CVE-2021-45642 — HIGH (7.5)

Q: How severe is CVE-2021-45642?

CVE-2021-45642 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2021-45642?

Check the references section above for vendor advisories and patch information. Affected products include: Netgear D7800 Firmware, Netgear D7800, Netgear Ex6250 Firmware, Netgear Ex6250, Netgear Ex7700 Firmware.

Vulnerability Description

Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D7800 before 1.0.1.64, EX6250 before 1.0.0.134, EX7700 before 1.0.0.222, LBR20 before 2.6.3.50, RBS50Y before 2.7.3.22, R8900 before 1.0.5.26, R9000 before 1.0.5.26, XR450 before 2.3.2.66, XR500 before 2.3.2.66, XR700 before 1.0.1.36, EX7320 before 1.0.0.134, RAX120 before 1.2.2.24, EX7300v2 before 1.0.0.134, RAX120v2 before 1.2.2.24, EX6410 before 1.0.0.134, RBR10 before 2.7.3.22, RBR20 before 2.7.3.22, RBR40 before 2.7.3.22, RBR50 before 2.7.3.22, EX6420 before 1.0.0.134, RBS10 before 2.7.3.22, RBS20 before 2.7.3.22, RBS40 before 2.7.3.22, RBS50 before 2.7.3.22, EX6400v2 before 1.0.0.134, RBK12 before 2.7.3.22, RBK20 before 2.7.3.22, RBK40 before 2.7.3.22, and RBK50 before 2.7.3.22.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:L/I:H/A:L

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality

LOW

Integrity

HIGH

Availability

LOW

Affected Products

Vendor	Product	Versions
Netgear	D7800 Firmware	< 1.0.1.64
Netgear	D7800	-
Netgear	Ex6250 Firmware	< 1.0.0.134
Netgear	Ex6250	-
Netgear	Ex7700 Firmware	< 1.0.0.222
Netgear	Ex7700	-
Netgear	Lbr20 Firmware	< 2.6.3.50
Netgear	Lbr20	-
Netgear	Rbs50Y Firmware	< 2.7.3.22
Netgear	Rbs50Y	-
Netgear	Rbs50 Firmware	< 2.7.3.22
Netgear	Rbs20 Firmware	< 2.7.3.22
Netgear	Rbs20	-
Netgear	Rbs10 Firmware	< 2.7.3.22
Netgear	Rbs10	-
Netgear	Rbs40 Firmware	< 2.7.3.22
Netgear	Rbs40	-
Netgear	R8900 Firmware	< 1.0.5.26
Netgear	R8900	-
Netgear	R9000 Firmware	< 1.0.5.26

References

https://kb.netgear.com/000064491/Security-Advisory-for-Security-MisconfigurationPatchVendor Advisory
https://kb.netgear.com/000064491/Security-Advisory-for-Security-MisconfigurationPatchVendor Advisory

FAQ

What is CVE-2021-45642?

CVE-2021-45642 is a vulnerability with a CVSS score of 7.5 (HIGH). Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D7800 before 1.0.1.64, EX6250 before 1.0.0.134, EX7700 before 1.0.0.222, LBR20 before 2.6.3.50, RBS50...

How severe is CVE-2021-45642?

CVE-2021-45642 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-45642?

Check the references section above for vendor advisories and patch information. Affected products include: Netgear D7800 Firmware, Netgear D7800, Netgear Ex6250 Firmware, Netgear Ex6250, Netgear Ex7700 Firmware.