Vulnerabilities of the built-in software on NETGEAR Wi-Fi routers such as R6700AX, R7800, R8900, R9000, RAX10, RAX120v1, RAX120v2, RAX70, RAX78, XR450, XR500, XR700, and the low-cost LTE modem LBR1020; vulnerabilities of the wireless signal amplifiers EX2700, WN3000RPv2, WN3000RPv3; and vulnerabilities of the Orbi Wi-Fi system LBR20—all related to the lack of measures to protect input data. These vulnerabilities allow attackers to execute arbitrary commands or gain unauthorized access to protected information.

NETGEAR routers have input data flaws enabling arbitrary commands or unauthorized access via UPNP.

Reporter	Title	Published	Views	Family All 8
CNNVD	NETGEAR 操作系统命令注入漏洞	26 Dec 202100:00	–	cnnvd
CVE	CVE-2021-45602	26 Dec 202100:38	–	cve
Cvelist	CVE-2021-45602	26 Dec 202100:38	–	cvelist
EUVD	EUVD-2021-32368	3 Oct 202520:07	–	euvd
NVD	CVE-2021-45602	26 Dec 202101:15	–	nvd
OSV	CVE-2021-45602	26 Dec 202101:15	–	osv
Prion	Command injection	26 Dec 202101:15	–	prion
RedhatCVE	CVE-2021-45602	22 May 202521:09	–	redhatcve

Vulners

Node

netgear d7800Range<1.0.1.66

netgear ex2700Range<1.0.1.68

netgear lbr1020Range<2.6.5.20

netgear lbr20Range<2.6.5.32

netgear r6700axRange<1.0.10.110

netgear r7800Range<1.0.2.86

netgear r8900Range<1.0.5.38

netgear r9000Range<1.0.5.38

netgear rax10Range<1.0.10.110

netgear rax70Range<1.0.10.110

netgear rax78Range<1.0.10.110

netgear xr450Range<2.3.2.130

netgear xr500Range<2.3.2.130

netgear xr700Range<1.0.1.46

Source	Link
immersivelabs	www.immersivelabs.com/resources/blog/netgear-vulnerabilities-could-put-small-business-routers-at-risk/
kb	www.kb.netgear.com/000064407/Security-Advisory-for-Post-Authentication-Command-Injection-Sensitive-Information-Disclosure-on-Multiple-Products-PSV-2021-0169-PSV-2021-0171
nvd	www.nvd.nist.gov/vuln/detail/CVE-2021-45602
web	www.web.nvd.nist.gov/view/vuln/detail

26 Jan 2022 00:00Current

7.6High risk

Vulners AI Score7.6

CVSS 25.6

CVSS 36.1

EPSS0.00096