CVE-2021-38513
9.6 CRITICALCertain NETGEAR devices are affected by authentication bypass
Published: 2021-08-11 · Last updated: 2026-06-17
Severity and scoring
- CVSS
- 9.6 CRITICAL
- Vector
- CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L
Affected products
| Vendor | Product |
|---|---|
| netgear | cbr40_firmware, eax20_firmware, mk62_firmware |
Description
Certain NETGEAR devices are affected by authentication bypass. This affects RBK852 before 3.2.10.11, RBR850 before 3.2.10.11, RBS850 before 3.2.10.11, CBR40 before 2.5.0.10, EAX20 before 1.0.0.48, MK62 before 1.0.6.110, MR60 before 1.0.6.110, MS60 before 1.0.6.110, RBK752 before 3.2.10.10, RBR750 before 3.2.10.10, and RBS750 before 3.2.10.10.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2021-38513
- [Vendor advisory]https://kb.netgear.com/000063777/Security-Advisory-for-Authentication-Bypass-on-Some-Extenders-and-WiFi-Systems-PSV-2020-0008
- [Vendor advisory]https://kb.netgear.com/000063777/Security-Advisory-for-Authentication-Bypass-on-Some-Extenders-and-WiFi-Systems-PSV-2020-0008
Related CVEs
Same vendor
- CVE-2021-40847 — The update process of the Circle Parental Control Service on various NETGEAR routers allows remote attackers to achieve remote code execu... (8.1 HIGH)
- CVE-2021-41383 — setup.cgi on NETGEAR R6020 1.0.0.48 devices allows an admin to execute arbitrary shell commands via shell metacharacters in the ntp_serve... (7.2 HIGH)
- CVE-2021-41314 — Certain NETGEAR smart switches are affected by a \n injection in the web UI's password field, which - due to several faulty aspects of th... (8.8 HIGH)
- CVE-2021-40867 — Certain NETGEAR smart switches are affected by an authentication hijacking race-condition vulnerability by an unauthenticated attacker wh... (7.8 HIGH)
- CVE-2021-40866 — Certain NETGEAR smart switches are affected by a remote admin password change by an unauthenticated attacker via the (disabled by default... (9.8 CRITICAL)