CVE-2021-45606 — MEDIUM (4.5)

Q: How severe is CVE-2021-45606?

CVE-2021-45606 has been rated MEDIUM with a CVSS base score of 4.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2021-45606?

Check the references section above for vendor advisories and patch information. Affected products include: Netgear R6400 Firmware, Netgear R6400, Netgear R7000 Firmware, Netgear R7000, Netgear R7900 Firmware.

Vulnerability Description

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects R6400 before 1.0.1.70, R7000 before 1.0.11.126, R7900 before 1.0.4.46, R7900P before 1.4.2.84, R7960P before 1.4.2.84, R8000 before 1.0.4.74, R8000P before 1.4.2.84, RAX200 before 1.0.4.120, RS400 before 1.5.1.80, R6400v2 before 1.0.4.118, R7000P before 1.3.3.140, RAX80 before 1.0.4.120, R6700v3 before 1.0.4.118, R6900P before 1.3.3.140, and RAX75 before 1.0.4.120.

CVSS Score

4.5

MEDIUM

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Netgear	R6400 Firmware	< 1.0.1.70
Netgear	R6400	-
Netgear	R7000 Firmware	< 1.0.11.126
Netgear	R7000	-
Netgear	R7900 Firmware	< 1.0.4.46
Netgear	R7900	-
Netgear	R7900P Firmware	< 1.4.2.84
Netgear	R7900P	-
Netgear	R7960P Firmware	< 1.4.2.84
Netgear	R7960P	-
Netgear	R8000 Firmware	< 1.0.4.74
Netgear	R8000	-
Netgear	R8000P Firmware	< 1.4.2.84
Netgear	R8000P	-
Netgear	R7000P Firmware	< 1.3.3.140
Netgear	R7000P	-
Netgear	R6900P Firmware	< 1.3.3.140
Netgear	R6900P	-
Netgear	R6700V3 Firmware	< 1.0.4.118
Netgear	R6700V3	-

Related Weaknesses (CWE)

CWE-787

References

https://kb.netgear.com/000064498/Security-Advisory-for-Post-Authentication-StackPatchVendor Advisory
https://kb.netgear.com/000064498/Security-Advisory-for-Post-Authentication-StackPatchVendor Advisory

FAQ

What is CVE-2021-45606?

CVE-2021-45606 is a vulnerability with a CVSS score of 4.5 (MEDIUM). Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects R6400 before 1.0.1.70, R7000 before 1.0.11.126, R7900 before 1.0.4.46, R7900P before 1.4.2....

How severe is CVE-2021-45606?

CVE-2021-45606 has been rated MEDIUM with a CVSS base score of 4.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-45606?

Check the references section above for vendor advisories and patch information. Affected products include: Netgear R6400 Firmware, Netgear R6400, Netgear R7000 Firmware, Netgear R7000, Netgear R7900 Firmware.