CVE-2021-45511

MEDIUM EXPLOITED IN THE WILD

Netgear Ac2100 Firmware < 1.2.0.88 - Authentication Bypass

Title source: rule

Description

Certain NETGEAR devices are affected by authentication bypass. This affects AC2100 before 2021-08-27, AC2400 before 2021-08-27, AC2600 before 2021-08-27, D7000 before 2021-08-27, R6220 before 2021-08-27, R6230 before 2021-08-27, R6260 before 2021-08-27, R6330 before 2021-08-27, R6350 before 2021-08-27, R6700v2 before 2021-08-27, R6800 before 2021-08-27, R6850 before 2021-08-27, R6900v2 before 2021-08-27, R7200 before 2021-08-27, R7350 before 2021-08-27, R7400 before 2021-08-27, and R7450 before 2021-08-27.

Exploits (1)

metasploit WORKING POC
by Unknown, Grant Willcox · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/admin/http/netgear_pnpx_getsharefolderlist_auth_bypass.rb

References (1)

Scores

CVSS v3 6.8
EPSS 0.4800
EPSS Percentile 97.7%
Attack Vector ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Exploitation Intel

VulnCheck KEV 2024-09-18
InTheWild.io 2024-09-18

Classification

Status published

Affected Products (17)

netgear/ac2100_firmware < 1.2.0.88
netgear/ac2400_firmware < 1.2.0.88
netgear/ac2600_firmware < 1.2.0.88
netgear/d7000_firmware < 1.0.1.80
netgear/r6220_firmware < 1.1.0.110
netgear/r6230_firmware < 1.1.0.110
netgear/r6260_firmware < 1.1.0.84
netgear/r6330_firmware < 1.1.0.84
netgear/r6350_firmware < 1.1.0.84
netgear/r6700v2_firmware < 1.2.0.88
netgear/r6800_firmware < 1.2.0.88
netgear/r6850_firmware < 1.1.0.84
netgear/r6900v2_firmware < 1.2.0.88
netgear/r7200_firmware < 1.2.0.88
netgear/r7350_firmware < 1.2.0.88
... and 2 more

Timeline

Published Dec 26, 2021
Tracked Since Feb 18, 2026