Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-45608

Certain D-Link, Edimax, NETGEAR, TP-Link, Tenda, and Western Digital devices are affected by an integer overflow by an unauthenticated attacker. Remote code execution from the WAN interface (TCP port 20005) cannot be ruled out; however, exploitability was judged to be of "rather significant complexity" but not "impossible." The overflow is in SoftwareBus_dispatchNormalEPMsgOut in the KCodes NetUSB kernel module. Affected NETGEAR devices are D7800 before 1.0.1.68, R6400v2 before 1.0.4.122, and R6700v3 before 1.0.4.122.

Published

2021-12-26T01:15:18.083

Last Modified

2024-11-21T06:32:39.413

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.5 (MEDIUM)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

  • Access Vector: NETWORK
  • Access Complexity: LOW
  • Authentication: NONE
  • Confidentiality Impact: PARTIAL
  • Integrity Impact: PARTIAL
  • Availability Impact: PARTIAL
Exploitability Score

10.0

Impact Score

6.4

Weaknesses
  • Type: Primary
    CWE-190
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Operating System netgear d7800_firmware < 1.0.1.68 Yes
Hardware netgear d7800 - No
Operating System netgear r6400v2_firmware < 1.0.4.122 Yes
Hardware netgear r6400v2 - No
Operating System netgear r6700v3_firmware < 1.0.4.122 Yes
Hardware netgear r6700v3 - No
References