10
CVE-2021-45619
- EPSS 0.87%
- Veröffentlicht 26.12.2021 01:15:18
- Zuletzt bearbeitet 21.11.2024 06:32:41
- Quelle cve@mitre.org
- Teams Watchlist Login
- Unerledigt Login
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects EX6200v2 before 1.0.1.86, EX6250 before 1.0.0.134, EX7700 before 1.0.0.216, EX8000 before 1.0.1.232, LBR1020 before 2.6.3.58, LBR20 before 2.6.3.50, R7800 before 1.0.2.80, R8900 before 1.0.5.26, R9000 before 1.0.5.26, RBS50Y before 2.7.3.22, WNR2000v5 before 1.0.0.76, XR700 before 1.0.1.36, EX6150v2 before 1.0.1.98, EX7300 before 1.0.2.158, EX7320 before 1.0.0.134, RAX10 before 1.0.2.88, RAX120 before 1.2.0.16, RAX70 before 1.0.2.88, EX6100v2 before 1.0.1.98, EX6400 before 1.0.2.158, EX7300v2 before 1.0.0.134, R6700AX before 1.0.2.88, RAX120v2 before 1.2.0.16, RAX78 before 1.0.2.88, EX6410 before 1.0.0.134, RBR10 before 2.7.3.22, RBR20 before 2.7.3.22, RBR350 before 4.3.4.7, RBR40 before 2.7.3.22, RBR50 before 2.7.3.22, EX6420 before 1.0.0.134, RBS10 before 2.7.3.22, RBS20 before 2.7.3.22, RBS350 before 4.3.4.7, RBS40 before 2.7.3.22, RBS50 before 2.7.3.22, EX6400v2 before 1.0.0.134, RBK12 before 2.7.3.22, RBK20 before 2.7.3.22, RBK352 before 4.3.4.7, RBK40 before 2.7.3.22, and RBK50 before 2.7.3.22.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Netgear ≫ Ex6250 Firmware Version < 1.0.0.134
Netgear ≫ Ex7700 Firmware Version < 1.0.0.216
Netgear ≫ Ex8000 Firmware Version < 1.0.1.232
Netgear ≫ Lbr1020 Firmware Version < 2.6.3.58
Netgear ≫ Lbr20 Firmware Version < 2.6.3.50
Netgear ≫ R7800 Firmware Version < 1.0.2.80
Netgear ≫ R8900 Firmware Version < 1.0.5.26
Netgear ≫ Rbs50y Firmware Version < 2.7.3.22
Netgear ≫ Wnr2000v5 Firmware Version < 1.0.0.76
Netgear ≫ Xr700 Firmware Version < 1.0.1.36
Netgear ≫ Ex6150v2 Firmware Version < 1.0.1.98
Netgear ≫ Ex7300 Firmware Version < 1.0.2.158
Netgear ≫ Ex7320 Firmware Version < 1.0.0.134
Netgear ≫ Rax10 Firmware Version < 1.0.2.88
Netgear ≫ Rax120 Firmware Version < 1.2.0.16
Netgear ≫ Rax70 Firmware Version < 1.0.2.88
Netgear ≫ Ex6100v2 Firmware Version < 1.0.1.98
Netgear ≫ Ex6400 Firmware Version < 1.0.2.158
Netgear ≫ Ex7300v2 Firmware Version < 1.0.0.134
Netgear ≫ R6700ax Firmware Version < 1.0.2.88
Netgear ≫ Rax120v2 Firmware Version < 1.2.0.16
Netgear ≫ Rax78 Firmware Version < 1.0.2.88
Netgear ≫ Ex6410 Firmware Version < 1.0.0.134
Netgear ≫ Rbr10 Firmware Version < 2.7.3.22
Netgear ≫ Rbr20 Firmware Version < 2.7.3.22
Netgear ≫ Rbr350 Firmware Version < 4.3.4.7
Netgear ≫ Rbr40 Firmware Version < 2.7.3.22
Netgear ≫ Rbr50 Firmware Version < 2.7.3.22
Netgear ≫ Ex6420 Firmware Version < 1.0.0.134
Netgear ≫ Rbs10 Firmware Version < 2.7.3.22
Netgear ≫ Rbs20 Firmware Version < 2.7.3.22
Netgear ≫ Rbs350 Firmware Version < 4.3.4.7
Netgear ≫ Rbs40 Firmware Version < 2.7.3.22
Netgear ≫ Rbs50 Firmware Version < 2.7.3.22
Netgear ≫ Ex6400v2 Firmware Version < 1.0.0.134
Netgear ≫ Rbk12 Firmware Version < 2.7.3.22
Netgear ≫ Rbk20 Firmware Version < 2.7.3.22
Netgear ≫ Rbk352 Firmware Version < 4.3.4.7
Netgear ≫ Rbk40 Firmware Version < 2.7.3.22
Netgear ≫ Rbk50 Firmware Version < 2.7.3.22
Netgear ≫ Ex6200v2 Firmware Version < 1.0.1.86
Netgear ≫ R9000 Firmware Version < 1.0.5.26
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.87% | 0.742 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 10 | 10 | 10 |
AV:N/AC:L/Au:N/C:C/I:C/A:C
|
| cve@mitre.org | 9.6 | 2.8 | 6 |
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
|
CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')
The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.