CVE-2021-45678

Vulnerability

NETGEAR RAX200 devices running firmware versions prior to 1.0.5.132 are affected by insecure code, as described in the vendor advisory [1]. The advisory notes that the firmware update refines code and updates third-party software packages to reduce potential security vulnerabilities, indicating that the root cause may involve insecure coding practices or outdated third-party components. The exact nature of the insecure code is not disclosed in the available references.

Exploitation

The advisory does not provide specific details on the exploitation prerequisites or attack vector. However, given the broad description of insecure code, an attacker could potentially exploit these vulnerabilities remotely or locally, depending on the specific flaw. No proof-of-concept or exploitation steps are publicly documented in the referenced source.

Impact

Successful exploitation of the insecure code could lead to various security impacts, including but not limited to arbitrary code execution, information disclosure, or denial of service. The advisory does not specify the exact impact, but the vendor recommends immediate firmware update to mitigate risks.

Mitigation

NETGEAR released firmware version 1.0.5.132 to address the insecure code on RAX200 devices, as noted in the security advisory published on 2021-10-01 [1]. Users are strongly advised to download and install the latest firmware from NETGEAR Support. No workarounds are provided; updating to the fixed version is the only mitigation.