Lucene search

[email protected]NVD:CVE-2021-45594

HistoryDec 26, 2021 - 1:15 a.m.

CVE-2021-45594

2021-12-2601:15:17

CWE-77

[email protected]

web.nvd.nist.gov

netgear

devices

authenticated user

command injection

rbs50y

rbr20

rbr40

rbr50

rbs20

rbs40

rbk20

rbk40

rbk50

cve-2021-45594

CVSS2

5.2

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:A/AC:L/Au:S/C:P/I:P/A:P

CVSS3

6.8

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

12.6%

JSON

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBS50Y before 2.7.3.22, RBR20 before 2.7.3.22, RBR40 before 2.7.3.22, RBR50 before 2.7.3.22, RBS20 before 2.7.3.22, RBS40 before 2.7.3.22, RBS50 before 2.7.3.22, RBK20 before 2.7.3.22, RBK40 before 2.7.3.22, and RBK50 before 2.7.3.22.

Affected configurations

Nvd

Node

netgearrbr20_firmwareRange<2.7.3.22

AND

netgearrbr20Match-

Node

netgearrbr40_firmwareRange<2.7.3.22

AND

netgearrbr40Match-

Node

netgearrbr50_firmwareRange<2.7.3.22

AND

netgearrbr50Match-

Node

netgearrbs20_firmwareRange<2.7.3.22

AND

netgearrbs20Match-

Node

netgearrbs40_firmwareRange<2.7.3.22

AND

netgearrbs40Match-

Node

netgearrbs50_firmwareRange<2.7.3.22

AND

netgearrbs50Match-

Node

netgearrbk20_firmwareRange<2.7.3.22

AND

netgearrbk20Match-

Node

netgearrbk40_firmwareRange<2.7.3.22

AND

netgearrbk40Match-

Node

netgearrbk50_firmwareRange<2.7.3.22

AND

netgearrbk50Match-

Node

netgearrbs50y_firmwareRange<2.7.3.22

AND

netgearrbs50yMatch-

VendorProductVersionCPE
netgearrbr20_firmware*cpe:2.3:o:netgear:rbr20_firmware:*:*:*:*:*:*:*:*
netgearrbr20-cpe:2.3:h:netgear:rbr20:-:*:*:*:*:*:*:*
netgearrbr40_firmware*cpe:2.3:o:netgear:rbr40_firmware:*:*:*:*:*:*:*:*
netgearrbr40-cpe:2.3:h:netgear:rbr40:-:*:*:*:*:*:*:*
netgearrbr50_firmware*cpe:2.3:o:netgear:rbr50_firmware:*:*:*:*:*:*:*:*
netgearrbr50-cpe:2.3:h:netgear:rbr50:-:*:*:*:*:*:*:*
netgearrbs20_firmware*cpe:2.3:o:netgear:rbs20_firmware:*:*:*:*:*:*:*:*
netgearrbs20-cpe:2.3:h:netgear:rbs20:-:*:*:*:*:*:*:*
netgearrbs40_firmware*cpe:2.3:o:netgear:rbs40_firmware:*:*:*:*:*:*:*:*
netgearrbs40-cpe:2.3:h:netgear:rbs40:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
netgear	rbr20_firmware	*	cpe:2.3:o:netgear:rbr20_firmware::::::::
netgear	rbr20	-	cpe:2.3:h:netgear:rbr20:-:::::::*
netgear	rbr40_firmware	*	cpe:2.3:o:netgear:rbr40_firmware::::::::
netgear	rbr40	-	cpe:2.3:h:netgear:rbr40:-:::::::*
netgear	rbr50_firmware	*	cpe:2.3:o:netgear:rbr50_firmware::::::::
netgear	rbr50	-	cpe:2.3:h:netgear:rbr50:-:::::::*
netgear	rbs20_firmware	*	cpe:2.3:o:netgear:rbs20_firmware::::::::
netgear	rbs20	-	cpe:2.3:h:netgear:rbs20:-:::::::*
netgear	rbs40_firmware	*	cpe:2.3:o:netgear:rbs40_firmware::::::::
netgear	rbs40	-	cpe:2.3:h:netgear:rbs40:-:::::::*

Rows per page:

1-10 of 201

References

kb.netgear.com/000064475/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-WiFi-Systems-PSV-2020-0183

CVSS2

5.2

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:A/AC:L/Au:S/C:P/I:P/A:P

CVSS3

6.8

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

12.6%

JSON

Related for NVD:CVE-2021-45594

cvelist1 prion1 cve1