VYPR
← All advisories
Unrated severityNVD Advisory· Published Dec 26, 2021· Updated Aug 4, 2024

CVE-2021-45645

CVE-2021-45645

Description

NETGEAR WiFi systems have a security misconfiguration allowing unauthorized access; fixed in firmware updates.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

NETGEAR WiFi systems have a security misconfiguration allowing unauthorized access; fixed in firmware updates.

Vulnerability

A security misconfiguration exists in the firmware of multiple NETGEAR WiFi system models, including RBS50Y, SRK60, SRR60, SRS60, SXK30, SXR30, SXS30, and SRC60. Affected versions are prior to 2.7.0.122 for most models and prior to 3.2.33.108 for SXK30, SXR30, and SXS30 [1]. The exact nature of the misconfiguration is not publicly detailed, but it resides in the device's configuration settings.

Exploitation

The advisory does not specify the required attacker position or steps. However, as a security misconfiguration, exploitation likely requires network access to the affected device, possibly without authentication. No user interaction is mentioned. The specific attack vector is not disclosed.

Impact

Successful exploitation could allow an attacker to gain unauthorized access to the device or network, potentially leading to information disclosure or further compromise. The exact impact is not detailed in the advisory [1].

Mitigation

NETGEAR has released firmware updates to address this vulnerability. Users should update to firmware version 2.7.0.122 for RBS50Y, SRK60, SRR60, SRS60, and SRC60, and version 3.2.33.108 for SXK30, SXR30, and SXS30 [1]. No workarounds are provided. The advisory strongly recommends immediate updating.

References
  1. Security Advisory for Security Misconfiguration on Some WiFi Systems, PSV-2021-0127

AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

4

Patches

0

No patches discovered yet.

Vulnerability mechanics

No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.

References

1

News mentions

0

No linked articles in our index yet.