CVE-2021-45679

Certain NETGEAR devices are affected by privilege escalation. This affects R6900P before 1.3.3.140, R7000 before 1.0.11.126, R7000P before 1.3.3.140, and RS400 before 1.5.1.80.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.4 HIGH
ADJACENT_NETWORK
LOW
HIGH
CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
mitreCNA
8.4 HIGH
ADJACENT_NETWORK
LOW
HIGH
CVSS:3.1/AC:L/AV:A/A:H/C:H/I:H/PR:H/S:C/UI:N
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 64%
VendorProductVersion
netgearr6900p_firmware
𝑥
< 1.3.3.140
netgearr7000_firmware
𝑥
< 1.0.11.126
netgearr7000p_firmware
𝑥
< 1.3.3.140
netgearrs400_firmware
𝑥
< 1.5.1.80
𝑥
= Vulnerable software versions
References
https://kb.netgear.com/000064528/Security-Advisory-for-Vertical-Privilege-Escalation-on-Some-Routers-PSV-2021-0043
https://kb.netgear.com/000064528/Security-Advisory-for-Vertical-Privilege-Escalation-on-Some-Routers-PSV-2021-0043