Lucene search

[email protected]CVE-2021-45617

HistoryDec 26, 2021 - 1:15 a.m.

CVE-2021-45617

2021-12-2601:15:00

CWE-77

[email protected]

web.nvd.nist.gov

netgear

devices

unauthenticated

command injection

cve-2021-45617

security vulnerability

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.8 High

AI Score

Confidence

High

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.001 Low

EPSS

Percentile

44.0%

JSON

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR40 before 2.5.0.24, EAX20 before 1.0.0.48, EAX80 before 1.0.1.64, EX7500 before 1.0.0.72, R6400 before 1.0.1.68, R6900P before 1.3.2.132, R7000 before 1.0.11.116, R7000P before 1.3.2.132, R7900 before 1.0.4.38, R7960P before 1.4.1.66, R8000 before 1.0.4.66, RAX200 before 1.0.3.106, RS400 before 1.5.1.80, XR300 before 1.0.3.68, MK62 before 1.0.6.110, MR60 before 1.0.6.110, R6400v2 before 1.0.4.106, R8000P before 1.4.1.66, RAX20 before 1.0.2.64, RAX45 before 1.0.2.82, RAX80 before 1.0.3.106, MS60 before 1.0.6.110, R6700v3 before 1.0.4.106, R7900P before 1.4.1.66, RAX15 before 1.0.2.64, RAX50 before 1.0.2.82, RAX75 before 1.0.3.106, RBR750 before 3.2.16.22, RBR850 before 3.2.16.22, RBS750 before 3.2.16.22, RBS850 before 3.2.16.22, RBK752 before 3.2.16.22, and RBK852 before 3.2.16.22.

CPENameOperatorVersion
netgear:cbr40_firmwarenetgear cbr40 firmwarelt2.5.0.24
netgear:eax20_firmwarenetgear eax20 firmwarelt1.0.0.48
netgear:eax80_firmwarenetgear eax80 firmwarelt1.0.1.64
netgear:ex7500_firmwarenetgear ex7500 firmwarelt1.0.0.72
netgear:r6400_firmwarenetgear r6400 firmwarelt1.0.1.68
netgear:r6900p_firmwarenetgear r6900p firmwarelt1.3.2.132
netgear:r7000_firmwarenetgear r7000 firmwarelt1.0.11.116
netgear:r7000p_firmwarenetgear r7000p firmwarelt1.3.2.132
netgear:r7900_firmwarenetgear r7900 firmwarelt1.0.4.38
netgear:r7960p_firmwarenetgear r7960p firmwarelt1.4.1.66

CPE	Name	Operator	Version
netgear:cbr40_firmware	netgear cbr40 firmware	lt	2.5.0.24
netgear:eax20_firmware	netgear eax20 firmware	lt	1.0.0.48
netgear:eax80_firmware	netgear eax80 firmware	lt	1.0.1.64
netgear:ex7500_firmware	netgear ex7500 firmware	lt	1.0.0.72
netgear:r6400_firmware	netgear r6400 firmware	lt	1.0.1.68
netgear:r6900p_firmware	netgear r6900p firmware	lt	1.3.2.132
netgear:r7000_firmware	netgear r7000 firmware	lt	1.0.11.116
netgear:r7000p_firmware	netgear r7000p firmware	lt	1.3.2.132
netgear:r7900_firmware	netgear r7900 firmware	lt	1.0.4.38
netgear:r7960p_firmware	netgear r7960p firmware	lt	1.4.1.66

Rows per page:

1-10 of 331

References

kb.netgear.com/000064505/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-Routers-Extenders-and-WiFi-Systems-PSV-2020-0156

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.8 High

AI Score

Confidence

High

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.001 Low

EPSS

Percentile

44.0%

JSON

Related for CVE-2021-45617

cvelist1 prion1