Description Preview
A vulnerability has been identified in multiple NETGEAR router models that could allow an attacker to access sensitive information. This security flaw (CVE-2021-45650) affects several popular router models including R7000, R7900, R8000, RS400, R6400v2, R7000P, R6700v3, and R6900P when running vulnerable firmware versions. The vulnerability is classified as CWE-200 (Information Exposure), which could potentially expose sensitive data to unauthorized users.
Overview
This vulnerability (CVE-2021-45650) is a sensitive information disclosure issue affecting multiple NETGEAR router models. When exploited, it could allow attackers to access confidential information stored on or processed by the affected devices. The vulnerability impacts the following NETGEAR router models running firmware versions prior to those specified:
- R7000 before version 1.0.11.110
- R7900 before version 1.0.4.30
- R8000 before version 1.0.4.62
- RS400 before version 1.5.1.80
- R6400v2 before version 1.0.4.102
- R7000P before version 1.3.2.126
- R6700v3 before version 1.0.4.102
- R6900P before version 1.3.2.126
The information disclosure vulnerability could potentially expose sensitive configuration data, credentials, or other private information to unauthorized parties.
Remediation
To address this vulnerability, users should update their router firmware to the latest version provided by NETGEAR. The minimum secure firmware versions for each affected model are:
- R7000: Update to version 1.0.11.110 or later
- R7900: Update to version 1.0.4.30 or later
- R8000: Update to version 1.0.4.62 or later
- RS400: Update to version 1.5.1.80 or later
- R6400v2: Update to version 1.0.4.102 or later
- R7000P: Update to version 1.3.2.126 or later
- R6700v3: Update to version 1.0.4.102 or later
- R6900P: Update to version 1.3.2.126 or later
Firmware updates can be downloaded from the NETGEAR support website or through the router's admin interface. Additionally, users should:
- Change default admin credentials
- Disable remote management if not needed
- Ensure the router is protected by a strong WiFi password
- Regularly check for and apply firmware updates
References
- NETGEAR Security Advisory for Sensitive Information Disclosure: https://kb.netgear.com/000064459/Security-Advisory-for-Sensitive-Information-Disclosure-on-Some-Routers-PSV-2020-0117
- MITRE CVE Entry: CVE-2021-45650
- Common Weakness Enumeration: CWE-200 (Information Exposure)
Industry ExposureMost to leastThis section illustrates the prevalence of a specific Common Vulnerabilities and Exposures (CVE) across various industries based on customer reports. The ranking displays industries from the most to least affected by this particular vulnerability, offering valuable insight into where this CVE has been most frequently observed. This information can help organizations within these sectors prioritize their security efforts, understand their relative risk exposure compared to their peers, and focus remediation strategies where they are most needed. By understanding the industry-specific impact, organizations can make more informed decisions regarding patching, resource allocation, and overall risk management related to this CVE.
This section illustrates the prevalence of a specific Common Vulnerabilities and Exposures (CVE) across various industries based on customer reports. The ranking displays industries from the most to least affected by this particular vulnerability, offering valuable insight into where this CVE has been most frequently observed. This information can help organizations within these sectors prioritize their security efforts, understand their relative risk exposure compared to their peers, and focus remediation strategies where they are most needed. By understanding the industry-specific impact, organizations can make more informed decisions regarding patching, resource allocation, and overall risk management related to this CVE.
- Accommodation & Food ServicesAccommodation & Food Services
- Administrative, Support, Waste Management & Remediation ServicesAdministrative, Support, Waste Management & Remediation Services
- Agriculture, Forestry Fishing & HuntingAgriculture, Forestry Fishing & Hunting
- Arts, Entertainment & RecreationArts, Entertainment & Recreation
- ConstructionConstruction
- Educational ServicesEducational Services
- Finance and InsuranceFinance and Insurance
- Health Care & Social AssistanceHealth Care & Social Assistance
- InformationInformation
- Management of Companies & EnterprisesManagement of Companies & Enterprises
- ManufacturingManufacturing
- MiningMining
- Other Services (except Public Administration)Other Services (except Public Administration)
- Professional, Scientific, & Technical ServicesProfessional, Scientific, & Technical Services
- Public AdministrationPublic Administration
- Real Estate Rental & LeasingReal Estate Rental & Leasing
- Retail TradeRetail Trade
- Transportation & WarehousingTransportation & Warehousing
- UtilitiesUtilities
- Wholesale TradeWholesale Trade
