Severity.io | CVE-2021-29082

Description

Certain NETGEAR devices are affected by disclosure of sensitive information. This affects RBW30 before 2.6.1.4, RBS40V before 2.6.1.4, RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBK754 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.15.25, RBK853 before 3.2.15.25, RBK854 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25.

Related CPE's

o netgear rbw30_firmware ********

h netgear rbw30 -*******

o netgear rbs40v_firmware ********

h netgear rbs40v -*******

o netgear rbk752_firmware ********

h netgear rbk752 -*******

o netgear rbk753_firmware ********

h netgear rbk753 -*******

o netgear rbk753s_firmware ********

h netgear rbk753s -*******

References

https://kb.netgear.com/000063005/Security-Advisory-for-Sensitive-Information-Disclosure-on-Some-WiFi-Systems-PSV-2020-0037

Vendor Advisory

CvssV3 impact

Version	3.1
VectorString	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:L
AttackVector	ADJACENT_NETWORK
AttackComplexity	LOW
PrivilegesRequired	NONE
UserInteraction	NONE
Scope	CHANGED
ConfidentialityImpact	HIGH
IntegrityImpact	LOW
AvailabilityImpact	LOW
BaseScore	8.8
BaseSeverity	HIGH

CvssV2 impact

Version	2.0
VectorString	AV:A/AC:L/Au:N/C:P/I:N/A:N
AccessVector	ADJACENT_NETWORK
AccessComplexity	LOW
Authentication	NONE
ConfidentialityImpact	PARTIAL
IntegrityImpact	NONE
AvailabilityImpact	NONE
BaseScore	3.3