CVE-2021-45609

Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D8500 before 1.0.3.58, R6250 before 1.0.4.48, R7000 before 1.0.11.116, R7100LG before 1.0.0.64, R7900 before 1.0.4.38, R8300 before 1.0.2.144, R8500 before 1.0.2.144, XR300 before 1.0.3.68, R7000P before 1.3.2.132, and R6900P before 1.3.2.132.

Published: Dec 26, 2021
Updated: Apr 14, 2023
CVE: CVE-2021-45609
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.8
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

CWEs:

CWE-120

Affected Software
References

Software	From	Fixed in
netgear / d8500_firmware	-	1.0.3.58
netgear / r6250_firmware	-	1.0.4.48
netgear / r7000_firmware	-	1.0.11.116
netgear / r7000p_firmware	-	1.3.2.132
netgear / r6900p_firmware	-	1.3.2.132
netgear / r7900_firmware	-	1.0.4.38
netgear / r8300_firmware	-	1.0.2.144
netgear / r8500_firmware	-	1.0.2.144
netgear / r7100lg_firmware	-	1.0.0.64
netgear / xr300_firmware	-	1.0.3.68

https://kb.netgear.com/000064483/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Routers-PSV-2020-0274

Vulnerability Database

289,697

CVE-2021-45609