CVE-2021-45648

EPSS 0.31%
Veröffentlicht 26.12.2021 01:15:20
Zuletzt bearbeitet 21.11.2024 06:32:46
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

Certain NETGEAR devices are affected by disclosure of sensitive information. This affects EX6100v2 before 1.0.1.106, EX6150v2 before 1.0.1.106, EX6250 before 1.0.0.146, EX6400 before 1.0.2.164, EX6400v2 before 1.0.0.146, EX6410 before 1.0.0.146, EX6420 before 1.0.0.146, EX7300 before 1.0.2.164, EX7300v2 before 1.0.0.146, EX7320 before 1.0.0.146, EX7700 before 1.0.0.222, LBR1020 before 2.6.5.16, LBR20 before 2.6.5.2, RBK352 before 4.3.4.7, RBK50 before 2.7.3.22, RBR350 before 4.3.4.7, RBR50 before 2.7.3.22, and RBS350 before 4.3.4.7.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Netgear ≫ Ex6100v2 Firmware Version < 1.0.1.106

Netgear ≫ Ex6100v2 Version-

Netgear ≫ Ex6150v2 Firmware Version < 1.0.1.106

Netgear ≫ Ex6150v2 Version-

Netgear ≫ Ex6250 Firmware Version < 1.0.0.146

Netgear ≫ Ex6250 Version-

Netgear ≫ Ex6400 Firmware Version < 1.0.2.164

Netgear ≫ Ex6400 Version-

Netgear ≫ Ex6400v2 Firmware Version < 1.0.0.146

Netgear ≫ Ex6400v2 Version-

Netgear ≫ Ex6410 Firmware Version < 1.0.0.146

Netgear ≫ Ex6410 Version-

Netgear ≫ Ex6420 Firmware Version < 1.0.0.146

Netgear ≫ Ex6420 Version-

Netgear ≫ Ex7300 Firmware Version < 1.0.2.164

Netgear ≫ Ex7300 Version-

Netgear ≫ Ex7300v2 Firmware Version < 1.0.0.146

Netgear ≫ Ex7300v2 Version-

Netgear ≫ Ex7320 Firmware Version < 1.0.0.146

Netgear ≫ Ex7320 Version-

Netgear ≫ Ex7700 Firmware Version < 1.0.0.222

Netgear ≫ Ex7700 Version-

Netgear ≫ Lbr1020 Firmware Version < 2.6.5.16

Netgear ≫ Lbr1020 Version-

Netgear ≫ Lbr20 Firmware Version < 2.6.5.2

Netgear ≫ Lbr20 Version-

Netgear ≫ Rbk352 Firmware Version < 4.3.4.7

Netgear ≫ Rbk352 Version-

Netgear ≫ Rbk50 Firmware Version < 2.7.3.22

Netgear ≫ Rbk50 Version-

Netgear ≫ Rbr350 Firmware Version < 4.3.4.7

Netgear ≫ Rbr350 Version-

Netgear ≫ Rbr50 Firmware Version < 2.7.3.22

Netgear ≫ Rbr50 Version-

Netgear ≫ Rbs350 Firmware Version < 4.3.4.7

Netgear ≫ Rbs350 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.31%	0.508

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N
cve@mitre.org	3.1	1.6	1.4	CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

https://kb.netgear.com/000064494/Security-Advisory-for-Sensitive-Information-Disclosure-on-Some-Routers-Extenders-and-WiFi-Systems-PSV-2020-0453

Patch

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-45648

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-45648

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-45648

EUVD