CVE-2021-45648

low-risk

Published 2021-12-26

Certain NETGEAR devices are affected by disclosure of sensitive information. This affects EX6100v2 before 1.0.1.106, EX6150v2 before 1.0.1.106, EX6250 before 1.0.0.146, EX6400 before 1.0.2.164, EX6400v2 before 1.0.0.146, EX6410 before 1.0.0.146, EX6420 before 1.0.0.146, EX7300 before 1.0.2.164, EX7300v2 before 1.0.0.146, EX7320 before 1.0.0.146, EX7700 before 1.0.0.222, LBR1020 before 2.6.5.16, LBR20 before 2.6.5.2, RBK352 before 4.3.4.7, RBK50 before 2.7.3.22, RBR350 before 4.3.4.7, RBR50 before 2.7.3.22, and RBS350 before 4.3.4.7.

Do I need to act?

0.31% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 3.1/10 Low

ADJACENT_NETWORK / HIGH complexity

Affected Products (18)

Ex6100V2 Firmware

Ex6150V2 Firmware

Ex6250 Firmware

Ex6400 Firmware

Ex6400V2 Firmware

Ex6410 Firmware

Ex6420 Firmware

Ex7300 Firmware

Ex7300V2 Firmware

Ex7320 Firmware

Ex7700 Firmware

Lbr1020 Firmware

Lbr20 Firmware

Rbk352 Firmware

Rbk50 Firmware

Rbr350 Firmware

Rbr50 Firmware

Rbs350 Firmware

Affected Vendors

Netgear

References (2)

Patch https://kb.netgear.com/000064494/Security-Advisory-for-Sensitive-Information-Dis...

/ 100

low-risk

Severity 8/34 · Low

Exploitability 1/34 · Minimal

Exposure 19/34 · Moderate