Login Sign Up

CVE-2021-45642

7.5 HIGH
Authentication Bypass

📋 TL;DR

This CVE affects multiple NETGEAR routers, extenders, and WiFi systems due to incorrect security configuration settings. The vulnerability could allow attackers to bypass security controls or gain unauthorized access to network devices. Users with affected NETGEAR devices running vulnerable firmware versions are at risk.

💻 Affected Systems

Products:
  • NETGEAR D7800
  • EX6250
  • EX7700
  • LBR20
  • RBS50Y
  • R8900
  • R9000
  • XR450
  • XR500
  • XR700
  • EX7320
  • RAX120
  • EX7300v2
  • RAX120v2
  • EX6410
  • RBR10
  • RBR20
  • RBR40
  • RBR50
  • EX6420
  • RBS10
  • RBS20
  • RBS40
  • RBS50
  • EX6400v2
  • RBK12
  • RBK20
  • RBK40
  • RBK50
Versions: See CVE description for specific vulnerable versions per device
Operating Systems: Embedded router firmware
Default Config Vulnerable: ⚠️ Yes
Notes: Affects specific firmware versions across multiple NETGEAR product lines including routers, extenders, and mesh WiFi systems

📦 What is this software?

D7800 Firmware by Netgear

View all CVEs affecting D7800 Firmware →

Ex6250 Firmware by Netgear

View all CVEs affecting Ex6250 Firmware →

Ex6400v2 Firmware by Netgear

View all CVEs affecting Ex6400v2 Firmware →

Ex6410 Firmware by Netgear

View all CVEs affecting Ex6410 Firmware →

Ex6420 Firmware by Netgear

View all CVEs affecting Ex6420 Firmware →

Ex7300v2 Firmware by Netgear

View all CVEs affecting Ex7300v2 Firmware →

Ex7320 Firmware by Netgear

View all CVEs affecting Ex7320 Firmware →

Ex7700 Firmware by Netgear

View all CVEs affecting Ex7700 Firmware →

Lbr20 Firmware by Netgear

View all CVEs affecting Lbr20 Firmware →

R8900 Firmware by Netgear

View all CVEs affecting R8900 Firmware →

R9000 Firmware by Netgear

View all CVEs affecting R9000 Firmware →

Rax120 Firmware by Netgear

View all CVEs affecting Rax120 Firmware →

Rax120v2 Firmware by Netgear

View all CVEs affecting Rax120v2 Firmware →

Rbk12 Firmware by Netgear

View all CVEs affecting Rbk12 Firmware →

Rbk20 Firmware by Netgear

View all CVEs affecting Rbk20 Firmware →

Rbk40 Firmware by Netgear

View all CVEs affecting Rbk40 Firmware →

Rbk50 Firmware by Netgear

View all CVEs affecting Rbk50 Firmware →

Rbr10 Firmware by Netgear

View all CVEs affecting Rbr10 Firmware →

Rbr20 Firmware by Netgear

View all CVEs affecting Rbr20 Firmware →

Rbr40 Firmware by Netgear

View all CVEs affecting Rbr40 Firmware →

Rbr50 Firmware by Netgear

View all CVEs affecting Rbr50 Firmware →

Rbs10 Firmware by Netgear

View all CVEs affecting Rbs10 Firmware →

Rbs20 Firmware by Netgear

View all CVEs affecting Rbs20 Firmware →

Rbs40 Firmware by Netgear

View all CVEs affecting Rbs40 Firmware →

Rbs50 Firmware by Netgear

View all CVEs affecting Rbs50 Firmware →

Rbs50y Firmware by Netgear

View all CVEs affecting Rbs50y Firmware →

Xr450 Firmware by Netgear

View all CVEs affecting Xr450 Firmware →

Xr500 Firmware by Netgear

View all CVEs affecting Xr500 Firmware →

Xr700 Firmware by Netgear

View all CVEs affecting Xr700 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of network device allowing attacker to intercept traffic, modify configurations, or use device as pivot point into internal network

🟠

Likely Case

Unauthorized access to device management interface leading to configuration changes or network disruption

🟢

If Mitigated

Minimal impact if device is behind firewall with restricted management access and proper network segmentation

🌐 Internet-Facing: HIGH - Directly exposed devices could be exploited remotely without authentication
🏢 Internal Only: MEDIUM - Internal attackers or malware could exploit the vulnerability to pivot within network

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Security misconfiguration vulnerabilities typically have low exploitation complexity, especially when affecting default configurations

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: See NETGEAR advisory for specific fixed versions per device model

Vendor Advisory: https://kb.netgear.com/000064491/Security-Advisory-for-Security-Misconfiguration-on-Some-Routers-Extenders-and-WiFi-Systems-PSV-2020-0427

Restart Required: Yes

Instructions:

1. Identify your NETGEAR device model. 2. Check current firmware version in web interface. 3. Visit NETGEAR support site for your model. 4. Download latest firmware version. 5. Upload via web interface. 6. Wait for automatic reboot.

🔧 Temporary Workarounds

Disable remote management

all

Prevent external access to device management interface

Restrict management access

all

Limit management interface access to specific trusted IP addresses only

🧯 If You Can't Patch

  • Isolate affected devices in separate VLAN with strict firewall rules
  • Implement network monitoring for suspicious access attempts to device management interfaces

🔍 How to Verify

Check if Vulnerable:

1. Access NETGEAR web interface. 2. Navigate to Advanced > Administration > Firmware Update. 3. Compare current version with vulnerable versions listed in advisory.

Check Version:

No CLI command - check via web interface at Advanced > Administration > Firmware Update

Verify Fix Applied:

Confirm firmware version matches or exceeds fixed versions specified in NETGEAR advisory for your device model

📡 Detection & Monitoring

Log Indicators:

  • Unauthorized access attempts to router management interface
  • Unexpected configuration changes
  • Multiple failed login attempts

Network Indicators:

  • Unusual traffic patterns from router to external IPs
  • Management interface access from unexpected sources

SIEM Query:

source="router_logs" AND (event="login_failed" OR event="configuration_change")

📊 Metadata

CVE ID: CVE-2021-45642
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:L/I:H/A:L
Published: December 26, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON