CVE-2021-45618

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects D7800 before 1.0.1.64, EX6200v2 before 1.0.1.86, EX6250 before 1.0.0.134, EX7700 before 1.0.0.216, EX8000 before 1.0.1.232, LBR20 before 2.6.3.50, R7800 before 1.0.2.80, R8900 before 1.0.5.26, R9000 before 1.0.5.26, RAX120 before 1.2.0.16, RBS50Y before 1.0.0.56, WNR2000v5 before 1.0.0.76, XR450 before 2.3.2.114, XR500 before 2.3.2.114, XR700 before 1.0.1.36, EX6150v2 before 1.0.1.98, EX7300 before 1.0.2.158, EX7320 before 1.0.0.134, EX6100v2 before 1.0.1.98, EX6400 before 1.0.2.158, EX7300v2 before 1.0.0.134, EX6410 before 1.0.0.134, RBR10 before 2.6.1.44, RBR20 before 2.6.2.104, RBR40 before 2.6.2.104, RBR50 before 2.7.2.102, EX6420 before 1.0.0.134, RBS10 before 2.6.1.44, RBS20 before 2.6.2.104, RBS40 before 2.6.2.104, RBS50 before 2.7.2.102, EX6400v2 before 1.0.0.134, RBK12 before 2.6.1.44, RBK20 before 2.6.2.104, RBK40 before 2.6.2.104, and RBK50 before 2.7.2.102.

CVSS v3 9.6 CRITICAL
CVSS v2.0 10.0 HIGH

9.6^/10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 6.0

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

10.0^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
https://kb.netgear.com/000064490/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-Routers-Extenders-and-WiFi-Systems-PSV-2020-0422	Vendor Advisory
https://kb.netgear.com/000064490/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-Routers-Extenders-and-WiFi-Systems-PSV-2020-0422	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:netgear:d7800_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:d7800:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:netgear:ex6200v2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:ex6200v2:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:netgear:ex6250_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:ex6250:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:netgear:ex7700_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:ex7700:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:netgear:ex8000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:ex8000:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:netgear:lbr20_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:lbr20:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:netgear:r7800_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:r7800:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:netgear:r8900_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:r8900:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:netgear:r9000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:r9000:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:netgear:rax120_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:rax120:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND

cpe:2.3:o:netgear:rbs50y_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:rbs50y:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND

cpe:2.3:o:netgear:wnr2000v5_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:wnr2000v5:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND

cpe:2.3:o:netgear:xr450_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:xr450:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND

cpe:2.3:o:netgear:xr500_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:xr500:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND

cpe:2.3:o:netgear:xr700_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:xr700:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND

cpe:2.3:o:netgear:ex6150v2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:ex6150v2:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND

cpe:2.3:o:netgear:ex7300_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:ex7300:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND

cpe:2.3:o:netgear:ex7320_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:ex7320:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND

cpe:2.3:o:netgear:ex6100v2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:ex6100v2:-:*:*:*:*:*:*:*

Configuration 20 (hide)

AND

cpe:2.3:o:netgear:ex6400_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:ex6400:-:*:*:*:*:*:*:*

Configuration 21 (hide)

AND

cpe:2.3:o:netgear:ex7300v2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:ex7300v2:-:*:*:*:*:*:*:*

Configuration 22 (hide)

AND

cpe:2.3:o:netgear:ex6410_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:ex6410:-:*:*:*:*:*:*:*

Configuration 23 (hide)

AND

cpe:2.3:o:netgear:rbr10_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:rbr10:-:*:*:*:*:*:*:*

Configuration 24 (hide)

AND

cpe:2.3:o:netgear:rbr20_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:rbr20:-:*:*:*:*:*:*:*

Configuration 25 (hide)

AND

cpe:2.3:o:netgear:rbr40_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:rbr40:-:*:*:*:*:*:*:*

Configuration 26 (hide)

AND

cpe:2.3:o:netgear:rbr50_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:rbr50:-:*:*:*:*:*:*:*

Configuration 27 (hide)

AND

cpe:2.3:o:netgear:ex6420_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:ex6420:-:*:*:*:*:*:*:*

Configuration 28 (hide)

AND

cpe:2.3:o:netgear:rbs10_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:rbs10:-:*:*:*:*:*:*:*

Configuration 29 (hide)

AND

cpe:2.3:o:netgear:rbs20_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:rbs20:-:*:*:*:*:*:*:*

Configuration 30 (hide)

AND

cpe:2.3:o:netgear:rbs40_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:rbs40:-:*:*:*:*:*:*:*

Configuration 31 (hide)

AND

cpe:2.3:o:netgear:rbs50_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:rbs50:-:*:*:*:*:*:*:*

Configuration 32 (hide)

AND

cpe:2.3:o:netgear:ex6400v2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:ex6400v2:-:*:*:*:*:*:*:*

Configuration 33 (hide)

AND

cpe:2.3:o:netgear:rbk12_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:rbk12:-:*:*:*:*:*:*:*

Configuration 34 (hide)

AND

cpe:2.3:o:netgear:rbk20_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:rbk20:-:*:*:*:*:*:*:*

Configuration 35 (hide)

AND

cpe:2.3:o:netgear:rbk40_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:rbk40:-:*:*:*:*:*:*:*

Configuration 36 (hide)

AND

cpe:2.3:o:netgear:rbk50_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:rbk50:-:*:*:*:*:*:*:*

History

21 Nov 2024, 06:32

Type	Values Removed	Values Added
CVSS	v2 : ~~10.0~~ v3 : ~~9.8~~	v2 : 10.0 v3 : 9.6
References	~~() https://kb.netgear.com/000064490/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-Routers-Extenders-and-WiFi-Systems-PSV-2020-0422 - Vendor Advisory~~	() https://kb.netgear.com/000064490/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-Routers-Extenders-and-WiFi-Systems-PSV-2020-0422 - Vendor Advisory

Information

Published : 2021-12-26 01:15

Updated : 2024-11-21 06:32

NVD link : CVE-2021-45618

Mitre link : CVE-2021-45618

CVE.ORG link : CVE-2021-45618

JSON object : View

Products Affected

netgear

xr450
rbr20
xr450_firmware
rax120_firmware
r9000
ex7300v2
xr500_firmware
rbk20
rbr50
ex7300_firmware
rbk50_firmware
rbs40
ex6200v2
rbs50
rbs20_firmware
rbs50_firmware
ex6100v2_firmware
rbr40_firmware
rbs10_firmware
ex6200v2_firmware
xr700_firmware
rbr20_firmware
wnr2000v5
rbr10
rbs40_firmware
ex7700_firmware
ex6250_firmware
ex7300
rbs50y
ex8000
rbs50y_firmware
ex6250
wnr2000v5_firmware
lbr20
rbk40
d7800
rbr10_firmware
ex6420_firmware
rbk20_firmware
ex6400v2
xr700
ex6410
r7800_firmware
rbs20
ex6410_firmware
lbr20_firmware
r8900
ex7300v2_firmware
rbk12_firmware
ex6400v2_firmware
d7800_firmware
rbk12
rbk40_firmware
ex6420
rbr50_firmware
ex6150v2
xr500
rbs10
r8900_firmware
r7800
ex7320
ex6100v2
rbr40
ex7320_firmware
ex7700
ex6400
rax120
r9000_firmware
rbk50
ex8000_firmware
ex6150v2_firmware
ex6400_firmware

CWE

CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')

9.6 /10