8.8

CVE-2021-45556

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects GS108Tv2 before 5.4.2.36, GS110TPP before 7.0.7.2, GS110TPv2 before 5.4.2.36., GS110TPv3 before 7.0.7.2, GS308T before 1.0.3.2, GS310TP before 1.0.3.2, GS724TPP before 2.0.6.3, GS724TPv2 before 2.0.6.3, GS728TPPv2 before 6.0.8.2, GS728TPv2 before 6.0.8.2, GS752TPP before 6.0.8.2, GS752TPv2 before 6.0.8.2, MS510TXM before 1.0.4.2, and MS510TXUP before 1.0.4.2.

Data is provided by the National Vulnerability Database (NVD)
NetgearGs108tv2 Firmware Version < 5.4.2.36
   NetgearGs108tv2 Version-
NetgearGs110tpp Firmware Version < 7.0.7.2
   NetgearGs110tpp Version-
NetgearGs110tpv2 Firmware Version < 5.4.2.36
   NetgearGs110tpv2 Version-
NetgearGs308t Firmware Version < 1.0.3.2
   NetgearGs308t Version-
NetgearGs110tpv3 Firmware Version < 7.0.7.2
   NetgearGs110tpv3 Version-
NetgearGs310tp Firmware Version < 1.0.3.2
   NetgearGs310tp Version-
NetgearGs724tpp Firmware Version < 2.0.6.3
   NetgearGs724tpp Version-
NetgearGs724tpv2 Firmware Version < 2.0.6.3
   NetgearGs724tpv2 Version-
NetgearGs728tppv2 Firmware Version < 6.0.8.2
   NetgearGs728tppv2 Version-
NetgearGs728tpv2 Firmware Version < 6.0.8.2
   NetgearGs728tpv2 Version-
NetgearGs752tpp Firmware Version < 6.0.8.2
   NetgearGs752tpp Version-
NetgearGs752tpv2 Firmware Version < 6.0.8.2
   NetgearGs752tpv2 Version-
NetgearMs510txm Firmware Version < 1.0.4.2
   NetgearMs510txm Version-
NetgearMs510txup Firmware Version < 1.0.4.2
   NetgearMs510txup Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.5% 0.632
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 8.8 2.8 5.9
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 6.5 8 6.4
AV:N/AC:L/Au:S/C:P/I:P/A:P
cve@mitre.org 7.5 1 6
CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:L/I:H/A:H
CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.