CVE-2021-45506

Vulnerability

An authentication bypass vulnerability exists in certain NETGEAR WiFi system models. It affects CBR750 before firmware version 4.6.3.6, RBK752 before 3.2.17.12, RBR750 before 3.2.17.12, RBS750 before 3.2.17.12, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12 [1]. The specific component and conditions required for the code path to be reachable have not been detailed in the available advisory.

Exploitation

According to the vendor advisory, an attacker can exploit this authentication bypass without requiring prior authentication [1]. The exact network position or user interaction needed is not specified, but the vulnerability is remotely exploitable as indicated by the critical CVSS score.

Impact

Successful exploitation allows an attacker to bypass authentication mechanisms, potentially gaining unauthorized access to the device. This could lead to full compromise of the affected device [1]. The CVSS score of 9.6 (Critical) suggests high impacts on confidentiality, integrity, and availability.

Mitigation

NETGEAR has released fixed firmware versions: CBR750 4.6.3.6, and all other listed models version 3.2.17.12 [1]. Users should download and install the latest firmware from NETGEAR Support as soon as possible [1]. No workarounds have been provided.