CVE-2021-45614

EPSS 0.92%
Veröffentlicht 26.12.2021 01:15:18
Zuletzt bearbeitet 21.11.2024 06:32:40
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects D7000v2 before 1.0.0.74, LAX20 before 1.1.6.28, MK62 before 1.0.6.116, MR60 before 1.0.6.116, MS60 before 1.0.6.116, RAX15 before 1.0.3.96, RAX20 before 1.0.3.96, RAX200 before 1.0.4.120, RAX45 before 1.0.3.96, RAX50 before 1.0.3.96, RAX43 before 1.0.3.96, RAX40v2 before 1.0.3.96, RAX35v2 before 1.0.3.96, RAX75 before 1.0.4.120, RAX80 before 1.0.4.120, RBK752 before 3.2.17.12, RBR750 before 3.2.17.12, RBS750 before 3.2.17.12, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, RBS850 before 3.2.17.12, and XR1000 before 1.0.0.58.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Netgear ≫ D7000v2 Firmware Version < 1.0.0.74

Netgear ≫ D7000v2 Version-

Netgear ≫ Lax20 Firmware Version < 1.1.6.28

Netgear ≫ Lax20 Version-

Netgear ≫ Mk62 Firmware Version < 1.0.6.116

Netgear ≫ Mk62 Version-

Netgear ≫ Mr60 Firmware Version < 1.0.6.116

Netgear ≫ Mr60 Version-

Netgear ≫ Ms60 Firmware Version < 1.0.6.116

Netgear ≫ Ms60 Version-

Netgear ≫ Rax15 Firmware Version < 1.0.3.96

Netgear ≫ Rax15 Version-

Netgear ≫ Rax20 Firmware Version < 1.0.3.96

Netgear ≫ Rax20 Version-

Netgear ≫ Rax200 Firmware Version < 1.0.4.120

Netgear ≫ Rax200 Version-

Netgear ≫ Rax45 Firmware Version < 1.0.3.96

Netgear ≫ Rax45 Version-

Netgear ≫ Rax50 Firmware Version < 1.0.3.96

Netgear ≫ Rax50 Version-

Netgear ≫ Rax43 Firmware Version < 1.0.3.96

Netgear ≫ Rax43 Version-

Netgear ≫ Rax40v2 Firmware Version < 1.0.3.96

Netgear ≫ Rax40v2 Version-

Netgear ≫ Rax35v2 Firmware Version < 1.0.3.96

Netgear ≫ Rax35v2 Version-

Netgear ≫ Rax75 Firmware Version < 1.0.4.120

Netgear ≫ Rax75 Version-

Netgear ≫ Rax80 Firmware Version < 1.0.4.120

Netgear ≫ Rax80 Version-

Netgear ≫ Rbk752 Firmware Version < 3.2.17.12

Netgear ≫ Rbk752 Version-

Netgear ≫ Rbr750 Firmware Version < 3.2.17.12

Netgear ≫ Rbr750 Version-

Netgear ≫ Rbs750 Firmware Version < 3.2.17.12

Netgear ≫ Rbs750 Version-

Netgear ≫ Rbk852 Firmware Version < 3.2.17.12

Netgear ≫ Rbk852 Version-

Netgear ≫ Rbr850 Firmware Version < 3.2.17.12

Netgear ≫ Rbr850 Version-

Netgear ≫ Rbs850 Firmware Version < 3.2.17.12

Netgear ≫ Rbs850 Version-

Netgear ≫ Xr1000 Firmware Version < 1.0.0.58

Netgear ≫ Xr1000 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.92%	0.752

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	10	10	10	AV:N/AC:L/Au:N/C:C/I:C/A:C
cve@mitre.org	9.6	2.8	6	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

https://kb.netgear.com/000064141/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-Routers-and-WiFi-Systems-PSV-2020-0520

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-45614

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-45614

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-45614

EUVD