CVE-2021-29080

EPSS 0.09%
Published 23.03.2021 07:15:14
Last modified 21.11.2024 06:00:40
Source cve@mitre.org
Teams watchlist Login
Open Login

Certain NETGEAR devices are affected by password reset by an unauthenticated attacker. This affects RBK852 before 3.2.10.11, RBK853 before 3.2.10.11, RBR854 before 3.2.10.11, RBR850 before 3.2.10.11, RBS850 before 3.2.10.11, CBR40 before 2.5.0.10, R7000 before 1.0.11.116, R6900P before 1.3.2.126, R7900 before 1.0.4.38, R7960P before 1.4.1.66, R8000 before 1.0.4.66, R7900P before 1.4.1.66, R8000P before 1.4.1.66, RAX75 before 1.0.3.102, RAX80 before 1.0.3.102, and R7000P before 1.3.2.126.

Affected products Warnungen 0 Metrics 4 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Netgear ≫ Rbk852 Firmware Version < 3.2.10.11

Netgear ≫ Rbk852 Version-

Netgear ≫ Rbk853 Firmware Version < 3.2.10.11

Netgear ≫ Rbk853 Version-

Netgear ≫ Rbr854 Firmware Version < 3.2.10.11

Netgear ≫ Rbr854 Version-

Netgear ≫ Rbr850 Firmware Version < 3.2.10.11

Netgear ≫ Rbr850 Version-

Netgear ≫ Rbs850 Firmware Version < 3.2.10.11

Netgear ≫ Rbs850 Version-

Netgear ≫ Cbr40 Firmware Version < 2.5.0.10

Netgear ≫ Cbr40 Version-

Netgear ≫ R7000 Firmware Version < 1.0.11.116

Netgear ≫ R7000 Version-

Netgear ≫ R6900p Firmware Version < 1.3.2.126

Netgear ≫ R6900p Version-

Netgear ≫ R7900 Firmware Version < 1.0.4.38

Netgear ≫ R7900 Version-

Netgear ≫ R7960p Firmware Version < 1.4.1.66

Netgear ≫ R7960p Version-

Netgear ≫ R8000 Firmware Version < 1.0.4.66

Netgear ≫ R8000 Version-

Netgear ≫ R7900p Firmware Version < 1.4.1.66

Netgear ≫ R7900p Version-

Netgear ≫ R8000p Firmware Version < 1.4.1.66

Netgear ≫ R8000p Version-

Netgear ≫ Rax75 Firmware Version < 1.0.3.102

Netgear ≫ Rax75 Version-

Netgear ≫ Rax80 Firmware Version < 1.0.3.102

Netgear ≫ Rax80 Version-

Netgear ≫ R7000p Firmware Version < 1.3.2.126

Netgear ≫ R7000p Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.09%	0.23

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	8.1	2.8	5.2	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
nvd@nist.gov	4.8	6.5	4.9	AV:A/AC:L/Au:N/C:P/I:P/A:N
cve@mitre.org	8.1	2.8	5.2	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

CWE-640 Weak Password Recovery Mechanism for Forgotten Password

The product contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak.

https://kb.netgear.com/000063007/Security-Advisory-for-Pre-authentication-Password-Reset-on-Some-Routers-and-WiFi-Systems-PSV-2019-0150

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-29080

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-29080

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-29080

EUVD