CVE-2021-45611

Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects DC112A before 1.0.0.52, R6400 before 1.0.1.68, RAX200 before 1.0.3.106, WNDR3400v3 before 1.0.1.38, XR300 before 1.0.3.68, R8500 before 1.0.2.144, RAX75 before 1.0.3.106, R8300 before 1.0.2.144, and RAX80 before 1.0.3.106.

Published: Dec 26, 2021
Updated: Apr 14, 2023
CVE: CVE-2021-45611
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.8
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

CWEs:

CWE-120

Affected Software
References

Software	From	Fixed in
netgear / dc112a_firmware	-	1.0.0.52
netgear / r6400_firmware	-	1.0.1.68
netgear / r8300_firmware	-	1.0.2.144
netgear / r8500_firmware	-	1.0.2.144
netgear / wndr3400v3_firmware	-	1.0.1.38
netgear / xr300_firmware	-	1.0.3.68
netgear / rax200_firmware	-	1.0.3.106
netgear / rax75_firmware	-	1.0.3.106
netgear / rax80_firmware	-	1.0.3.106

https://kb.netgear.com/000064488/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Routers-PSV-2020-0323

Vulnerability Database

289,697

CVE-2021-45611