10
CVE-2021-45618
- EPSS 1.53%
- Published 26.12.2021 01:15:18
- Last modified 21.11.2024 06:32:41
- Source cve@mitre.org
- Teams watchlist Login
- Open Login
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects D7800 before 1.0.1.64, EX6200v2 before 1.0.1.86, EX6250 before 1.0.0.134, EX7700 before 1.0.0.216, EX8000 before 1.0.1.232, LBR20 before 2.6.3.50, R7800 before 1.0.2.80, R8900 before 1.0.5.26, R9000 before 1.0.5.26, RAX120 before 1.2.0.16, RBS50Y before 1.0.0.56, WNR2000v5 before 1.0.0.76, XR450 before 2.3.2.114, XR500 before 2.3.2.114, XR700 before 1.0.1.36, EX6150v2 before 1.0.1.98, EX7300 before 1.0.2.158, EX7320 before 1.0.0.134, EX6100v2 before 1.0.1.98, EX6400 before 1.0.2.158, EX7300v2 before 1.0.0.134, EX6410 before 1.0.0.134, RBR10 before 2.6.1.44, RBR20 before 2.6.2.104, RBR40 before 2.6.2.104, RBR50 before 2.7.2.102, EX6420 before 1.0.0.134, RBS10 before 2.6.1.44, RBS20 before 2.6.2.104, RBS40 before 2.6.2.104, RBS50 before 2.7.2.102, EX6400v2 before 1.0.0.134, RBK12 before 2.6.1.44, RBK20 before 2.6.2.104, RBK40 before 2.6.2.104, and RBK50 before 2.7.2.102.
Data is provided by the National Vulnerability Database (NVD)
Netgear ≫ D7800 Firmware Version < 1.0.1.64
Netgear ≫ Ex6200v2 Firmware Version < 1.0.1.86
Netgear ≫ Ex6250 Firmware Version < 1.0.0.134
Netgear ≫ Ex7700 Firmware Version < 1.0.0.216
Netgear ≫ Ex8000 Firmware Version < 1.0.1.232
Netgear ≫ Lbr20 Firmware Version < 2.6.3.50
Netgear ≫ R7800 Firmware Version < 1.0.2.80
Netgear ≫ R8900 Firmware Version < 1.0.5.26
Netgear ≫ R9000 Firmware Version < 1.0.5.26
Netgear ≫ Rax120 Firmware Version < 1.2.0.16
Netgear ≫ Rbs50y Firmware Version < 1.0.0.56
Netgear ≫ Wnr2000v5 Firmware Version < 1.0.0.76
Netgear ≫ Xr450 Firmware Version < 2.3.2.114
Netgear ≫ Xr500 Firmware Version < 2.3.2.114
Netgear ≫ Xr700 Firmware Version < 1.0.1.36
Netgear ≫ Ex6150v2 Firmware Version < 1.0.1.98
Netgear ≫ Ex7300 Firmware Version < 1.0.2.158
Netgear ≫ Ex7320 Firmware Version < 1.0.0.134
Netgear ≫ Ex6100v2 Firmware Version < 1.0.1.98
Netgear ≫ Ex6400 Firmware Version < 1.0.2.158
Netgear ≫ Ex7300v2 Firmware Version < 1.0.0.134
Netgear ≫ Ex6410 Firmware Version < 1.0.0.134
Netgear ≫ Rbr10 Firmware Version < 2.6.1.44
Netgear ≫ Rbr20 Firmware Version < 2.6.2.104
Netgear ≫ Rbr40 Firmware Version < 2.6.2.104
Netgear ≫ Rbr50 Firmware Version < 2.7.2.102
Netgear ≫ Ex6420 Firmware Version < 1.0.0.134
Netgear ≫ Rbs10 Firmware Version < 2.6.1.44
Netgear ≫ Rbs20 Firmware Version < 2.6.2.104
Netgear ≫ Rbs40 Firmware Version < 2.6.2.104
Netgear ≫ Rbs50 Firmware Version < 2.7.2.102
Netgear ≫ Ex6400v2 Firmware Version < 1.0.0.134
Netgear ≫ Rbk12 Firmware Version < 2.6.1.44
Netgear ≫ Rbk20 Firmware Version < 2.6.2.104
Netgear ≫ Rbk40 Firmware Version < 2.6.2.104
Netgear ≫ Rbk50 Firmware Version < 2.7.2.102
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.53% | 0.795 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 10 | 10 | 10 |
AV:N/AC:L/Au:N/C:C/I:C/A:C
|
| cve@mitre.org | 9.6 | 2.8 | 6 |
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
|
CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')
The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.