First published: Sun Dec 26 2021(Updated: )
Certain NETGEAR devices are affected by disclosure of sensitive information. A UPnP request reveals a device's serial number, which can be used for a password reset. This affects D7800 before 1.0.1.66, EX2700 before 1.0.1.68, WN3000RPv2 before 1.0.0.90, WN3000RPv3 before 1.0.2.100, LBR1020 before 2.6.5.20, LBR20 before 2.6.5.32, R6700AX before 1.0.10.110, R7800 before 1.0.2.86, R8900 before 1.0.5.38, R9000 before 1.0.5.38, RAX10 before 1.0.10.110, RAX120v1 before 1.2.3.28, RAX120v2 before 1.2.3.28, RAX70 before 1.0.10.110, RAX78 before 1.0.10.110, XR450 before 2.3.2.130, XR500 before 2.3.2.130, and XR700 before 1.0.1.46.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Netgear D7800 Firmware | <1.0.1.66 | |
Netgear D7800 | ||
Netgear Ex2700 Firmware | <1.0.1.68 | |
Netgear Ex2700 | ||
Netgear Wn3000rpv2 Firmware | <1.0.0.90 | |
Netgear Wn3000rpv2 | ||
Netgear Wn3000rpv3 Firmware | <1.0.2.100 | |
Netgear Wn3000rpv3 | ||
Netgear Lbr1020 Firmware | <2.6.5.20 | |
Netgear Lbr1020 | ||
Netgear Lbr20 Firmware | <2.6.5.32 | |
Netgear Lbr20 | ||
Netgear R6700ax Firmware | <1.0.10.110 | |
Netgear R6700ax | ||
NETGEAR R7800 firmware | <1.0.2.86 | |
NETGEAR R7800 | ||
Netgear R8900 Firmware | <1.0.5.38 | |
NETGEAR R8900 | ||
Netgear R9000 Firmware | <1.0.5.38 | |
NETGEAR R9000 | ||
Netgear Rax10 Firmware | <1.0.10.110 | |
Netgear Rax10 | ||
Netgear Rax120v1 Firmware | <1.2.3.28 | |
Netgear Rax120v1 | ||
Netgear Rax120v2 Firmware | <1.2.3.28 | |
Netgear Rax120v2 | ||
Netgear Rax70 Firmware | <1.0.10.110 | |
Netgear Rax70 | ||
Netgear Rax78 Firmware | <1.0.10.110 | |
Netgear Rax78 | ||
NETGEAR R7800 | <2.3.2.130 | |
NETGEAR R7800 | ||
Netgear Xr500 Firmware | <2.3.2.130 | |
NETGEAR XR500 | ||
Netgear Xr700 Firmware | <1.0.1.46 | |
Netgear Xr700 | ||
All of | ||
Netgear D7800 Firmware | <1.0.1.66 | |
Netgear D7800 | ||
All of | ||
Netgear Ex2700 Firmware | <1.0.1.68 | |
Netgear Ex2700 | ||
All of | ||
Netgear Wn3000rpv2 Firmware | <1.0.0.90 | |
Netgear Wn3000rpv2 | ||
All of | ||
Netgear Wn3000rpv3 Firmware | <1.0.2.100 | |
Netgear Wn3000rpv3 | ||
All of | ||
Netgear Lbr1020 Firmware | <2.6.5.20 | |
Netgear Lbr1020 | ||
All of | ||
Netgear Lbr20 Firmware | <2.6.5.32 | |
Netgear Lbr20 | ||
All of | ||
Netgear R6700ax Firmware | <1.0.10.110 | |
Netgear R6700ax | ||
All of | ||
NETGEAR R7800 firmware | <1.0.2.86 | |
NETGEAR R7800 | ||
All of | ||
Netgear R8900 Firmware | <1.0.5.38 | |
NETGEAR R8900 | ||
All of | ||
Netgear R9000 Firmware | <1.0.5.38 | |
NETGEAR R9000 | ||
All of | ||
Netgear Rax10 Firmware | <1.0.10.110 | |
Netgear Rax10 | ||
All of | ||
Netgear Rax120v1 Firmware | <1.2.3.28 | |
Netgear Rax120v1 | ||
All of | ||
Netgear Rax120v2 Firmware | <1.2.3.28 | |
Netgear Rax120v2 | ||
All of | ||
Netgear Rax70 Firmware | <1.0.10.110 | |
Netgear Rax70 | ||
All of | ||
Netgear Rax78 Firmware | <1.0.10.110 | |
Netgear Rax78 | ||
All of | ||
Netgear Xr450 Firmware | <2.3.2.130 | |
Netgear Xr450 | ||
All of | ||
Netgear Xr500 Firmware | <2.3.2.130 | |
NETGEAR XR500 | ||
All of | ||
Netgear Xr700 Firmware | <1.0.1.46 | |
Netgear Xr700 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this NETGEAR vulnerability is CVE-2021-45603.
The severity level of CVE-2021-45603 is medium (5.5).
Devices affected by CVE-2021-45603 include NETGEAR D7800, EX2700, WN3000RPv2, and WN3000RPv3.
CVE-2021-45603 allows disclosure of sensitive information and can be used for a password reset.
Yes, NETGEAR has released firmware updates to address CVE-2021-45603, please refer to the NETGEAR advisory for more information.