1. Home
  2. CVE Database
  3. CVE-2021-38526
MEDIUM · 4.3

CVE-2021-38526

Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects RAX35 before 1.0.3.94, RAX38 before 1.0.3.94, and RAX40 before 1.0.3.94.

Vulnerability Description

Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects RAX35 before 1.0.3.94, RAX38 before 1.0.3.94, and RAX40 before 1.0.3.94.

CVSS Score

4.3

MEDIUM

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
NONE
Integrity
NONE
Availability
LOW

Affected Products

VendorProductVersions
NetgearRax35 Firmware< 1.0.3.94
NetgearRax35-
NetgearRax38 Firmware< 1.0.3.94
NetgearRax38-
NetgearRax40 Firmware< 1.0.3.94
NetgearRax40-

Related Weaknesses (CWE)

CWE-120

References

FAQ

What is CVE-2021-38526?

CVE-2021-38526 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects RAX35 before 1.0.3.94, RAX38 before 1.0.3.94, and RAX40 before 1.0.3.94.

How severe is CVE-2021-38526?

CVE-2021-38526 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-38526?

Check the references section above for vendor advisories and patch information. Affected products include: Netgear Rax35 Firmware, Netgear Rax35, Netgear Rax38 Firmware, Netgear Rax38, Netgear Rax40 Firmware.