CVE-2021-45595

EPSS 0.15%
Published 26.12.2021 01:15:17
Last modified 21.11.2024 06:32:37
Source cve@mitre.org
Teams watchlist Login
Open Login

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects LBR20 before 2.6.3.50, RBS50Y before 2.7.3.22, RBR10 before 2.7.3.22, RBR20 before 2.7.3.22, RBR40 before 2.7.3.22, RBR50 before 2.7.3.22, RBS10 before 2.7.3.22, RBS20 before 2.7.3.22, RBS40 before 2.7.3.22, RBS50 before 2.7.3.22, RBK12 before 2.7.3.22, RBK20 before 2.7.3.22, RBK40 before 2.7.3.22, and RBK50 before 2.7.3.22.

Affected products Warnungen 0 Metrics 4 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Netgear ≫ Lbr20 Firmware Version < 2.6.3.50

Netgear ≫ Lbr20 Version-

Netgear ≫ Rbs50y Firmware Version < 2.7.3.22

Netgear ≫ Rbs50y Version-

Netgear ≫ Rbr10 Firmware Version < 2.7.3.22

Netgear ≫ Rbr10 Version-

Netgear ≫ Rbr20 Firmware Version < 2.7.3.22

Netgear ≫ Rbr20 Version-

Netgear ≫ Rbr40 Firmware Version < 2.7.3.22

Netgear ≫ Rbr40 Version-

Netgear ≫ Rbr50 Firmware Version < 2.7.3.22

Netgear ≫ Rbr50 Version-

Netgear ≫ Rbs10 Firmware Version < 2.7.3.22

Netgear ≫ Rbs10 Version-

Netgear ≫ Rbs20 Firmware Version < 2.7.3.22

Netgear ≫ Rbs20 Version-

Netgear ≫ Rbs40 Firmware Version < 2.7.3.22

Netgear ≫ Rbs40 Version-

Netgear ≫ Rbs50 Firmware Version < 2.7.3.22

Netgear ≫ Rbs50 Version-

Netgear ≫ Rbk12 Firmware Version < 2.7.3.22

Netgear ≫ Rbk12 Version-

Netgear ≫ Rbk20 Firmware Version < 2.7.3.22

Netgear ≫ Rbk20 Version-

Netgear ≫ Rbk40 Firmware Version < 2.7.3.22

Netgear ≫ Rbk40 Version-

Netgear ≫ Rbk50 Firmware Version < 2.7.3.22

Netgear ≫ Rbk50 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.15%	0.358

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	6.5	8	6.4	AV:N/AC:L/Au:S/C:P/I:P/A:P
cve@mitre.org	7.6	1	6	CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

https://kb.netgear.com/000064495/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-WiFi-Systems-PSV-2020-0462

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-45595

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-45595

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-45595

EUVD