CVE-2021-45645 – This CVE describes a security misconfiguration ... (How to Fix)

Q: What is the severity of CVE-2021-45645?

CVE-2021-45645 has a CVSS score of 8.2 (HIGH). This CVE describes a security misconfiguration vulnerability in multiple NETGEAR WiFi systems that could allow attackers to bypass security controls. Affected users include those running specific NETGEAR Orbi, Nighthawk, and other WiFi system models with firmware versions below the patched releases.

📋 TL;DR

This CVE describes a security misconfiguration vulnerability in multiple NETGEAR WiFi systems that could allow attackers to bypass security controls. Affected users include those running specific NETGEAR Orbi, Nighthawk, and other WiFi system models with firmware versions below the patched releases.

💻 Affected Systems

Products:

NETGEAR RBS50Y
NETGEAR SRK60
NETGEAR SRR60
NETGEAR SRS60
NETGEAR SXK30
NETGEAR SXR30
NETGEAR SXS30
NETGEAR SRC60

Versions: RBS50Y before 2.7.0.122, SRK60 before 2.7.0.122, SRR60 before 2.7.0.122, SRS60 before 2.7.0.122, SXK30 before 3.2.33.108, SXR30 before 3.2.33.108, SXS30 before 3.2.33.108, SRC60 before 2.7.0.122

Operating Systems: Embedded firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Affects specific NETGEAR WiFi systems including Orbi and Nighthawk models. The vulnerability exists in the default configuration of these devices.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of the WiFi system allowing attackers to intercept network traffic, modify device settings, or use the device as an entry point to the internal network.

🟠

Likely Case

Unauthorized access to administrative functions or exposure of sensitive network configuration information.

🟢

If Mitigated

Minimal impact with proper network segmentation and updated firmware.

🌐 Internet-Facing: HIGH - WiFi systems are typically internet-facing and misconfigurations could be remotely exploitable.

🏢 Internal Only: MEDIUM - Even if not directly internet-facing, compromised internal devices could pivot to other network resources.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Security misconfigurations typically have low exploitation complexity. No public exploit code has been identified, but misconfigurations are often easily discoverable.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: RBS50Y/SRK60/SRR60/SRS60/SRC60: 2.7.0.122 or later; SXK30/SXR30/SXS30: 3.2.33.108 or later

Vendor Advisory: https://kb.netgear.com/000064530/Security-Advisory-for-Security-Misconfiguration-on-Some-WiFi-Systems-PSV-2021-0127

Restart Required: Yes

Instructions:

1. Log into NETGEAR router admin interface. 2. Navigate to Advanced > Administration > Firmware Update. 3. Check for updates and apply if available. 4. Alternatively, download firmware from NETGEAR support site and manually upload. 5. Reboot device after update completes.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate affected WiFi systems from critical network segments using VLANs or separate physical networks.

Access Control Restrictions

all

Restrict administrative access to trusted IP addresses only through firewall rules.

🧯 If You Can't Patch

Replace affected devices with updated models or different vendors
Implement strict network monitoring and anomaly detection for traffic to/from affected devices

🔍 How to Verify

Check if Vulnerable:

Check firmware version in router admin interface under Advanced > Administration > Firmware Update or Status page.

Check Version:

No CLI command available - check via web admin interface

Verify Fix Applied:

Verify firmware version shows 2.7.0.122 or later for RBS50Y/SRK60/SRR60/SRS60/SRC60, or 3.2.33.108 or later for SXK30/SXR30/SXS30.

📡 Detection & Monitoring

Log Indicators:

Unauthorized access attempts to administrative interfaces
Unexpected configuration changes
Failed authentication attempts from unknown sources

Network Indicators:

Unusual traffic patterns to/from router management ports
Scanning activity targeting router IP addresses

SIEM Query:

source_ip="router_ip" AND (event_type="authentication_failure" OR event_type="configuration_change")

📊 Metadata

CVE ID: CVE-2021-45645

CVSS v3 Score: 8.2 (HIGH)

CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N

Published: December 26, 2021

Last Updated: November 21, 2024

🔗 References

https://kb.netgear.com/000064530/Security-Advisory-for-Security-Misconfiguration-on-Some-WiFi-Systems-PSV-2021-0127 Patch,Vendor Advisory
https://kb.netgear.com/000064530/Security-Advisory-for-Security-Misconfiguration-on-Some-WiFi-Systems-PSV-2021-0127 Patch,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON