Lucene search

[email protected]CVE-2021-38527

HistoryAug 11, 2021 - 12:16 a.m.

CVE-2021-38527

2021-08-1100:16:18

CWE-77

[email protected]

web.nvd.nist.gov

cve-2021-38527

netgear

command injection

unauthenticated attacker

security vulnerability

nvd

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.7 High

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

77.2%

JSON

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR40 before 2.5.0.14, EX6100v2 before 1.0.1.98, EX6150v2 before 1.0.1.98, EX6250 before 1.0.0.132, EX6400 before 1.0.2.158, EX6400v2 before 1.0.0.132, EX6410 before 1.0.0.132, EX6420 before 1.0.0.132, EX7300 before 1.0.2.158, EX7300v2 before 1.0.0.132, EX7320 before 1.0.0.132, EX7700 before 1.0.0.216, EX8000 before 1.0.1.232, R7800 before 1.0.2.78, RBK12 before 2.6.1.44, RBR10 before 2.6.1.44, RBS10 before 2.6.1.44, RBK20 before 2.6.1.38, RBR20 before 2.6.1.36, RBS20 before 2.6.1.38, RBK40 before 2.6.1.38, RBR40 before 2.6.1.36, RBS40 before 2.6.1.38, RBK50 before 2.6.1.40, RBR50 before 2.6.1.40, RBS50 before 2.6.1.40, RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, RBS850 before 3.2.16.6, RBS40V before 2.6.2.4, RBS50Y before 2.6.1.40, RBW30 before 2.6.2.2, and XR500 before 2.3.2.114.

Affected configurations

NVD

Node

netgearcbr40_firmwareRange<2.5.0.14

AND

netgearcbr40Match-

Node

netgearex6100_firmwareRange<1.0.1.98

AND

netgearex6100Matchv2

Node

netgearex6150_firmwareRange<1.0.1.98

AND

netgearex6150Matchv2

Node

netgearex6250_firmwareRange<1.0.0.132

AND

netgearex6250Match-

Node

netgearex6400_firmwareRange<1.0.2.158

AND

netgearex6400Match-

Node

netgearex6400_firmwareRange<1.0.0.132

AND

netgearex6400Matchv2

Node

netgearex6410_firmwareRange<1.0.0.132

AND

netgearex6410Match-

Node

netgearex6420_firmwareRange<1.0.0.132

AND

netgearex6420Match-

Node

netgearex7300_firmwareRange<1.0.2.158

AND

netgearex7300Match-

Node

netgearex7300_firmwareRange<1.0.2.158

AND

netgearex7300Matchv2

Node

netgearex7320_firmwareRange<1.0.0.132

AND

netgearex7320Match-

Node

netgearex7700_firmwareRange<1.0.0.216

AND

netgearex7700Match-

Node

netgearex8000_firmwareRange<1.0.1.232

AND

netgearex8000Match-

Node

netgearr7800_firmwareRange<1.0.2.78

AND

netgearr7800Match-

Node

netgearrbk12_firmwareRange<2.6.1.44

AND

netgearrbk12Match-

Node

netgearrbr10_firmwareRange<2.6.1.44

AND

netgearrbr10Match-

Node

netgearrbs10_firmwareRange<2.6.1.44

AND

netgearrbs10Match-

Node

netgearrbk20_firmwareRange<2.6.1.38

AND

netgearrbk20Match-

Node

netgearrbr20_firmwareRange<2.6.1.36

AND

netgearrbr20Match-

Node

netgearrbs20_firmwareRange<2.6.1.38

AND

netgearrbs20Match-

Node

netgearrbk40_firmwareRange<2.6.1.38

AND

netgearrbk40Match-

Node

netgearrbr40_firmwareRange<2.6.1.36

AND

netgearrbr40Match-

Node

netgearrbs40_firmwareRange<2.6.1.38

AND

netgearrbs40Match-

Node

netgearrbk50_firmwareRange<2.6.1.40

AND

netgearrbk50Match-

Node

netgearrbr50_firmwareRange<2.6.1.40

AND

netgearrbr50Match-

Node

netgearrbs50_firmwareRange<2.6.1.40

AND

netgearrbs50Match-

Node

netgearrbk752_firmwareRange<3.2.16.6

AND

netgearrbk752Match-

Node

netgearrbr750_firmwareRange<3.2.16.6

AND

netgearrbr750Match-

Node

netgearrbs750_firmwareRange<3.2.16.6

AND

netgearrbs750Match-

Node

netgearrbk852_firmwareRange<3.2.16.6

AND

netgearrbk852Match-

Node

netgearrbr850_firmwareRange<3.2.16.6

AND

netgearrbr850Match-

Node

netgearrbs850_firmwareRange<3.2.16.6

AND

netgearrbs850Match-

Node

netgearrbs40v_firmwareRange<2.6.2.4

AND

netgearrbs40vMatch-

Node

netgearrbs50y_firmwareRange<2.6.1.40

AND

netgearrbs50yMatch-

Node

netgearrbw30_firmwareRange<2.6.2.2

AND

netgearrbw30Match-

Node

netgearxr500_firmwareRange<2.3.2.114

AND

netgearxr500Match-

CPENameOperatorVersion
netgear:cbr40_firmwarenetgear cbr40 firmwarelt2.5.0.14

CPE	Name	Operator	Version
netgear:cbr40_firmware	netgear cbr40 firmware	lt	2.5.0.14

References

kb.netgear.com/000063778/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-Extenders-Routers-and-WiFi-Systems-PSV-2020-0025

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.7 High

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

77.2%

JSON

Related for CVE-2021-38527

prion1 cvelist1 nvd1