CVE-2021-38516 — CRITICAL (10.0)

Q: How severe is CVE-2021-38516?

CVE-2021-38516 has been rated CRITICAL with a CVSS base score of 10.0/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2021-38516?

Check the references section above for vendor advisories and patch information. Affected products include: Netgear D6220 Firmware, Netgear D6220, Netgear D6400 Firmware, Netgear D6400, Netgear D7000 Firmware.

Vulnerability Description

Certain NETGEAR devices are affected by lack of access control at the function level. This affects D6220 before 1.0.0.48, D6400 before 1.0.0.82, D7000v2 before 1.0.0.52, D7800 before 1.0.1.44, D8500 before 1.0.3.43, DC112A before 1.0.0.40, DGN2200v4 before 1.0.0.108, RBK50 before 2.3.0.32, RBR50 before 2.3.0.32, RBS50 before 2.3.0.32, RBK20 before 2.3.0.28, RBR20 before 2.3.0.28, RBS20 before 2.3.0.28, RBK40 before 2.3.0.28, RBR40 before 2.3.0.28, RBS40 before 2.3.0.28, R6020 before 1.0.0.34, R6080 before 1.0.0.34, R6120 before 1.0.0.44, R6220 before 1.1.0.80, R6230 before 1.1.0.80, R6250 before 1.0.4.34, R6260 before 1.1.0.40, R6850 before 1.1.0.40, R6350 before 1.1.0.40, R6400v2 before 1.0.2.62, R6700v3 before 1.0.2.62, R6700v2 before 1.2.0.36, R6800 before 1.2.0.36, R6900v2 before 1.2.0.36, R7000 before 1.0.9.34, R6900P before 1.3.1.44, R7000P before 1.3.1.44, R7100LG before 1.0.0.48, R7200 before 1.2.0.48, R7350 before 1.2.0.48, R7400 before 1.2.0.48, R7450 before 1.2.0.36, AC2100 before 1.2.0.36, AC2400 before 1.2.0.36, AC2600 before 1.2.0.36, R7500v2 before 1.0.3.38, R7800 before 1.0.2.58, R7900 before 1.0.3.8, R7960P before 1.4.1.44, R8000 before 1.0.4.28, R7900P before 1.4.1.30, R8000P before 1.4.1.30, R8900 before 1.0.4.2, R9000 before 1.0.4.2, RAX120 before 1.0.0.74, RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, RBS850 before 3.2.16.6, WNR3500Lv2 before 1.2.0.56, XR450 before 2.3.2.32, and XR500 before 2.3.2.32.

CVSS Score

10.0

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Netgear	D6220 Firmware	< 1.0.0.48
Netgear	D6220	-
Netgear	D6400 Firmware	< 1.0.0.82
Netgear	D6400	-
Netgear	D7000 Firmware	< 1.0.0.52
Netgear	D7000	v2
Netgear	D7800 Firmware	< 1.0.1.44
Netgear	D7800	-
Netgear	D8500 Firmware	< 1.0.3.43
Netgear	D8500	-
Netgear	Dc112A Firmware	< 1.0.0.40
Netgear	Dc112A	-
Netgear	Dgn2200 Firmware	< 1.0.0.108
Netgear	Dgn2200	v4
Netgear	Rbk50 Firmware	< 2.3.0.32
Netgear	Rbk50	-
Netgear	Rbr50 Firmware	< 2.3.0.32
Netgear	Rbr50	-
Netgear	Rbs50 Firmware	< 2.3.0.32
Netgear	Rbs50	-

References

https://kb.netgear.com/000063780/Security-Advisory-for-Missing-Function-Level-AcVendor Advisory
https://kb.netgear.com/000063780/Security-Advisory-for-Missing-Function-Level-AcVendor Advisory

FAQ

What is CVE-2021-38516?

CVE-2021-38516 is a vulnerability with a CVSS score of 10.0 (CRITICAL). Certain NETGEAR devices are affected by lack of access control at the function level. This affects D6220 before 1.0.0.48, D6400 before 1.0.0.82, D7000v2 before 1.0.0.52, D7800 before 1.0.1.44, D8500 b...

How severe is CVE-2021-38516?

CVE-2021-38516 has been rated CRITICAL with a CVSS base score of 10.0/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2021-38516?

Check the references section above for vendor advisories and patch information. Affected products include: Netgear D6220 Firmware, Netgear D6220, Netgear D6400 Firmware, Netgear D6400, Netgear D7000 Firmware.