10

CVE-2021-45610

Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D6220 before 1.0.0.66, D6400 before 1.0.0.100, D7000v2 before 1.0.0.66, D8500 before 1.0.3.58, DC112A before 1.0.0.52, DGN2200v4 before 1.0.0.118, EAX80 before 1.0.1.64, R6250 before 1.0.4.48, R7000 before 1.0.11.110, R7100LG before 1.0.0.72, R7900 before 1.0.4.30, R7960P before 1.4.1.64, R8000 before 1.0.4.62, RAX200 before 1.0.3.106, RS400 before 1.5.1.80, XR300 before 1.0.3.68, R6400v2 before 1.0.4.106, R7000P before 1.3.2.132, R8000P before 1.4.1.64, RAX20 before 1.0.2.82, RAX45 before 1.0.2.82, RAX80 before 1.0.3.106, R6700v3 before 1.0.4.106, R6900P before 1.3.2.132, R7900P before 1.4.1.64, RAX15 before 1.0.2.82, RAX50 before 1.0.2.82, and RAX75 before 1.0.3.106.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
NetgearD6220 Firmware Version < 1.0.0.66
   NetgearD6220 Version-
NetgearD6400 Firmware Version < 1.0.0.100
   NetgearD6400 Version-
NetgearD7000v2 Firmware Version < 1.0.0.66
   NetgearD7000v2 Version-
NetgearD8500 Firmware Version < 1.0.3.58
   NetgearD8500 Version-
NetgearDc112a Firmware Version < 1.0.0.52
   NetgearDc112a Version-
NetgearDgn2200v4 Firmware Version < 1.0.0.118
   NetgearDgn2200v4 Version-
NetgearEax80 Firmware Version < 1.0.1.64
   NetgearEax80 Version-
NetgearR6250 Firmware Version < 1.0.4.48
   NetgearR6250 Version-
NetgearR7000 Firmware Version < 1.0.11.110
   NetgearR7000 Version-
NetgearR7000p Firmware Version < 1.3.2.132
   NetgearR7000p Version-
NetgearR8000 Firmware Version < 1.0.4.62
   NetgearR8000 Version-
NetgearR8000p Firmware Version < 1.4.1.64
   NetgearR8000p Version-
NetgearR7100lg Firmware Version < 1.0.0.72
   NetgearR7100lg Version-
NetgearR7900 Firmware Version < 1.0.4.30
   NetgearR7900 Version-
NetgearR7900p Firmware Version < 1.4.1.64
   NetgearR7900p Version-
NetgearR7960p Firmware Version < 1.4.1.64
   NetgearR7960p Version-
NetgearR6900p Firmware Version < 1.3.2.132
   NetgearR6900p Version-
NetgearR6400v2 Firmware Version < 1.0.4.106
   NetgearR6400v2 Version-
NetgearR6700v3 Firmware Version < 1.0.4.106
   NetgearR6700v3 Version-
NetgearXr300 Firmware Version < 1.0.3.68
   NetgearXr300 Version-
NetgearRs400 Firmware Version < 1.5.1.80
   NetgearRs400 Version-
NetgearRax200 Firmware Version < 1.0.3.106
   NetgearRax200 Version-
NetgearRax20 Firmware Version < 1.0.2.82
   NetgearRax20 Version-
NetgearRax45 Firmware Version < 1.0.2.82
   NetgearRax45 Version-
NetgearRax80 Firmware Version < 1.0.3.106
   NetgearRax80 Version-
NetgearRax15 Firmware Version < 1.0.2.82
   NetgearRax15 Version-
NetgearRax50 Firmware Version < 1.0.2.82
   NetgearRax50 Version-
NetgearRax75 Firmware Version < 1.0.3.106
   NetgearRax75 Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.29% 0.497
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 10 10 10
AV:N/AC:L/Au:N/C:C/I:C/A:C
cve@mitre.org 9.6 2.8 6
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.