CVE-2021-38524

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects MK62 before 1.0.6.110, MR60 before 1.0.6.110, MS60 before 1.0.6.110, RAX15 before 1.0.2.82, RAX20 before 1.0.2.82, RAX200 before 1.0.3.106, RAX45 before 1.0.2.32, RAX50 before 1.0.2.32, RAX75 before 1.0.3.106, RAX80 before 1.0.3.106, RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, and RBS750 before 3.2.16.6.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.5 MEDIUM
ADJACENT_NETWORK
LOW
HIGH
CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
mitreCNA
4.5 MEDIUM
ADJACENT_NETWORK
LOW
HIGH
CVSS:3.1/AC:L/AV:A/A:H/C:N/I:N/PR:H/S:U/UI:N
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 52%
VendorProductVersion
netgearmk62_firmware
𝑥
< 1.0.6.110
netgearmr60_firmware
𝑥
< 1.0.6.110
netgearms60_firmware
𝑥
< 1.0.6.110
netgearrax15_firmware
𝑥
< 1.0.2.82
netgearrax20_firmware
𝑥
< 1.0.2.82
netgearrax200_firmware
𝑥
< 1.0.3.106
netgearrax45_firmware
𝑥
< 1.0.2.32
netgearrax50_firmware
𝑥
< 1.0.2.32
netgearrax75_firmware
𝑥
< 1.0.3.106
netgearrax80_firmware
𝑥
< 1.0.3.106
netgearrbk752_firmware
𝑥
< 3.2.16.6
netgearrbr750_firmware
𝑥
< 3.2.16.6
netgearrbs750_firmware
𝑥
< 3.2.16.6
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://kb.netgear.com/000063779/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-WiFi-Systems-PSV-2020-0225
https://kb.netgear.com/000063779/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-WiFi-Systems-PSV-2020-0225