10
CVE-2021-38527
- EPSS 2.46%
- Published 11.08.2021 00:16:18
- Last modified 21.11.2024 06:17:20
- Source cve@mitre.org
- Teams watchlist Login
- Open Login
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR40 before 2.5.0.14, EX6100v2 before 1.0.1.98, EX6150v2 before 1.0.1.98, EX6250 before 1.0.0.132, EX6400 before 1.0.2.158, EX6400v2 before 1.0.0.132, EX6410 before 1.0.0.132, EX6420 before 1.0.0.132, EX7300 before 1.0.2.158, EX7300v2 before 1.0.0.132, EX7320 before 1.0.0.132, EX7700 before 1.0.0.216, EX8000 before 1.0.1.232, R7800 before 1.0.2.78, RBK12 before 2.6.1.44, RBR10 before 2.6.1.44, RBS10 before 2.6.1.44, RBK20 before 2.6.1.38, RBR20 before 2.6.1.36, RBS20 before 2.6.1.38, RBK40 before 2.6.1.38, RBR40 before 2.6.1.36, RBS40 before 2.6.1.38, RBK50 before 2.6.1.40, RBR50 before 2.6.1.40, RBS50 before 2.6.1.40, RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, RBS850 before 3.2.16.6, RBS40V before 2.6.2.4, RBS50Y before 2.6.1.40, RBW30 before 2.6.2.2, and XR500 before 2.3.2.114.
Data is provided by the National Vulnerability Database (NVD)
Netgear ≫ Cbr40 Firmware Version < 2.5.0.14
Netgear ≫ Ex6100 Firmware Version < 1.0.1.98
Netgear ≫ Ex6150 Firmware Version < 1.0.1.98
Netgear ≫ Ex6250 Firmware Version < 1.0.0.132
Netgear ≫ Ex6400 Firmware Version < 1.0.2.158
Netgear ≫ Ex6400 Firmware Version < 1.0.0.132
Netgear ≫ Ex6410 Firmware Version < 1.0.0.132
Netgear ≫ Ex6420 Firmware Version < 1.0.0.132
Netgear ≫ Ex7300 Firmware Version < 1.0.2.158
Netgear ≫ Ex7300 Firmware Version < 1.0.2.158
Netgear ≫ Ex7320 Firmware Version < 1.0.0.132
Netgear ≫ Ex7700 Firmware Version < 1.0.0.216
Netgear ≫ Ex8000 Firmware Version < 1.0.1.232
Netgear ≫ R7800 Firmware Version < 1.0.2.78
Netgear ≫ Rbk12 Firmware Version < 2.6.1.44
Netgear ≫ Rbr10 Firmware Version < 2.6.1.44
Netgear ≫ Rbs10 Firmware Version < 2.6.1.44
Netgear ≫ Rbk20 Firmware Version < 2.6.1.38
Netgear ≫ Rbr20 Firmware Version < 2.6.1.36
Netgear ≫ Rbs20 Firmware Version < 2.6.1.38
Netgear ≫ Rbk40 Firmware Version < 2.6.1.38
Netgear ≫ Rbr40 Firmware Version < 2.6.1.36
Netgear ≫ Rbs40 Firmware Version < 2.6.1.38
Netgear ≫ Rbk50 Firmware Version < 2.6.1.40
Netgear ≫ Rbr50 Firmware Version < 2.6.1.40
Netgear ≫ Rbs50 Firmware Version < 2.6.1.40
Netgear ≫ Rbk752 Firmware Version < 3.2.16.6
Netgear ≫ Rbr750 Firmware Version < 3.2.16.6
Netgear ≫ Rbs750 Firmware Version < 3.2.16.6
Netgear ≫ Rbk852 Firmware Version < 3.2.16.6
Netgear ≫ Rbr850 Firmware Version < 3.2.16.6
Netgear ≫ Rbs850 Firmware Version < 3.2.16.6
Netgear ≫ Rbs40v Firmware Version < 2.6.2.4
Netgear ≫ Rbs50y Firmware Version < 2.6.1.40
Netgear ≫ Rbw30 Firmware Version < 2.6.2.2
Netgear ≫ Xr500 Firmware Version < 2.3.2.114
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.46% | 0.846 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 10 | 10 | 10 |
AV:N/AC:L/Au:N/C:C/I:C/A:C
|
| cve@mitre.org | 8.1 | 2.8 | 5.2 |
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
|
CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')
The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.