CVE-2021-45504

moderate-risk

Published 2021-12-26

Certain NETGEAR devices are affected by authentication bypass. This affects CBR40 before 2.5.0.24, CBR750 before 4.6.3.6, RBR852 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12.

Do I need to act?

0.40% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 9.6/10 Critical

ADJACENT_NETWORK / LOW complexity

Affected Products (5)

Cbr40 Firmware

Cbr750 Firmware

Rbr850 Firmware

Rbr852 Firmware

Rbs850 Firmware

Affected Vendors

Netgear

References (2)

Patch https://kb.netgear.com/000064128/Security-Advisory-for-Authentication-Bypass-on-...

/ 100

moderate-risk

Severity 29/34 · Critical

Exploitability 2/34 · Minimal

Exposure 12/34 · Low