CVE-2021-45658

EPSS 0.36%
Veröffentlicht 26.12.2021 01:15:20
Zuletzt bearbeitet 21.11.2024 06:32:48
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

Certain NETGEAR devices are affected by server-side injection. This affects D7800 before 1.0.1.58, DM200 before 1.0.0.66, EX2700 before 1.0.1.56, EX6150v2 before 1.0.1.86, EX6100v2 before 1.0.1.86, EX6200v2 before 1.0.1.78, EX6250 before 1.0.0.110, EX6410 before 1.0.0.110, EX6420 before 1.0.0.110, EX6400v2 before 1.0.0.110, EX7300 before 1.0.2.144, EX6400 before 1.0.2.144, EX7320 before 1.0.0.110, EX7300v2 before 1.0.0.110, R7500v2 before 1.0.3.48, R7800 before 1.0.2.68, R8900 before 1.0.5.2, R9000 before 1.0.5.2, RAX120 before 1.0.1.90, RBK40 before 2.5.1.16, RBK20 before 2.5.1.16, RBR20 before 2.5.1.16, RBS20 before 2.5.1.16, RBK50 before 2.5.1.16, RBR50 before 2.5.1.16, RBS50 before 2.5.1.16, RBS50Y before 2.6.1.40, WN3000RPv2 before 1.0.0.78, WN3000RPv3 before 1.0.2.80, WNR2000v5 before 1.0.0.72, XR500 before 2.3.2.56, and XR700 before 1.0.1.20.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Netgear ≫ D7800 Firmware Version < 1.0.1.58

Netgear ≫ D7800 Version-

Netgear ≫ Dm200 Firmware Version < 1.0.0.66

Netgear ≫ Dm200 Version-

Netgear ≫ Ex2700 Firmware Version < 1.0.1.56

Netgear ≫ Ex2700 Version-

Netgear ≫ Ex6150v2 Firmware Version < 1.0.1.86

Netgear ≫ Ex6150v2 Version-

Netgear ≫ Ex6100v2 Firmware Version < 1.0.1.86

Netgear ≫ Ex6100v2 Version-

Netgear ≫ Ex6200v2 Firmware Version < 1.0.1.78

Netgear ≫ Ex6200v2 Version-

Netgear ≫ Ex6250 Firmware Version < 1.0.0.110

Netgear ≫ Ex6250 Version-

Netgear ≫ Ex6410 Firmware Version < 1.0.0.110

Netgear ≫ Ex6410 Version-

Netgear ≫ Ex6420 Firmware Version < 1.0.0.110

Netgear ≫ Ex6420 Version-

Netgear ≫ Ex6400v2 Firmware Version < 1.0.0.110

Netgear ≫ Ex6400v2 Version-

Netgear ≫ Ex7300 Firmware Version < 1.0.2.144

Netgear ≫ Ex7300 Version-

Netgear ≫ Ex6400 Firmware Version < 1.0.2.144

Netgear ≫ Ex6400 Version-

Netgear ≫ Ex7320 Firmware Version < 1.0.0.110

Netgear ≫ Ex7320 Version-

Netgear ≫ Ex7300v2 Firmware Version < 1.0.0.110

Netgear ≫ Ex7300v2 Version-

Netgear ≫ R7500v2 Firmware Version < 1.0.3.48

Netgear ≫ R7500v2 Version-

Netgear ≫ R7800 Firmware Version < 1.0.2.68

Netgear ≫ R7800 Version-

Netgear ≫ R8900 Firmware Version < 1.0.5.2

Netgear ≫ R8900 Version-

Netgear ≫ R9000 Firmware Version < 1.0.5.2

Netgear ≫ R9000 Version-

Netgear ≫ Rax120 Firmware Version < 1.0.1.90

Netgear ≫ Rax120 Version-

Netgear ≫ Rbk40 Firmware Version < 2.5.1.16

Netgear ≫ Rbk40 Version-

Netgear ≫ Rbk20 Firmware Version < 2.5.1.16

Netgear ≫ Rbk20 Version-

Netgear ≫ Rbr20 Firmware Version < 2.5.1.16

Netgear ≫ Rbr20 Version-

Netgear ≫ Rbs20 Firmware Version < 2.5.1.16

Netgear ≫ Rbs20 Version-

Netgear ≫ Rbk50 Firmware Version < 2.5.1.16

Netgear ≫ Rbk50 Version-

Netgear ≫ Rbr50 Firmware Version < 2.5.1.16

Netgear ≫ Rbr50 Version-

Netgear ≫ Rbs50 Firmware Version < 2.5.1.16

Netgear ≫ Rbs50 Version-

Netgear ≫ Rbs50y Firmware Version < 2.6.1.40

Netgear ≫ Rbs50y Version-

Netgear ≫ Wn3000rpv2 Firmware Version < 1.0.0.78

Netgear ≫ Wn3000rpv2 Version-

Netgear ≫ Wn3000rpv3 Firmware Version < 1.0.2.80

Netgear ≫ Wn3000rpv3 Version-

Netgear ≫ Wnr2000v5 Firmware Version < 1.0.0.72

Netgear ≫ Wnr2000v5 Version-

Netgear ≫ Xr500 Firmware Version < 2.3.2.56

Netgear ≫ Xr500 Version-

Netgear ≫ Xr700 Firmware Version < 1.0.1.20

Netgear ≫ Xr700 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.36%	0.575

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P
cve@mitre.org	7.1	1.8	5.2	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.

https://kb.netgear.com/000064062/Security-Advisory-for-Server-Side-Injection-on-Some-Routers-Extenders-and-WiFi-Systems-PSV-2019-0125

Patch

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-45658

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-45658

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-45658

EUVD