CVE-2021-45645

moderate-risk

Published 2021-12-26

Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects RBS50Y before 2.7.0.122, SRK60 before 2.7.0.122, SRR60 before 2.7.0.122, SRS60 before 2.7.0.122, SXK30 before 3.2.33.108, SXR30 before 3.2.33.108, SXS30 before 3.2.33.108, and SRC60 before 2.7.0.122.

Do I need to act?

0.27% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 8.2/10 High

ADJACENT_NETWORK / LOW complexity

Affected Products (8)

Rbs50Y Firmware

Srk60 Firmware

Srr60 Firmware

Srs60 Firmware

Sxk30 Firmware

Sxr30 Firmware

Sxs30 Firmware

Src60 Firmware

Affected Vendors

Netgear

References (2)

Patch https://kb.netgear.com/000064530/Security-Advisory-for-Security-Misconfiguration...

/ 100

moderate-risk

Severity 25/34 · High

Exploitability 1/34 · Minimal

Exposure 14/34 · Moderate