CVE-2021-45605 — MEDIUM (6.0)

Q: How severe is CVE-2021-45605?

CVE-2021-45605 has been rated MEDIUM with a CVSS base score of 6.0/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2021-45605?

Check the references section above for vendor advisories and patch information. Affected products include: Netgear R6400 Firmware, Netgear R6400, Netgear R7000 Firmware, Netgear R7000, Netgear R6900P Firmware.

Vulnerability Description

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects R6400 before 1.0.1.68, R7000 before 1.0.11.116, R6900P before 1.3.3.140, R7000P before 1.3.3.140, R7900 before 1.0.4.38, RAX75 before 1.0.3.102, RAX80 before 1.0.3.102, and XR300 before 1.0.3.50.

CVSS Score

6.0

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Netgear	R6400 Firmware	< 1.0.1.68
Netgear	R6400	-
Netgear	R7000 Firmware	< 1.0.11.116
Netgear	R7000	-
Netgear	R6900P Firmware	< 1.3.3.140
Netgear	R6900P	-
Netgear	R7000P Firmware	< 1.3.3.140
Netgear	R7000P	-
Netgear	R7900 Firmware	< 1.0.4.38
Netgear	R7900	-
Netgear	Rax75 Firmware	< 1.0.3.102
Netgear	Rax75	-
Netgear	Rax80 Firmware	< 1.0.3.102
Netgear	Rax80	-
Netgear	Xr300 Firmware	< 1.0.3.50
Netgear	Xr300	-

Related Weaknesses (CWE)

CWE-787

References

https://kb.netgear.com/000064072/Security-Advisory-for-Post-Authentication-StackPatchVendor Advisory
https://kb.netgear.com/000064072/Security-Advisory-for-Post-Authentication-StackPatchVendor Advisory

FAQ

What is CVE-2021-45605?

CVE-2021-45605 is a vulnerability with a CVSS score of 6.0 (MEDIUM). Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects R6400 before 1.0.1.68, R7000 before 1.0.11.116, R6900P before 1.3.3.140, R7000P before 1.3....

How severe is CVE-2021-45605?

CVE-2021-45605 has been rated MEDIUM with a CVSS base score of 6.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-45605?

Check the references section above for vendor advisories and patch information. Affected products include: Netgear R6400 Firmware, Netgear R6400, Netgear R7000 Firmware, Netgear R7000, Netgear R6900P Firmware.