Sensitive Information Disclosure in NETGEAR Devices
CVE-2021-45603

6.1MEDIUM

Key Information:

Vendor: Netgear
Status: D7800 Firmware
Vendor: CVE Published:; 26 December 2021

Summary

Certain NETGEAR devices suffer from a vulnerability that allows an attacker to disclose sensitive information. A crafted Universal Plug and Play (UPnP) request may reveal a device's serial number, which could lead to unauthorized password resets. This issue affects various models and firmware versions, leaving them susceptible to exploitation and further security risks.

References

https://immersivelabs.com/resources/blog/netgear-vulnerab...

x_refsource_MISC

https://kb.netgear.com/000064407/Security-Advisory-for-Po...

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 26, 2021
Vulnerability Reserved
Dec 25, 2021