Strix
26.1K

CVE-2021-45642

HIGHCVSS 7.2/10EPSS 0.94%

Last modified

CVE-2021-45642 is a high-severity vulnerability rated 7.2/10 on the CVSS scale. Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D7800 before 1.0.1.64, EX6250 before 1.0.0.134, EX7700 before 1.0.0.222, LBR20 before 2.6.3.50, RBS50Y before 2.7.3.22, R8900 before 1.0.5.26, R9000 before 1.0.5.26, XR450 before 2.3.2.66, XR500 before 2.3.2.66, XR700 before 1.0.1.36, EX7320 before 1.0.0.134, RAX120 before 1.2.2.24, EX7300v2 before 1.0.0.134, RAX120v2 before 1.2.2.24, EX6410 before 1.0.0.134, RBR10 before 2.7.3.22, RBR20 before 2.7.3.22, RBR40 before 2.7.3.22, RBR50 before 2.7.3.22, EX6420 before 1.0.0.134, RBS10 before 2.7.3.22, RBS20 before 2.7.3.22, RBS40 before 2.7.3.22, RBS50 before 2.7.3.22, EX6400v2 before 1.0.0.134, RBK12 before 2.7.3.22, RBK20 before 2.7.3.22, RBK40 before 2.7.3.22, and RBK50 before 2.7.3.22.. EPSS estimates a 0.94% chance of exploitation in the next 30 days.

Description

Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D7800 before 1.0.1.64, EX6250 before 1.0.0.134, EX7700 before 1.0.0.222, LBR20 before 2.6.3.50, RBS50Y before 2.7.3.22, R8900 before 1.0.5.26, R9000 before 1.0.5.26, XR450 before 2.3.2.66, XR500 before 2.3.2.66, XR700 before 1.0.1.36, EX7320 before 1.0.0.134, RAX120 before 1.2.2.24, EX7300v2 before 1.0.0.134, RAX120v2 before 1.2.2.24, EX6410 before 1.0.0.134, RBR10 before 2.7.3.22, RBR20 before 2.7.3.22, RBR40 before 2.7.3.22, RBR50 before 2.7.3.22, EX6420 before 1.0.0.134, RBS10 before 2.7.3.22, RBS20 before 2.7.3.22, RBS40 before 2.7.3.22, RBS50 before 2.7.3.22, EX6400v2 before 1.0.0.134, RBK12 before 2.7.3.22, RBK20 before 2.7.3.22, RBK40 before 2.7.3.22, and RBK50 before 2.7.3.22.

Metrics

CVSS 3.1
7.2/10

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS Probability
0.94%

56.4th percentile

Probability of exploitation in the next 30 days. Learn more

Affected Software

VendorProductVersions
NetgearD7800 Firmware< 1.0.1.64
NetgearEx6250 Firmware< 1.0.0.134
NetgearEx7700 Firmware< 1.0.0.222
NetgearLbr20 Firmware< 2.6.3.50
NetgearRbs50y Firmware< 2.7.3.22
NetgearRbs50 Firmware< 2.7.3.22
NetgearRbs20 Firmware< 2.7.3.22
NetgearRbs10 Firmware< 2.7.3.22
NetgearRbs40 Firmware< 2.7.3.22
NetgearR8900 Firmware< 1.0.5.26
NetgearR9000 Firmware< 1.0.5.26
NetgearXr450 Firmware< 2.3.2.66
NetgearXr500 Firmware< 2.3.2.66
NetgearXr700 Firmware< 1.0.1.36
NetgearEx7320 Firmware< 1.0.0.134
NetgearRax120 Firmware< 1.2.2.24
NetgearEx7300v2 Firmware< 1.0.0.134
NetgearRax120v2 Firmware< 1.2.2.24
NetgearEx6410 Firmware< 1.0.0.134
NetgearEx6420 Firmware< 1.0.0.134
NetgearEx6400v2 Firmware< 1.0.0.134
NetgearRbr10 Firmware< 2.7.3.22
NetgearRbr20 Firmware< 2.7.3.22
NetgearRbr40 Firmware< 2.7.3.22
NetgearRbr50 Firmware< 2.7.3.22
NetgearRbk12 Firmware< 2.7.3.22
NetgearRbk20 Firmware< 2.7.3.22
NetgearRbk40 Firmware< 2.7.3.22
NetgearRbk50 Firmware< 2.7.3.22

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2021-45642?
Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D7800 before 1.0.1.64, EX6250 before 1.0.0.134, EX7700 before 1.0.0.222, LBR20 before 2.6.3.50, RBS50Y before 2.7.3.22, R8900 before 1.0.5.26, R9000 before 1.0.5.26, XR450 before 2.3.2.66, XR500 before 2.3.2.66, XR700 before 1.0.1.36, EX7320 before 1.0.0.134, RAX120 before 1.2.2.24, EX7300v2 before 1.0.0.134, RAX120v2 before 1.2.2.24, EX6410 before 1.0.0.134, RBR10 before 2.7.3.22, RBR20 before 2.7.3.22, RBR40 before 2.7.3.22, RBR50 before 2.7.3.22, EX6420 before 1.0.0.134, RBS10 before 2.7.3.22, RBS20 before 2.7.3.22, RBS40 before 2.7.3.22, RBS50 before 2.7.3.22, EX6400v2 before 1.0.0.134, RBK12 before 2.7.3.22, RBK20 before 2.7.3.22, RBK40 before 2.7.3.22, and RBK50 before 2.7.3.22.
How severe is CVE-2021-45642?
CVE-2021-45642 has a CVSS score of 7.2/10 (HIGH severity). The EPSS model estimates a 0.94% probability of exploitation in the next 30 days.
How do I fix CVE-2021-45642?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2021-45642?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST