CRITICAL✓ PATCH🇬🇧 English

CVE-2021-38516

CVSS 10.0v3.1pub. 2021-08-11upd. 2024-11-21

Certain NETGEAR devices are affected by lack of access control at the function level. This affects D6220 before 1.0.0.48, D6400 before 1.0.0.82, D7000v2 before 1.0.0.52, D7800 before 1.0.1.44, D8500 before 1.0.3.43, DC112A before 1.0.0.40, DGN2200v4 before 1.0.0.108, RBK50 before 2.3.0.32, RBR50 before 2.3.0.32, RBS50 before 2.3.0.32, RBK20 before 2.3.0.28, RBR20 before 2.3.0.28, RBS20 before 2.3.0.28, RBK40 before 2.3.0.28, RBR40 before 2.3.0.28, RBS40 before 2.3.0.28, R6020 before 1.0.0.34, R6080 before 1.0.0.34, R6120 before 1.0.0.44, R6220 before 1.1.0.80, R6230 before 1.1.0.80, R6250 before 1.0.4.34, R6260 before 1.1.0.40, R6850 before 1.1.0.40, R6350 before 1.1.0.40, R6400v2 before 1.0.2.62, R6700v3 before 1.0.2.62, R6700v2 before 1.2.0.36, R6800 before 1.2.0.36, R6900v2 before 1.2.0.36, R7000 before 1.0.9.34, R6900P before 1.3.1.44, R7000P before 1.3.1.44, R7100LG before 1.0.0.48, R7200 before 1.2.0.48, R7350 before 1.2.0.48, R7400 before 1.2.0.48, R7450 before 1.2.0.36, AC2100 before 1.2.0.36, AC2400 before 1.2.0.36, AC2600 before 1.2.0.36, R7500v2 before 1.0.3.38, R7800 before 1.0.2.58, R7900 before 1.0.3.8, R7960P before 1.4.1.44, R8000 before 1.0.4.28, R7900P before 1.4.1.30, R8000P before 1.4.1.30, R8900 before 1.0.4.2, R9000 before 1.0.4.2, RAX120 before 1.0.0.74, RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, RBS850 before 3.2.16.6, WNR3500Lv2 before 1.2.0.56, XR450 before 2.3.2.32, and XR500 before 2.3.2.32.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
  • Netgear Ac2100

    HW
    Netgear
    wszystkie wersje
  • Netgear Ac2100 Firmware

    OS
    Netgear
    < 1.2.0.36
  • Netgear Ac2400

    HW
    Netgear
    wszystkie wersje
  • Netgear Ac2400 Firmware

    OS
    Netgear
    < 1.2.0.36
  • Netgear Ac2600

    HW
    Netgear
    wszystkie wersje
  • Netgear Ac2600 Firmware

    OS
    Netgear
    < 1.2.0.36
  • Netgear D6220

    HW
    Netgear
    wszystkie wersje
  • Netgear D6220 Firmware

    OS
    Netgear
    < 1.0.0.48
  • Netgear D6400

    HW
    Netgear
    wszystkie wersje
  • Netgear D6400 Firmware

    OS
    Netgear
    < 1.0.0.82
  • Netgear D7000

    HW
    Netgear
    v2
  • Netgear D7000 Firmware

    OS
    Netgear
    < 1.0.0.52
  • Netgear D7800

    HW
    Netgear
    wszystkie wersje
  • Netgear D7800 Firmware

    OS
    Netgear
    < 1.0.1.44
  • Netgear D8500

    HW
    Netgear
    wszystkie wersje
  • Netgear D8500 Firmware

    OS
    Netgear
    < 1.0.3.43
  • Netgear Dc112a

    HW
    Netgear
    wszystkie wersje
  • Netgear Dc112a Firmware

    OS
    Netgear
    < 1.0.0.40
  • Netgear Dgn2200

    HW
    Netgear
    v4
  • Netgear Dgn2200 Firmware

    OS
    Netgear
    < 1.0.0.108
  • Netgear R6020

    HW
    Netgear
    wszystkie wersje
  • Netgear R6020 Firmware

    OS
    Netgear
    < 1.0.0.34
  • Netgear R6080

    HW
    Netgear
    wszystkie wersje
  • Netgear R6080 Firmware

    OS
    Netgear
    < 1.0.0.34
  • Netgear R6120

    HW
    Netgear
    wszystkie wersje
  • Netgear R6120 Firmware

    OS
    Netgear
    < 1.0.0.44
  • Netgear R6220

    HW
    Netgear
    wszystkie wersje
  • Netgear R6220 Firmware

    OS
    Netgear
    < 1.1.0.80
  • Netgear R6230

    HW
    Netgear
    wszystkie wersje
  • Netgear R6230 Firmware

    OS
    Netgear
    < 1.1.0.80
🟢
PATCH DOSTĘPNY
Aktualizacja od producenta gotowa. Wdrożenie w ramach standardowego cyklu.
CWE
Referencje

Powiązane podatności

CVE-2017-6077CRITICAL9.8⚠ KEVten sam produkt

ping.cgi on NETGEAR DGN2200 devices with firmware through 10.0.0.50 allows remote authenticated users to execu...

CVE-2016-10174CRITICAL9.8⚠ KEVten sam produkt

The NETGEAR WNR2000v5 router contains a buffer overflow in the hidden_lang_avi parameter when invoking the URL...

CVE-2025-28219CRITICAL9.8PL ✓ten sam produkt

OS command injection w Netgear DC112A — zdalne wykonanie poleceń

CVE-2024-30568CRITICAL9.8PL ✓ten sam produkt

Command injection w Netgear R6850 poprzez parametr c4-IPAddr

CVE-2023-36187CRITICAL9.8ten sam produkt

Buffer Overflow vulnerability in NETGEAR R6400v2 before version 1.0.4.118, allows remote unauthenticated attac...