Lucene search

[email protected]CVE-2021-45557

HistoryDec 26, 2021 - 1:15 a.m.

CVE-2021-45557

2021-12-2601:15:15

CWE-77

[email protected]

web.nvd.nist.gov

cve-2021-45557

netgear

command injection

authenticated user

security vulnerability

nvd

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.8 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

38.0%

JSON

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects GC108P before 1.0.8.2, GC108PP before 1.0.8.2, GS108Tv3 before 7.0.7.2, GS110TPv3 before 7.0.7.2, GS110TPP before 7.0.7.2, GS110TUP before 1.0.5.3, GS710TUP before 1.0.5.3, GS308T before 1.0.3.2, GS310TP before 1.0.3.2, GS710TUP before 1.0.5.3, GS716TP before 1.0.4.2, GS716TPP before 1.0.4.2, GS724TPP before 2.0.6.3, GS724TPv2 before 2.0.6.3, GS724TPP before 2.0.6.3, GS728TPPv2 before 6.0.8.2, GS728TPv2 before 6.0.8.2, GS752TPv2 before 6.0.8.2, GS752TPP before 6.0.8.2, GS750E before 1.0.1.10, MS510TXM before 1.0.4.2, and MS510TXUP before 1.0.4.2.

Affected configurations

NVD

Node

netgeargc108p_firmwareRange<1.0.8.2

AND

netgeargc108pMatch-

Node

netgeargc108pp_firmwareRange<1.0.8.2

AND

netgeargc108ppMatch-

Node

netgeargs108tv3_firmwareRange<7.0.7.2

AND

netgeargs108tv3Match-

Node

netgeargs110tpv3_firmwareRange<7.0.7.2

AND

netgeargs110tpv3Match-

Node

netgeargs110tpp_firmwareRange<7.0.7.2

AND

netgeargs110tppMatch-

Node

netgeargs110tup_firmwareRange<1.0.5.3

AND

netgeargs110tupMatch-

Node

netgeargs710tup_firmwareRange<1.0.5.3

AND

netgeargs710tupMatch-

Node

netgeargs308t_firmwareRange<1.0.3.2

AND

netgeargs308tMatch-

Node

netgeargs310tp_firmwareRange<1.0.3.2

AND

netgeargs310tpMatch-

Node

netgeargs710tup_firmwareRange<1.0.5.3

AND

netgeargs710tupMatch-

Node

netgeargs716tp_firmwareRange<1.0.4.2

AND

netgeargs716tpMatch-

Node

netgeargs716tpp_firmwareRange<1.0.4.2

AND

netgeargs716tppMatch-

Node

netgeargs724tpp_firmwareRange<2.0.6.3

AND

netgeargs724tppMatch-

Node

netgeargs724tpv2_firmwareRange<2.0.6.3

AND

netgeargs724tpv2Match-

Node

netgeargs724tpp_firmwareRange<2.0.6.3

AND

netgeargs724tppMatch-

Node

netgeargs728tppv2_firmwareRange<6.0.8.2

AND

netgeargs728tppv2Match-

Node

netgeargs728tpv2_firmwareRange<6.0.8.2

AND

netgeargs728tpv2Match-

Node

netgeargs752tpv2_firmwareRange<6.0.8.2

AND

netgeargs752tpv2Match-

Node

netgeargs752tpp_firmwareRange<6.0.8.2

AND

netgeargs752tppMatch-

Node

netgeargs750e_firmwareRange<1.0.1.10

AND

netgeargs750eMatch-

Node

netgearms510txm_firmwareRange<1.0.4.2

AND

netgearms510txmMatch-

Node

netgearms510txup_firmwareRange<1.0.4.2

AND

netgearms510txupMatch-

CPENameOperatorVersion
netgear:gc108p_firmwarenetgear gc108p firmwarelt1.0.8.2

CPE	Name	Operator	Version
netgear:gc108p_firmware	netgear gc108p firmware	lt	1.0.8.2

References

kb.netgear.com/000064164/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Switches-PSV-2021-0167

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.8 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

38.0%

JSON

Related for CVE-2021-45557

cvelist1 prion1 nvd1