CVE-2021-45511

MEDIUM EXPLOITED IN THE WILD

NETGEAR Multiple Routers - Authentication Bypass

Title source: llm

Exploitation Summary

CVE-2021-45511 has been observed exploited in the wild (reported by VulnCheck KEV, InTheWild.io). EIP tracks 1 public exploit from researchers including Unknown, Grant Willcox, including a Metasploit module auxiliary/admin/http/netgear_pnpx_getsharefolderlist_auth_bypass.

AI-analyzed exploit summary This Metasploit module exploits an authentication bypass vulnerability in Netgear routers to leak admin credentials in plaintext and enable telnet access. It targets specific firmware versions and models by sending crafted HTTP requests to retrieve sensitive information.

Description

Certain NETGEAR devices are affected by authentication bypass. This affects AC2100 before 2021-08-27, AC2400 before 2021-08-27, AC2600 before 2021-08-27, D7000 before 2021-08-27, R6220 before 2021-08-27, R6230 before 2021-08-27, R6260 before 2021-08-27, R6330 before 2021-08-27, R6350 before 2021-08-27, R6700v2 before 2021-08-27, R6800 before 2021-08-27, R6850 before 2021-08-27, R6900v2 before 2021-08-27, R7200 before 2021-08-27, R7350 before 2021-08-27, R7400 before 2021-08-27, and R7450 before 2021-08-27.

Exploits (1)

metasploit WORKING POC

by Unknown, Grant Willcox · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/admin/http/netgear_pnpx_getsharefolderlist_auth_bypass.rb

View Code ZIP pw:eip

This Metasploit module exploits an authentication bypass vulnerability in Netgear routers to leak admin credentials in plaintext and enable telnet access. It targets specific firmware versions and models by sending crafted HTTP requests to retrieve sensitive information.

Classification

Working Poc 95%

Attack Type

Auth Bypass

Complexity

Moderate

Reliability

Reliable

Target: Netgear routers (various models) with firmware versions prior to 1.2.0.88, 1.0.1.80, 1.1.0.110, and 1.1.0.84

No auth needed

Prerequisites: Network access to the target router · Target router must be one of the vulnerable models and firmware versions

MITRE ATT&CK

T1110 - Brute Force T1078 - Valid Accounts T1040 - Network Sniffing

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Patch, Vendor Advisory x_refsource_misc

https://kb.netgear.com/000063961/Security-Advisory-for-Authentication-Bypass-Vulnerability-on-the-D7000-and-Some-Routers-PSV-2021-0133

Scores

CVSS v3 6.8

EPSS 0.4800

EPSS Percentile 97.8%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Details

VulnCheck KEV 2024-09-18

InTheWild.io 2024-09-18

Status published

Products (17)

netgear/ac2100_firmware < 1.2.0.88

netgear/ac2400_firmware < 1.2.0.88

netgear/ac2600_firmware < 1.2.0.88

netgear/d7000_firmware < 1.0.1.80

netgear/r6220_firmware < 1.1.0.110

netgear/r6230_firmware < 1.1.0.110

netgear/r6260_firmware < 1.1.0.84

netgear/r6330_firmware < 1.1.0.84

netgear/r6350_firmware < 1.1.0.84

netgear/r6700v2_firmware < 1.2.0.88

... and 7 more

Published Dec 26, 2021

Tracked Since Feb 18, 2026