CVE-2021-45549

EPSS 0.41%
Published 26.12.2021 01:15:15
Last modified 21.11.2024 06:32:29
Source cve@mitre.org
Teams watchlist Login
Open Login

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects LAX20 before 1.1.6.28, MK62 before 1.1.6.122, MR60 before 1.1.6.122, MS60 before 1.1.6.122, R6400v2 before 1.0.4.118, R6700v3 before 1.0.4.118, R6900P before 1.3.3.140, R7000 before 1.0.11.116, R7000P before 1.3.3.140, R7850 before 1.0.5.68, R7900 before 1.0.4.38, R7900P before 1.4.2.84, R7960P before 1.4.2.84, R8000 before 1.0.4.68, R8000P before 1.4.2.84, RAX15 before 1.0.3.96, RAX20 before 1.0.3.96, RAX200 before 1.0.4.120, RAX35v2 before 1.0.3.96, RAX40v2 before 1.0.3.96, RAX43 before 1.0.3.96, RAX45 before 1.0.3.96, RAX50 before 1.0.3.96, RAX75 before 1.0.4.120, RAX80 before 1.0.4.120, RS400 before 1.5.1.80, and XR1000 before 1.0.0.58.

Affected products Warnungen 0 Metrics 4 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Netgear ≫ Lax20 Firmware Version < 1.1.6.28

Netgear ≫ Lax20 Version-

Netgear ≫ Mk62 Firmware Version < 1.1.6.122

Netgear ≫ Mk62 Version-

Netgear ≫ Mr60 Firmware Version < 1.1.6.122

Netgear ≫ Mr60 Version-

Netgear ≫ Ms60 Firmware Version < 1.1.6.122

Netgear ≫ Ms60 Version-

Netgear ≫ R6400 Firmware Version < 1.0.4.118

Netgear ≫ R6400 Version-

Netgear ≫ R6700 Firmware Version < 1.0.4.118

Netgear ≫ R6700 Versionv3

Netgear ≫ R6900p Firmware Version < 1.3.3.140

Netgear ≫ R6900p Version-

Netgear ≫ R7000 Firmware Version < 1.0.11.116

Netgear ≫ R7000 Version-

Netgear ≫ R7000p Firmware Version < 1.3.3.140

Netgear ≫ R7000p Version-

Netgear ≫ R7850 Firmware Version < 1.0.5.68

Netgear ≫ R7850 Version-

Netgear ≫ R7900 Firmware Version < 1.0.4.38

Netgear ≫ R7900 Version-

Netgear ≫ R7900p Firmware Version < 1.4.2.84

Netgear ≫ R7900p Version-

Netgear ≫ R7960p Firmware Version < 1.4.2.84

Netgear ≫ R7960p Version-

Netgear ≫ R8000 Firmware Version < 1.0.4.68

Netgear ≫ R8000 Version-

Netgear ≫ R8000p Firmware Version < 1.4.2.84

Netgear ≫ R8000p Version-

Netgear ≫ Rax15 Firmware Version < 1.0.3.96

Netgear ≫ Rax15 Version-

Netgear ≫ Rax20 Firmware Version < 1.0.3.96

Netgear ≫ Rax20 Version-

Netgear ≫ Rax200 Firmware Version < 1.0.4.120

Netgear ≫ Rax200 Version-

Netgear ≫ Rax35 Firmware Version < 1.0.3.96

Netgear ≫ Rax35 Versionv2

Netgear ≫ Rax40 Firmware Version < 1.0.3.96

Netgear ≫ Rax40 Version-

Netgear ≫ Rax43 Firmware Version < 1.0.3.96

Netgear ≫ Rax43 Version-

Netgear ≫ Rax45 Firmware Version < 1.0.3.96

Netgear ≫ Rax45 Version-

Netgear ≫ Rax50 Firmware Version < 1.0.3.96

Netgear ≫ Rax50 Version-

Netgear ≫ Rax75 Firmware Version < 1.0.4.120

Netgear ≫ Rax75 Version-

Netgear ≫ Rax80 Firmware Version < 1.0.4.120

Netgear ≫ Rax80 Version-

Netgear ≫ Rs400 Firmware Version < 1.5.1.80

Netgear ≫ Rs400 Version-

Netgear ≫ Xr1000 Firmware Version < 1.0.0.58

Netgear ≫ Xr1000 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.41%	0.581

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.8	0.9	5.9	CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	5.2	5.1	6.4	AV:A/AC:L/Au:S/C:P/I:P/A:P
cve@mitre.org	8.4	1.7	6	CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

https://kb.netgear.com/000064513/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Routers-Extenders-and-WiFi-Systems-PSV-2020-0517

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-45549

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-45549

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-45549

EUVD