Lucene search

[email protected]CVE-2021-45595

HistoryDec 26, 2021 - 1:15 a.m.

CVE-2021-45595

2021-12-2601:15:17

CWE-77

[email protected]

web.nvd.nist.gov

netgear

devices

command injection

cve-2021-45595

security vulnerability

nvd

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.8 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

38.0%

JSON

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects LBR20 before 2.6.3.50, RBS50Y before 2.7.3.22, RBR10 before 2.7.3.22, RBR20 before 2.7.3.22, RBR40 before 2.7.3.22, RBR50 before 2.7.3.22, RBS10 before 2.7.3.22, RBS20 before 2.7.3.22, RBS40 before 2.7.3.22, RBS50 before 2.7.3.22, RBK12 before 2.7.3.22, RBK20 before 2.7.3.22, RBK40 before 2.7.3.22, and RBK50 before 2.7.3.22.

Affected configurations

NVD

Node

netgearlbr20_firmwareRange<2.6.3.50

AND

netgearlbr20Match-

Node

netgearrbs50y_firmwareRange<2.7.3.22

AND

netgearrbs50yMatch-

Node

netgearrbr10_firmwareRange<2.7.3.22

AND

netgearrbr10Match-

Node

netgearrbr20_firmwareRange<2.7.3.22

AND

netgearrbr20Match-

Node

netgearrbr40_firmwareRange<2.7.3.22

AND

netgearrbr40Match-

Node

netgearrbr50_firmwareRange<2.7.3.22

AND

netgearrbr50Match-

Node

netgearrbs10_firmwareRange<2.7.3.22

AND

netgearrbs10Match-

Node

netgearrbs20_firmwareRange<2.7.3.22

AND

netgearrbs20Match-

Node

netgearrbs40_firmwareRange<2.7.3.22

AND

netgearrbs40Match-

Node

netgearrbs50_firmwareRange<2.7.3.22

AND

netgearrbs50Match-

Node

netgearrbk12_firmwareRange<2.7.3.22

AND

netgearrbk12Match-

Node

netgearrbk20_firmwareRange<2.7.3.22

AND

netgearrbk20Match-

Node

netgearrbk40_firmwareRange<2.7.3.22

AND

netgearrbk40Match-

Node

netgearrbk50_firmwareRange<2.7.3.22

AND

netgearrbk50Match-

CPENameOperatorVersion
netgear:lbr20_firmwarenetgear lbr20 firmwarelt2.6.3.50

CPE	Name	Operator	Version
netgear:lbr20_firmware	netgear lbr20 firmware	lt	2.6.3.50

References

kb.netgear.com/000064495/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-WiFi-Systems-PSV-2020-0462

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.8 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

38.0%

JSON

Related for CVE-2021-45595

cvelist1 prion1 nvd1