CVE-2021-45638

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects D6220 before 1.0.0.68, D6400 before 1.0.0.102, D7000v2 before 1.0.0.74, D8500 before 1.0.3.60, DC112A before 1.0.0.56, R6300v2 before 1.0.4.50, R6400 before 1.0.1.68, R7000 before 1.0.11.116, R7100LG before 1.0.0.70, RBS40V before 2.6.2.8, RBW30 before 2.6.2.2, RS400 before 1.5.1.80, R7000P before 1.3.2.132, and R6900P before 1.3.2.132.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.6 CRITICAL
ADJACENT_NETWORK
LOW
NONE
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
mitreCNA
9.6 CRITICAL
ADJACENT_NETWORK
LOW
NONE
CVSS:3.1/AC:L/AV:A/A:H/C:H/I:H/PR:N/S:C/UI:N
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 53%
VendorProductVersion
netgeard6220_firmware
𝑥
< 1.0.0.68
netgeard6400_firmware
𝑥
< 1.0.0.102
netgeard7000v2_firmware
𝑥
< 1.0.0.74
netgeard8500_firmware
𝑥
< 1.0.3.60
netgeardc112a_firmware
𝑥
< 1.0.0.56
netgearr6300v2_firmware
𝑥
< 1.0.4.50
netgearr6400_firmware
𝑥
< 1.0.1.68
netgearr7000_firmware
𝑥
< 1.0.11.116
netgearr7100lg_firmware
𝑥
< 1.0.0.70
netgearr7000p_firmware
𝑥
< 1.3.2.132
netgearrbs40v_firmware
𝑥
< 2.6.2.8
netgearrbw30_firmware
𝑥
< 2.6.2.2
netgearrs400_firmware
𝑥
< 1.5.1.80
netgearr6900p_firmware
𝑥
< 1.3.2.132
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://kb.netgear.com/000064496/Security-Advisory-for-Pre-Authentication-Stack-Overflow-on-Some-Routers-PSV-2020-0464
https://kb.netgear.com/000064496/Security-Advisory-for-Pre-Authentication-Stack-Overflow-on-Some-Routers-PSV-2020-0464