CVE-2021-45648

26.12.2021, 01:15

Certain NETGEAR devices are affected by disclosure of sensitive information. This affects EX6100v2 before 1.0.1.106, EX6150v2 before 1.0.1.106, EX6250 before 1.0.0.146, EX6400 before 1.0.2.164, EX6400v2 before 1.0.0.146, EX6410 before 1.0.0.146, EX6420 before 1.0.0.146, EX7300 before 1.0.2.164, EX7300v2 before 1.0.0.146, EX7320 before 1.0.0.146, EX7700 before 1.0.0.222, LBR1020 before 2.6.5.16, LBR20 before 2.6.5.2, RBK352 before 4.3.4.7, RBK50 before 2.7.3.22, RBR350 before 4.3.4.7, RBR50 before 2.7.3.22, and RBS350 before 4.3.4.7.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	3.1 LOW	ADJACENT_NETWORK	HIGH	NONE	CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
mitre	CNA	3.1 LOW	ADJACENT_NETWORK	HIGH	NONE	CVSS:3.1/AC:H/AV:A/A:N/C:L/I:N/PR:N/S:U/UI:N
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 53%

Vendor	Product	Version
netgear	ex6100v2_firmware	𝑥 < 1.0.1.106
netgear	ex6150v2_firmware	𝑥 < 1.0.1.106
netgear	ex6250_firmware	𝑥 < 1.0.0.146
netgear	ex6400_firmware	𝑥 < 1.0.2.164
netgear	ex6400v2_firmware	𝑥 < 1.0.0.146
netgear	ex6410_firmware	𝑥 < 1.0.0.146
netgear	ex6420_firmware	𝑥 < 1.0.0.146
netgear	ex7300_firmware	𝑥 < 1.0.2.164
netgear	ex7300v2_firmware	𝑥 < 1.0.0.146
netgear	ex7320_firmware	𝑥 < 1.0.0.146
netgear	ex7700_firmware	𝑥 < 1.0.0.222
netgear	lbr1020_firmware	𝑥 < 2.6.5.16
netgear	lbr20_firmware	𝑥 < 2.6.5.2
netgear	rbk352_firmware	𝑥 < 4.3.4.7
netgear	rbk50_firmware	𝑥 < 2.7.3.22
netgear	rbr350_firmware	𝑥 < 4.3.4.7
netgear	rbr50_firmware	𝑥 < 2.7.3.22
netgear	rbs350_firmware	𝑥 < 4.3.4.7

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References

https://kb.netgear.com/000064494/Security-Advisory-for-Sensitive-Information-Disclosure-on-Some-Routers-Extenders-and-WiFi-Systems-PSV-2020-0453