8.8
CVE-2021-45556
- EPSS 0.5%
- Published 26.12.2021 01:15:15
- Last modified 21.11.2024 06:32:30
- Source cve@mitre.org
- Teams watchlist Login
- Open Login
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects GS108Tv2 before 5.4.2.36, GS110TPP before 7.0.7.2, GS110TPv2 before 5.4.2.36., GS110TPv3 before 7.0.7.2, GS308T before 1.0.3.2, GS310TP before 1.0.3.2, GS724TPP before 2.0.6.3, GS724TPv2 before 2.0.6.3, GS728TPPv2 before 6.0.8.2, GS728TPv2 before 6.0.8.2, GS752TPP before 6.0.8.2, GS752TPv2 before 6.0.8.2, MS510TXM before 1.0.4.2, and MS510TXUP before 1.0.4.2.
Data is provided by the National Vulnerability Database (NVD)
Netgear ≫ Gs108tv2 Firmware Version < 5.4.2.36
Netgear ≫ Gs110tpp Firmware Version < 7.0.7.2
Netgear ≫ Gs110tpv2 Firmware Version < 5.4.2.36
Netgear ≫ Gs308t Firmware Version < 1.0.3.2
Netgear ≫ Gs110tpv3 Firmware Version < 7.0.7.2
Netgear ≫ Gs310tp Firmware Version < 1.0.3.2
Netgear ≫ Gs724tpp Firmware Version < 2.0.6.3
Netgear ≫ Gs724tpv2 Firmware Version < 2.0.6.3
Netgear ≫ Gs728tppv2 Firmware Version < 6.0.8.2
Netgear ≫ Gs728tpv2 Firmware Version < 6.0.8.2
Netgear ≫ Gs752tpp Firmware Version < 6.0.8.2
Netgear ≫ Gs752tpv2 Firmware Version < 6.0.8.2
Netgear ≫ Ms510txm Firmware Version < 1.0.4.2
Netgear ≫ Ms510txup Firmware Version < 1.0.4.2
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
Type | Source | Score | Percentile |
---|---|---|---|
EPSS | FIRST.org | 0.5% | 0.632 |
Source | Base Score | Exploit Score | Impact Score | Vector string |
---|---|---|---|---|
nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
nvd@nist.gov | 6.5 | 8 | 6.4 |
AV:N/AC:L/Au:S/C:P/I:P/A:P
|
cve@mitre.org | 7.5 | 1 | 6 |
CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:L/I:H/A:H
|
CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')
The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.