Severity.io | CVE-2021-29074

Description

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects RBW30 before 2.6.2.2, RBK852 before 3.2.17.12, RBK853 before 3.2.17.12, RBK854 before 3.2.17.12, RBR850 before 3.2.17.12, RBS850 before 3.2.17.12, RBK752 before 3.2.17.12, RBK753 before 3.2.17.12, RBK753S before 3.2.17.12, RBK754 before 3.2.17.12, RBR750 before 3.2.17.12, and RBS750 before 3.2.17.12.

Related CPE's

o netgear rbw30_firmware ********

h netgear rbw30 -*******

o netgear rbk852_firmware ********

h netgear rbk852 -*******

o netgear rbk853_firmware ********

h netgear rbk853 -*******

o netgear rbk854_firmware ********

h netgear rbk854 -*******

o netgear rbr850_firmware ********

h netgear rbr850 -*******

References

https://kb.netgear.com/000063011/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-WiFi-Routers-PSV-2020-0467

Vendor Advisory

CvssV3 impact

Version	3.1
VectorString	CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
AttackVector	ADJACENT_NETWORK
AttackComplexity	LOW
PrivilegesRequired	HIGH
UserInteraction	NONE
Scope	CHANGED
ConfidentialityImpact	HIGH
IntegrityImpact	HIGH
AvailabilityImpact	HIGH
BaseScore	8.4
BaseSeverity	HIGH

CvssV2 impact

Version	2.0
VectorString	AV:A/AC:L/Au:S/C:P/I:P/A:P
AccessVector	ADJACENT_NETWORK
AccessComplexity	LOW
Authentication	SINGLE
ConfidentialityImpact	PARTIAL
IntegrityImpact	PARTIAL
AvailabilityImpact	PARTIAL
BaseScore	5.2