Vulnerability Details CVE-2021-45603
Certain NETGEAR devices are affected by disclosure of sensitive information. A UPnP request reveals a device's serial number, which can be used for a password reset. This affects D7800 before 1.0.1.66, EX2700 before 1.0.1.68, WN3000RPv2 before 1.0.0.90, WN3000RPv3 before 1.0.2.100, LBR1020 before 2.6.5.20, LBR20 before 2.6.5.32, R6700AX before 1.0.10.110, R7800 before 1.0.2.86, R8900 before 1.0.5.38, R9000 before 1.0.5.38, RAX10 before 1.0.10.110, RAX120v1 before 1.2.3.28, RAX120v2 before 1.2.3.28, RAX70 before 1.0.10.110, RAX78 before 1.0.10.110, XR450 before 2.3.2.130, XR500 before 2.3.2.130, and XR700 before 1.0.1.46.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 4.6%
CVSS Severity
CVSS v3 Score 6.1
CVSS v2 Score 2.1
References
- https://immersivelabs.com/resources/blog/netgear-vulnerabilities-could-put-small-business-routers-at-risk/
- https://kb.netgear.com/000064407/Security-Advisory-for-Post-Authentication-Command-Injection-Sensitive-Information-Disclosure-on-Multiple-Products-PSV-2021-0169-PSV-2021-0171
- https://immersivelabs.com/resources/blog/netgear-vulnerabilities-could-put-small-business-routers-at-risk/
- https://kb.netgear.com/000064407/Security-Advisory-for-Post-Authentication-Command-Injection-Sensitive-Information-Disclosure-on-Multiple-Products-PSV-2021-0169-PSV-2021-0171
Products affected by CVE-2021-45603
-
cpe:2.3:h:netgear:d7800:-
-
cpe:2.3:h:netgear:ex2700:-
-
cpe:2.3:h:netgear:lbr1020:-
-
cpe:2.3:h:netgear:lbr20:-
-
cpe:2.3:h:netgear:r6700ax:-
-
cpe:2.3:h:netgear:r7800:-
-
cpe:2.3:h:netgear:r8900:-
-
cpe:2.3:h:netgear:r9000:-
-
cpe:2.3:h:netgear:rax10:-
-
cpe:2.3:h:netgear:rax120v1:-
-
cpe:2.3:h:netgear:rax120v2:-
-
cpe:2.3:h:netgear:rax70:-
-
cpe:2.3:h:netgear:rax78:-
-
cpe:2.3:h:netgear:wn3000rpv2:-
-
cpe:2.3:h:netgear:wn3000rpv3:-
-
cpe:2.3:h:netgear:xr450:-
-
cpe:2.3:h:netgear:xr500:-
-
cpe:2.3:h:netgear:xr700:-
-
cpe:2.3:o:netgear:d7800_firmware:-
-
cpe:2.3:o:netgear:d7800_firmware:1.0.1.22
-
cpe:2.3:o:netgear:d7800_firmware:1.0.1.24
-
cpe:2.3:o:netgear:d7800_firmware:1.0.1.28
-
cpe:2.3:o:netgear:d7800_firmware:1.0.1.30
-
cpe:2.3:o:netgear:d7800_firmware:1.0.1.31
-
cpe:2.3:o:netgear:d7800_firmware:1.0.1.34
-
cpe:2.3:o:netgear:d7800_firmware:1.0.1.40
-
cpe:2.3:o:netgear:d7800_firmware:1.0.1.42
-
cpe:2.3:o:netgear:d7800_firmware:1.0.1.44
-
cpe:2.3:o:netgear:d7800_firmware:1.0.1.47
-
cpe:2.3:o:netgear:d7800_firmware:1.0.1.56
-
cpe:2.3:o:netgear:d7800_firmware:1.0.1.58
-
cpe:2.3:o:netgear:d7800_firmware:1.0.1.64
-
cpe:2.3:o:netgear:ex2700_firmware:-
-
cpe:2.3:o:netgear:ex2700_firmware:1.0.1.28
-
cpe:2.3:o:netgear:ex2700_firmware:1.0.1.32
-
cpe:2.3:o:netgear:ex2700_firmware:1.0.1.42
-
cpe:2.3:o:netgear:ex2700_firmware:1.0.1.48
-
cpe:2.3:o:netgear:ex2700_firmware:1.0.1.52
-
cpe:2.3:o:netgear:ex2700_firmware:1.0.1.58
-
cpe:2.3:o:netgear:lbr1020_firmware:*
-
cpe:2.3:o:netgear:lbr20_firmware:2.6.3.50
-
cpe:2.3:o:netgear:r6700ax_firmware:*
-
cpe:2.3:o:netgear:r7800_firmware:-
-
cpe:2.3:o:netgear:r7800_firmware:1.0.1.30
-
cpe:2.3:o:netgear:r7800_firmware:1.0.2.16
-
cpe:2.3:o:netgear:r7800_firmware:1.0.2.28
-
cpe:2.3:o:netgear:r7800_firmware:1.0.2.30
-
cpe:2.3:o:netgear:r7800_firmware:1.0.2.32
-
cpe:2.3:o:netgear:r7800_firmware:1.0.2.36
-
cpe:2.3:o:netgear:r7800_firmware:1.0.2.38
-
cpe:2.3:o:netgear:r7800_firmware:1.0.2.40
-
cpe:2.3:o:netgear:r7800_firmware:1.0.2.42
-
cpe:2.3:o:netgear:r7800_firmware:1.0.2.44
-
cpe:2.3:o:netgear:r7800_firmware:1.0.2.46
-
cpe:2.3:o:netgear:r7800_firmware:1.0.2.52
-
cpe:2.3:o:netgear:r7800_firmware:1.0.2.58
-
cpe:2.3:o:netgear:r7800_firmware:1.0.2.60
-
cpe:2.3:o:netgear:r7800_firmware:1.0.2.62
-
cpe:2.3:o:netgear:r7800_firmware:1.0.2.68
-
cpe:2.3:o:netgear:r7800_firmware:1.0.2.74
-
cpe:2.3:o:netgear:r7800_firmware:1.0.2.78
-
cpe:2.3:o:netgear:r7800_firmware:1.0.2.80
-
cpe:2.3:o:netgear:r8900_firmware:-
-
cpe:2.3:o:netgear:r8900_firmware:1.0.2.60
-
cpe:2.3:o:netgear:r8900_firmware:1.0.3.10
-
cpe:2.3:o:netgear:r8900_firmware:1.0.3.6
-
cpe:2.3:o:netgear:r8900_firmware:1.0.4.12
-
cpe:2.3:o:netgear:r8900_firmware:1.0.4.2
-
cpe:2.3:o:netgear:r8900_firmware:1.0.4.26
-
cpe:2.3:o:netgear:r8900_firmware:1.0.4.28
-
cpe:2.3:o:netgear:r8900_firmware:1.0.5.18
-
cpe:2.3:o:netgear:r8900_firmware:1.0.5.2
-
cpe:2.3:o:netgear:r8900_firmware:1.0.5.24
-
cpe:2.3:o:netgear:r8900_firmware:1.0.5.26
-
cpe:2.3:o:netgear:r9000_firmware:-
-
cpe:2.3:o:netgear:r9000_firmware:1.0.2.30
-
cpe:2.3:o:netgear:r9000_firmware:1.0.2.4
-
cpe:2.3:o:netgear:r9000_firmware:1.0.2.40
-
cpe:2.3:o:netgear:r9000_firmware:1.0.2.52
-
cpe:2.3:o:netgear:r9000_firmware:1.0.3.10
-
cpe:2.3:o:netgear:r9000_firmware:1.0.3.16
-
cpe:2.3:o:netgear:r9000_firmware:1.0.3.6
-
cpe:2.3:o:netgear:r9000_firmware:1.0.4.12
-
cpe:2.3:o:netgear:r9000_firmware:1.0.4.2
-
cpe:2.3:o:netgear:r9000_firmware:1.0.4.26
-
cpe:2.3:o:netgear:r9000_firmware:1.0.4.28
-
cpe:2.3:o:netgear:r9000_firmware:1.0.4.8
-
cpe:2.3:o:netgear:r9000_firmware:1.0.5.18
-
cpe:2.3:o:netgear:r9000_firmware:1.0.5.2
-
cpe:2.3:o:netgear:r9000_firmware:1.0.5.24
-
cpe:2.3:o:netgear:r9000_firmware:1.0.5.26
-
cpe:2.3:o:netgear:rax10_firmware:-
-
cpe:2.3:o:netgear:rax120v1_firmware:-
-
cpe:2.3:o:netgear:rax120v2_firmware:-
-
cpe:2.3:o:netgear:rax70_firmware:-
-
cpe:2.3:o:netgear:rax78_firmware:-
-
cpe:2.3:o:netgear:wn3000rpv2_firmware:-
-
cpe:2.3:o:netgear:wn3000rpv2_firmware:1.0.0.68
-
cpe:2.3:o:netgear:wn3000rpv2_firmware:1.0.0.78
-
cpe:2.3:o:netgear:wn3000rpv3_firmware:1.0.2.78
-
cpe:2.3:o:netgear:wn3000rpv3_firmware:1.0.2.86
-
cpe:2.3:o:netgear:xr450_firmware:-
-
cpe:2.3:o:netgear:xr450_firmware:2.3.2.114
-
cpe:2.3:o:netgear:xr450_firmware:2.3.2.32
-
cpe:2.3:o:netgear:xr450_firmware:2.3.2.40
-
cpe:2.3:o:netgear:xr450_firmware:2.3.2.66
-
cpe:2.3:o:netgear:xr500_firmware:-
-
cpe:2.3:o:netgear:xr500_firmware:2.3.2.114
-
cpe:2.3:o:netgear:xr500_firmware:2.3.2.22
-
cpe:2.3:o:netgear:xr500_firmware:2.3.2.32
-
cpe:2.3:o:netgear:xr500_firmware:2.3.2.40
-
cpe:2.3:o:netgear:xr500_firmware:2.3.2.56
-
cpe:2.3:o:netgear:xr500_firmware:2.3.2.66
-
cpe:2.3:o:netgear:xr700_firmware:-
-
cpe:2.3:o:netgear:xr700_firmware:1.0.1.10
-
cpe:2.3:o:netgear:xr700_firmware:1.0.1.20
-
cpe:2.3:o:netgear:xr700_firmware:1.0.1.34
-
cpe:2.3:o:netgear:xr700_firmware:1.0.1.36