CVE-2021-45557

EPSS 0.53%
Veröffentlicht 26.12.2021 01:15:15
Zuletzt bearbeitet 21.11.2024 06:32:30
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects GC108P before 1.0.8.2, GC108PP before 1.0.8.2, GS108Tv3 before 7.0.7.2, GS110TPv3 before 7.0.7.2, GS110TPP before 7.0.7.2, GS110TUP before 1.0.5.3, GS710TUP before 1.0.5.3, GS308T before 1.0.3.2, GS310TP before 1.0.3.2, GS710TUP before 1.0.5.3, GS716TP before 1.0.4.2, GS716TPP before 1.0.4.2, GS724TPP before 2.0.6.3, GS724TPv2 before 2.0.6.3, GS724TPP before 2.0.6.3, GS728TPPv2 before 6.0.8.2, GS728TPv2 before 6.0.8.2, GS752TPv2 before 6.0.8.2, GS752TPP before 6.0.8.2, GS750E before 1.0.1.10, MS510TXM before 1.0.4.2, and MS510TXUP before 1.0.4.2.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Netgear ≫ Gc108p Firmware Version < 1.0.8.2

Netgear ≫ Gc108p Version-

Netgear ≫ Gc108pp Firmware Version < 1.0.8.2

Netgear ≫ Gc108pp Version-

Netgear ≫ Gs108tv3 Firmware Version < 7.0.7.2

Netgear ≫ Gs108tv3 Version-

Netgear ≫ Gs110tpv3 Firmware Version < 7.0.7.2

Netgear ≫ Gs110tpv3 Version-

Netgear ≫ Gs110tpp Firmware Version < 7.0.7.2

Netgear ≫ Gs110tpp Version-

Netgear ≫ Gs110tup Firmware Version < 1.0.5.3

Netgear ≫ Gs110tup Version-

Netgear ≫ Gs710tup Firmware Version < 1.0.5.3

Netgear ≫ Gs710tup Version-

Netgear ≫ Gs308t Firmware Version < 1.0.3.2

Netgear ≫ Gs308t Version-

Netgear ≫ Gs310tp Firmware Version < 1.0.3.2

Netgear ≫ Gs310tp Version-

Netgear ≫ Gs710tup Firmware Version < 1.0.5.3

Netgear ≫ Gs710tup Version-

Netgear ≫ Gs716tp Firmware Version < 1.0.4.2

Netgear ≫ Gs716tp Version-

Netgear ≫ Gs716tpp Firmware Version < 1.0.4.2

Netgear ≫ Gs716tpp Version-

Netgear ≫ Gs724tpp Firmware Version < 2.0.6.3

Netgear ≫ Gs724tpp Version-

Netgear ≫ Gs724tpv2 Firmware Version < 2.0.6.3

Netgear ≫ Gs724tpv2 Version-

Netgear ≫ Gs724tpp Firmware Version < 2.0.6.3

Netgear ≫ Gs724tpp Version-

Netgear ≫ Gs728tppv2 Firmware Version < 6.0.8.2

Netgear ≫ Gs728tppv2 Version-

Netgear ≫ Gs728tpv2 Firmware Version < 6.0.8.2

Netgear ≫ Gs728tpv2 Version-

Netgear ≫ Gs752tpv2 Firmware Version < 6.0.8.2

Netgear ≫ Gs752tpv2 Version-

Netgear ≫ Gs752tpp Firmware Version < 6.0.8.2

Netgear ≫ Gs752tpp Version-

Netgear ≫ Gs750e Firmware Version < 1.0.1.10

Netgear ≫ Gs750e Version-

Netgear ≫ Ms510txm Firmware Version < 1.0.4.2

Netgear ≫ Ms510txm Version-

Netgear ≫ Ms510txup Firmware Version < 1.0.4.2

Netgear ≫ Ms510txup Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.53%	0.646

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	6.5	8	6.4	AV:N/AC:L/Au:S/C:P/I:P/A:P
cve@mitre.org	7.5	1	6	CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:L/I:H/A:H

CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

https://kb.netgear.com/000064164/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Switches-PSV-2021-0167

Patch

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-45557

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-45557

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-45557

EUVD