Lack of Access Control in NETGEAR Routers and WiFi Systems
CVE-2021-38516

10CRITICAL

Key Information:

Vendor: Netgear
Status: D6220 Firmware
Vendor: CVE Published:; 11 August 2021

What is CVE-2021-38516?

Certain NETGEAR devices are susceptible to a vulnerability due to insufficient access control at the function level, potentially allowing unauthorized access. Devices affected include models D6220, D6400, D7000v2, D7800, and many others across the NETGEAR portfolio. Users are advised to apply the latest firmware updates to mitigate this security concern and ensure their network remains protected.

References

https://kb.netgear.com/000063780/Security-Advisory-for-Mi...

x_refsource_MISC

CVSS V3.1

Score:

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 11, 2021
Vulnerability Reserved
Aug 10, 2021

Netgear

What is CVE-2021-38516?

References

CVSS V3.1

Timeline