Lucene search

MitreCVE-2021-45533

HistoryDec 26, 2021 - 1:15 a.m.

CVE-2021-45533

2021-12-2601:15:14

CWE-77

mitre

web.nvd.nist.gov

cve-2021-45533

netgear

command injection

authenticated user

security vulnerability

CVSS2

5.2

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:A/AC:L/Au:S/C:P/I:P/A:P

CVSS3

8.4

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

EPSS

Percentile

12.6%

JSON

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects EX6120 before 1.0.0.66, EX6130 before 1.0.0.46, EX7000 before 1.0.1.106, EX7500 before 1.0.1.76, EX3700 before 1.0.0.94, EX3800 before 1.0.0.94, RBR850 before 4.6.3.9, RBS850 before 4.6.3.9, and RBK852 before 4.6.3.9.

Affected configurations

Nvd

Node

netgearex6120_firmwareRange<1.0.0.66

AND

netgearex6120Match-

Node

netgearex6130_firmwareRange<1.0.0.46

AND

netgearex6130Match-

Node

netgearex7000_firmwareRange<1.0.1.106

AND

netgearex7000Match-

Node

netgearex7500_firmwareRange<1.0.1.76

AND

netgearex7500Match-

Node

netgearex3700_firmwareRange<1.0.0.94

AND

netgearex3700Match-

Node

netgearex3800_firmwareRange<1.0.0.94

AND

netgearex3800Match-

Node

netgearrbr850_firmwareRange<4.6.3.9

AND

netgearrbr850Match-

Node

netgearrbs850_firmwareRange<4.6.3.9

AND

netgearrbs850Match-

Node

netgearrbk852_firmwareRange<4.6.3.9

AND

netgearrbk852Match-

VendorProductVersionCPE
netgearex6120_firmware*cpe:2.3:o:netgear:ex6120_firmware:*:*:*:*:*:*:*:*
netgearex6120-cpe:2.3:h:netgear:ex6120:-:*:*:*:*:*:*:*
netgearex6130_firmware*cpe:2.3:o:netgear:ex6130_firmware:*:*:*:*:*:*:*:*
netgearex6130-cpe:2.3:h:netgear:ex6130:-:*:*:*:*:*:*:*
netgearex7000_firmware*cpe:2.3:o:netgear:ex7000_firmware:*:*:*:*:*:*:*:*
netgearex7000-cpe:2.3:h:netgear:ex7000:-:*:*:*:*:*:*:*
netgearex7500_firmware*cpe:2.3:o:netgear:ex7500_firmware:*:*:*:*:*:*:*:*
netgearex7500-cpe:2.3:h:netgear:ex7500:-:*:*:*:*:*:*:*
netgearex3700_firmware*cpe:2.3:o:netgear:ex3700_firmware:*:*:*:*:*:*:*:*
netgearex3700-cpe:2.3:h:netgear:ex3700:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
netgear	ex6120_firmware	*	cpe:2.3:o:netgear:ex6120_firmware::::::::
netgear	ex6120	-	cpe:2.3:h:netgear:ex6120:-:::::::*
netgear	ex6130_firmware	*	cpe:2.3:o:netgear:ex6130_firmware::::::::
netgear	ex6130	-	cpe:2.3:h:netgear:ex6130:-:::::::*
netgear	ex7000_firmware	*	cpe:2.3:o:netgear:ex7000_firmware::::::::
netgear	ex7000	-	cpe:2.3:h:netgear:ex7000:-:::::::*
netgear	ex7500_firmware	*	cpe:2.3:o:netgear:ex7500_firmware::::::::
netgear	ex7500	-	cpe:2.3:h:netgear:ex7500:-:::::::*
netgear	ex3700_firmware	*	cpe:2.3:o:netgear:ex3700_firmware::::::::
netgear	ex3700	-	cpe:2.3:h:netgear:ex3700:-:::::::*

Rows per page:

1-10 of 181

References

kb.netgear.com/000064458/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Extenders-and-WiFi-Systems-PSV-2020-0062

CVSS2

5.2

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:A/AC:L/Au:S/C:P/I:P/A:P

CVSS3

8.4

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

EPSS

Percentile

12.6%

JSON

Related for CVE-2021-45533