{"id": "CVE-2021-45611", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "cve@mitre.org", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 9.6, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 2.8}]}, "published": "2021-12-26T01:15:18.223", "references": [{"url": "https://kb.netgear.com/000064488/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Routers-PSV-2020-0323", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-120"}]}], "descriptions": [{"lang": "en", "value": "Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects DC112A before 1.0.0.52, R6400 before 1.0.1.68, RAX200 before 1.0.3.106, WNDR3400v3 before 1.0.1.38, XR300 before 1.0.3.68, R8500 before 1.0.2.144, RAX75 before 1.0.3.106, R8300 before 1.0.2.144, and RAX80 before 1.0.3.106."}, {"lang": "es", "value": "Determinados dispositivos NETGEAR est\u00e1n afectados por un desbordamiento del b\u00fafer por parte de un atacante no autenticado. Esto afecta a DC112A versiones anteriores a 1.0.0.52, a R6400 versiones anteriores a 1.0.1.68, a RAX200 versiones anteriores a 1.0.3.106, al WNDR3400v3 versiones anteriores a 1.0.1.38, al XR300 versiones anteriores a 1.0.3.68, a R8500 versiones anteriores a 1.0.2.144, a RAX75 versiones anteriores a 1.0.3.106, a R8300 versiones anteriores a 1.0.2.144 y a RAX80 versiones anteriores a 1.0.3.106"}], "lastModified": "2022-01-07T21:18:38.357", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netgear:dc112a:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F87FFC46-137D-45B8-B437-F15565FB33D0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netgear:dc112a_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9C2A36A0-299B-4F7A-80DC-4E7470DB90A3", "versionEndExcluding": "1.0.0.52"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netgear:r6400:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "3E4CDF6B-3829-44D0-9675-71D7BE83CAA2"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netgear:r6400_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "930E739E-EFDC-49AB-9155-A71C2B25FCD6", "versionEndExcluding": "1.0.1.68"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netgear:r8300:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "7A9B77E7-7439-48C6-989F-5E22CB4D3044"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netgear:r8300_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "60634A15-B02A-4C33-A1A4-F6340CFD6B8B", "versionEndExcluding": "1.0.2.144"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netgear:r8500:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "63500DE4-BDBD-4F86-AB99-7DB084D0B912"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netgear:r8500_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F8E565CF-8408-4502-97BD-01CEF15D0744", "versionEndExcluding": "1.0.2.144"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netgear:wndr3400v3:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "37F227D8-332F-4D24-BAEA-AA5DB3E3EC95"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netgear:wndr3400v3_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "74D56916-196C-4D97-8228-43652B9FCABE", "versionEndExcluding": "1.0.1.38"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netgear:xr300:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "5590CF28-B88A-4755-904B-1BC1778FBEDD"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netgear:xr300_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3AE70236-D1C6-4B58-8385-1FA5F71916AF", "versionEndExcluding": "1.0.3.68"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netgear:rax200:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "58EB0F2F-FB5C-47D9-9AE6-087AE517B3F9"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netgear:rax200_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "04513F08-329D-446F-A356-29074C1C0BEA", "versionEndExcluding": "1.0.3.106"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netgear:rax75:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "1BAA74D7-36A1-4494-96A2-BD0D2D6BF22F"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netgear:rax75_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C0318AD0-52A7-490F-94C1-D07C97370D2C", "versionEndExcluding": "1.0.3.106"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netgear:rax80_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "34D7AF28-F117-4E31-AED8-A3179B1BE182", "versionEndExcluding": "1.0.3.106"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netgear:rax80:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "06B5A85C-3588-4263-B9AD-4E56D3F6CB16"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}
