CVE-2021-45603

Published Dec 26, 2021
Last updated 3 years ago
CVSS medium 5.5
Overview

Description: Certain NETGEAR devices are affected by disclosure of sensitive information. A UPnP request reveals a device's serial number, which can be used for a password reset. This affects D7800 before 1.0.1.66, EX2700 before 1.0.1.68, WN3000RPv2 before 1.0.0.90, WN3000RPv3 before 1.0.2.100, LBR1020 before 2.6.5.20, LBR20 before 2.6.5.32, R6700AX before 1.0.10.110, R7800 before 1.0.2.86, R8900 before 1.0.5.38, R9000 before 1.0.5.38, RAX10 before 1.0.10.110, RAX120v1 before 1.2.3.28, RAX120v2 before 1.2.3.28, RAX70 before 1.0.10.110, RAX78 before 1.0.10.110, XR450 before 2.3.2.130, XR500 before 2.3.2.130, and XR700 before 1.0.1.46.
Source: cve@mitre.org
NVD status: Analyzed
Risk scores

CVSS 3.1

Type: Primary
Base score: 5.5
Impact score: 3.6
Exploitability score: 1.8
Vector string: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Severity: MEDIUM
CVSS 2.0

Type: Primary
Base score: 2.1
Impact score: 2.9
Exploitability score: 3.9
Vector string: AV:L/AC:L/Au:N/C:P/I:N/A:N
Weaknesses

nvd@nist.gov: CWE-200
Hype score: Not currently trending
Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:netgear:d7800_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EBB7728E-4535-4A67-9F8F-3CD4FE29C4A9",
            "versionEndExcluding": "1.0.1.66"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:netgear:d7800:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "DA2D4987-3726-4A72-8D32-592F59FAC46D"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:netgear:ex2700_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "110B4669-7AA6-4444-BFEF-9F7DF5C40D0B",
            "versionEndExcluding": "1.0.1.68"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:netgear:ex2700:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "5341B659-DE7D-43F1-954D-82049CBE18AD"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:netgear:wn3000rpv2_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A7305D0F-6995-411B-BDF6-106102C717AB",
            "versionEndExcluding": "1.0.0.90"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:netgear:wn3000rpv2:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "50BC8FA2-F9D5-4286-97DD-BD2A55EA234D"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:netgear:wn3000rpv3_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "28C0758E-2793-4342-AEA0-DA7F49C4A38E",
            "versionEndExcluding": "1.0.2.100"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:netgear:wn3000rpv3:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "958243A2-6829-464F-80EA-7DD5B6F0DD7A"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:netgear:lbr1020_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "05E6F6DD-5CC6-426B-92F5-34B9A8525810",
            "versionEndExcluding": "2.6.5.20"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:netgear:lbr1020:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "953F0743-4B34-4CE9-815E-D87253720CBE"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:netgear:lbr20_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8AAD88A5-E90E-4A96-BE01-DF14ADC44881",
            "versionEndExcluding": "2.6.5.32"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:netgear:lbr20:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "863E45EA-2DA0-4C9A-9B87-79E42B3FF97C"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:netgear:r6700ax_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C65624DD-9DDF-4167-89D9-8629587082A6",
            "versionEndExcluding": "1.0.10.110"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:netgear:r6700ax:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "F9B37178-0C67-4EF0-A9B8-5BB5B9DBFB8F"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:netgear:r7800_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "76FAB8C7-79BA-4592-AF47-198D3EE48DCF",
            "versionEndExcluding": "1.0.2.86"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:netgear:r7800:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "17CF7445-6950-45FE-9D1A-E23F63316329"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:netgear:r8900_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "13593203-FB80-4BDA-96CC-AAE5C33E560A",
            "versionEndExcluding": "1.0.5.38"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:netgear:r8900:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "0F859165-8D89-4CDD-9D48-9C7923D2261F"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:netgear:r9000_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4D90EEE2-4D7C-46ED-9DF4-C232F30D97ED",
            "versionEndExcluding": "1.0.5.38"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:netgear:r9000:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "D74F1BFC-562E-4E7D-BBAB-2F8B593B5A57"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:netgear:rax10_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FB930C5E-4232-4212-AFEB-A4D0904F2B22",
            "versionEndExcluding": "1.0.10.110"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:netgear:rax10:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "1742F1BB-3D78-4E5E-9479-6614A56B4700"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:netgear:rax120v1_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E370208B-8A35-4F76-8C79-BD5F1ABECA4D",
            "versionEndExcluding": "1.2.3.28"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:netgear:rax120v1:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "774148F4-42EA-4F2A-98AB-1511DAB5774A"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:netgear:rax120v2_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "91CED146-E9DC-4F73-A2CF-A6D78F29D0F7",
            "versionEndExcluding": "1.2.3.28"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:netgear:rax120v2:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "50D741E6-43F9-4BDC-B1A4-281AC73A7C19"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:netgear:rax70_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EE615E08-904D-4DD5-835F-CE48B6D87650",
            "versionEndExcluding": "1.0.10.110"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:netgear:rax70:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "AE1314C3-4950-4F5A-9900-789710CE7F98"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:netgear:rax78_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A4940E3E-2320-4B73-B5DB-DDB7BE410EF0",
            "versionEndExcluding": "1.0.10.110"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:netgear:rax78:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "EABDFEEF-228C-429E-9B80-B6A0CA7D5AA9"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:netgear:xr450_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1EC1DFC6-B5A7-486B-BD50-BB79B3FF368A",
            "versionEndExcluding": "2.3.2.130"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:netgear:xr450:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "66B9CE4D-D1EC-4F55-8226-D159CF5F3AB6"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:netgear:xr500_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E50B1D80-6C4A-488D-8CAC-638DFFE23E6F",
            "versionEndExcluding": "2.3.2.130"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:netgear:xr500:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "9E203D92-F97B-4F5B-B395-3A5DEDBF1C1C"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:netgear:xr700_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E3539C94-0B31-48FC-A432-3DC3E4E0CBBC",
            "versionEndExcluding": "1.0.1.46"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:netgear:xr700:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "E12892C8-5E01-49A6-BF47-09D630377093"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]
Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References
