Command injection

2021-12-2601:15:00

PRIOn knowledge base

www.prio-n.com

9.1 High

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

16.2%

JSON

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR40 before 2.5.0.24, CBR750 before 4.6.3.6, R7900P before 1.4.2.84, R7960P before 1.4.2.84, R8000P before 1.4.2.84, R8300 before 1.0.2.154, R8500 before 1.0.2.154, RBK752 before 3.2.17.12, RBR750 before 3.2.17.12, RBS750 before 3.2.17.12, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12.

CPENameOperatorVersion
cbr40_firmwarelt2.5.0.24
cbr750_firmwarelt4.6.3.6
r7900p_firmwarelt1.4.2.84
r7960p_firmwarelt1.4.2.84
r8000p_firmwarelt1.4.2.84
r8300_firmwarelt1.0.2.154
r8500_firmwarelt1.0.2.154
rbk752_firmwarelt3.2.17.12
rbk852_firmwarelt3.2.17.12
rbr750_firmwarelt3.2.17.12

Name	Operator	Version
cbr40_firmware	lt	2.5.0.24
cbr750_firmware	lt	4.6.3.6
r7900p_firmware	lt	1.4.2.84
r7960p_firmware	lt	1.4.2.84
r8000p_firmware	lt	1.4.2.84
r8300_firmware	lt	1.0.2.154
r8500_firmware	lt	1.0.2.154
rbk752_firmware	lt	3.2.17.12
rbk852_firmware	lt	3.2.17.12
rbr750_firmware	lt	3.2.17.12