← Back

CVE-2021-45603

nvd nist
Published: Dec 26, 2021Modified: Nov 21, 2024

JSON object

Loading...
5.5
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Exploitability: 1.8 / Impact: 3.6
Source: NVD

Description

Certain NETGEAR devices are affected by disclosure of sensitive information. A UPnP request reveals a device's serial number, which can be used for a password reset. This affects D7800 before 1.0.1.66, EX2700 before 1.0.1.68, WN3000RPv2 before 1.0.0.90, WN3000RPv3 before 1.0.2.100, LBR1020 before 2.6.5.20, LBR20 before 2.6.5.32, R6700AX before 1.0.10.110, R7800 before 1.0.2.86, R8900 before 1.0.5.38, R9000 before 1.0.5.38, RAX10 before 1.0.10.110, RAX120v1 before 1.2.3.28, RAX120v2 before 1.2.3.28, RAX70 before 1.0.10.110, RAX78 before 1.0.10.110, XR450 before 2.3.2.130, XR500 before 2.3.2.130, and XR700 before 1.0.1.46.

Affected (18)

Netgear
18 products
D7800 Firmware
Ex2700 Firmware
Wn3000rpv2 Firmware
Wn3000rpv3 Firmware
Lbr1020 Firmware
Lbr20 Firmware
R6700ax Firmware
R7800 Firmware
R8900 Firmware
R9000 Firmware
Rax10 Firmware
Rax120v1 Firmware
Rax120v2 Firmware
Rax70 Firmware
Rax78 Firmware
Xr450 Firmware
Xr500 Firmware
Xr700 Firmware
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
D7800 Firmware
Before 1.0.1.66
Running on/withPlatform Versions
Netgear
D7800
All versions
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Ex2700 Firmware
Before 1.0.1.68
Running on/withPlatform Versions
Netgear
Ex2700
All versions
Configuration C
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Wn3000rpv2 Firmware
Before 1.0.0.90
Running on/withPlatform Versions
Netgear
Wn3000rpv2
All versions
Configuration D
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Wn3000rpv3 Firmware
Before 1.0.2.100
Running on/withPlatform Versions
Netgear
Wn3000rpv3
All versions
Configuration E
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Lbr1020 Firmware
Before 2.6.5.20
Running on/withPlatform Versions
Netgear
Lbr1020
All versions
Configuration F
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Lbr20 Firmware
Before 2.6.5.32
Running on/withPlatform Versions
Netgear
Lbr20
All versions
Configuration G
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
R6700ax Firmware
Before 1.0.10.110
Running on/withPlatform Versions
Netgear
R6700ax
All versions
Configuration H
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
R7800 Firmware
Before 1.0.2.86
Running on/withPlatform Versions
Netgear
R7800
All versions
Configuration I
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
R8900 Firmware
Before 1.0.5.38
Running on/withPlatform Versions
Netgear
R8900
All versions
Configuration J
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
R9000 Firmware
Before 1.0.5.38
Running on/withPlatform Versions
Netgear
R9000
All versions
Configuration K
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Rax10 Firmware
Before 1.0.10.110
Running on/withPlatform Versions
Netgear
Rax10
All versions
Configuration L
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Rax120v1 Firmware
Before 1.2.3.28
Running on/withPlatform Versions
Netgear
Rax120v1
All versions
Configuration M
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Rax120v2 Firmware
Before 1.2.3.28
Running on/withPlatform Versions
Netgear
Rax120v2
All versions
Configuration N
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Rax70 Firmware
Before 1.0.10.110
Running on/withPlatform Versions
Netgear
Rax70
All versions
Configuration O
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Rax78 Firmware
Before 1.0.10.110
Running on/withPlatform Versions
Netgear
Rax78
All versions
Configuration P
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Xr450 Firmware
Before 2.3.2.130
Running on/withPlatform Versions
Netgear
Xr450
All versions
Configuration Q
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Xr500 Firmware
Before 2.3.2.130
Running on/withPlatform Versions
Netgear
Xr500
All versions
Configuration R
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Xr700 Firmware
Before 1.0.1.46
Running on/withPlatform Versions
Netgear
Xr700
All versions

Related CWEs

CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (4)

Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory

Timeline

No history available yet.