CVE-2021-45504 - NVD | ByteOS Network

NVD Vulnerability Details :

CVE-2021-45504

Analyzed

More Info Official Page

Source-cve@mitre.org

Published At-26 Dec, 2021 | 01:15

Updated At-12 Jul, 2022 | 17:42

Certain NETGEAR devices are affected by authentication bypass. This affects CBR40 before 2.5.0.24, CBR750 before 4.6.3.6, RBR852 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12.

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	9.8	CRITICAL	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Secondary	3.1	9.6	CRITICAL	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Primary	2.0	7.5	HIGH	AV:N/AC:L/Au:N/C:P/I:P/A:P

Type: Primary

Version: 3.1

Base score: 9.8

Base severity: CRITICAL

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Type: Secondary

Version: 3.1

Base score: 9.6

Base severity: CRITICAL

Vector:

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Type: Primary

Version: 2.0

Base score: 7.5

Base severity: HIGH

Vector:

AV:N/AC:L/Au:N/C:P/I:P/A:P

CPE Matches

>>cbr40_firmware>>Versions before 2.5.0.24(exclusive)

cpe:2.3:o:netgear:cbr40_firmware:*:*:*:*:*:*:*:*

>>cbr40>>-

cpe:2.3:h:netgear:cbr40:-:*:*:*:*:*:*:*

>>cbr750_firmware>>Versions before 4.6.3.6(exclusive)

cpe:2.3:o:netgear:cbr750_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:cbr750:-:*:*:*:*:*:*:*

>>rbr850_firmware>>Versions before 3.2.17.12(exclusive)

cpe:2.3:o:netgear:rbr850_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:rbr850:-:*:*:*:*:*:*:*

>>rbr852_firmware>>Versions before 3.2.17.12(exclusive)

cpe:2.3:o:netgear:rbr852_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:rbr852:-:*:*:*:*:*:*:*

>>rbs850_firmware>>Versions before 3.2.17.12(exclusive)

cpe:2.3:o:netgear:rbs850_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:rbs850:-:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
NVD-CWE-noinfo	Primary	nvd@nist.gov

CWE ID: NVD-CWE-noinfo

Type: Primary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
https://kb.netgear.com/000064128/Security-Advisory-for-Authentication-Bypass-on-Some-WiFi-Systems-PSV-2020-0475	cve@mitre.org	Patch Vendor Advisory

Hyperlink: https://kb.netgear.com/000064128/Security-Advisory-for-Authentication-Bypass-on-Some-WiFi-Systems-PSV-2020-0475

Source: cve@mitre.org

Resource:

Patch

Vendor Advisory