Unauthenticated Password Reset Vulnerability in NETGEAR Routers
CVE-2021-29080

8.1HIGH

Key Information:

Vendor: Netgear
Status: Rbk852 Firmware
Vendor: CVE Published:; 23 March 2021

Summary

NETGEAR routers and WiFi systems are impacted by a vulnerability that permits an unauthenticated attacker to reset device passwords, potentially leading to unauthorized access. Models RBK852, RBK853, RBR854, RBR850, RBS850, CBR40, and various others are specifically at risk if they are running outdated firmware versions. Users are strongly advised to update their devices to the latest firmware to safeguard against such vulnerabilities.

References

https://kb.netgear.com/000063007/Security-Advisory-for-Pr...

x_refsource_MISC

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 23, 2021
Vulnerability Reserved
Mar 23, 2021