Severity.io | CVE-2021-29073

Description

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects R8000P before 1.4.1.66, MK62 before 1.0.6.110, MR60 before 1.0.6.110, MS60 before 1.0.6.110, R7960P before 1.4.1.66, R7900P before 1.4.1.66, RAX15 before 1.0.2.82, RAX20 before 1.0.2.82, RAX45 before 1.0.2.72, RAX50 before 1.0.2.72, RAX75 before 1.0.3.106, RAX80 before 1.0.3.106, and RAX200 before 1.0.3.106.

Related CPE's

o netgear r8000p_firmware ********

h netgear r8000p -*******

o netgear mk62_firmware ********

h netgear mk62 -*******

o netgear mr60_firmware ********

h netgear mr60 -*******

o netgear ms60_firmware ********

h netgear ms60 -*******

o netgear r7960p_firmware ********

h netgear r7960p -*******

References

https://kb.netgear.com/000063013/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-WiFi-Systems-PSV-2020-0212

Vendor Advisory

CvssV3 impact

Version	3.1
VectorString	CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
AttackVector	ADJACENT_NETWORK
AttackComplexity	LOW
PrivilegesRequired	HIGH
UserInteraction	NONE
Scope	CHANGED
ConfidentialityImpact	HIGH
IntegrityImpact	HIGH
AvailabilityImpact	HIGH
BaseScore	8.4
BaseSeverity	HIGH

CvssV2 impact

Version	2.0
VectorString	AV:A/AC:L/Au:S/C:P/I:P/A:P
AccessVector	ADJACENT_NETWORK
AccessComplexity	LOW
Authentication	SINGLE
ConfidentialityImpact	PARTIAL
IntegrityImpact	PARTIAL
AvailabilityImpact	PARTIAL
BaseScore	5.2