11, RBR850 before 3.2.10.11, RBS850 before 3.2.10.11, CBR40 before 2.5.0.10, EAX20 before 1.0.0.48, MK62 before 1.0.6.110, MR60 before 1.0.6.110, MS60 before 1.0.6.110, RBK752 before 3.2.10.10, RBR750 before 3.2.10.10, and RBS750 before 3.2.10.10.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.6 CRITICAL
ADJACENT_NETWORK
LOW
NONE
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L
mitreCNA
9.6 CRITICAL
ADJACENT_NETWORK
LOW
NONE
CVSS:3.1/AC:L/AV:A/A:L/C:H/I:H/PR:N/S:C/UI:N
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 54%
VendorProductVersion
netgearrbk852_firmware
𝑥
< 3.2.10.11
netgearrbr850_firmware
𝑥
< 3.2.10.11
netgearrbs850_firmware
𝑥
< 3.2.10.11
netgearcbr40_firmware
𝑥
< 2.5.0.10
netgeareax20_firmware
𝑥
< 1.0.0.48
netgearmk62_firmware
𝑥
< 1.0.6.110
netgearmr60_firmware
𝑥
< 1.0.6.110
netgearms60_firmware
𝑥
< 1.0.6.110
netgearrbk752_firmware
𝑥
< 3.2.10.10
netgearrbr750_firmware
𝑥
< 3.2.10.10
netgearrbs750_firmware
𝑥
< 3.2.10.10
𝑥
= Vulnerable software versions
References
https://kb.netgear.com/000063777/Security-Advisory-for-Authentication-Bypass-on-Some-Extenders-and-WiFi-Systems-PSV-2020-0008
https://kb.netgear.com/000063777/Security-Advisory-for-Authentication-Bypass-on-Some-Extenders-and-WiFi-Systems-PSV-2020-0008