9.8

CVE-2021-45658

Certain NETGEAR devices are affected by server-side injection. This affects D7800 before 1.0.1.58, DM200 before 1.0.0.66, EX2700 before 1.0.1.56, EX6150v2 before 1.0.1.86, EX6100v2 before 1.0.1.86, EX6200v2 before 1.0.1.78, EX6250 before 1.0.0.110, EX6410 before 1.0.0.110, EX6420 before 1.0.0.110, EX6400v2 before 1.0.0.110, EX7300 before 1.0.2.144, EX6400 before 1.0.2.144, EX7320 before 1.0.0.110, EX7300v2 before 1.0.0.110, R7500v2 before 1.0.3.48, R7800 before 1.0.2.68, R8900 before 1.0.5.2, R9000 before 1.0.5.2, RAX120 before 1.0.1.90, RBK40 before 2.5.1.16, RBK20 before 2.5.1.16, RBR20 before 2.5.1.16, RBS20 before 2.5.1.16, RBK50 before 2.5.1.16, RBR50 before 2.5.1.16, RBS50 before 2.5.1.16, RBS50Y before 2.6.1.40, WN3000RPv2 before 1.0.0.78, WN3000RPv3 before 1.0.2.80, WNR2000v5 before 1.0.0.72, XR500 before 2.3.2.56, and XR700 before 1.0.1.20.

Data is provided by the National Vulnerability Database (NVD)
NetgearD7800 Firmware Version < 1.0.1.58
   NetgearD7800 Version-
NetgearDm200 Firmware Version < 1.0.0.66
   NetgearDm200 Version-
NetgearEx2700 Firmware Version < 1.0.1.56
   NetgearEx2700 Version-
NetgearEx6150v2 Firmware Version < 1.0.1.86
   NetgearEx6150v2 Version-
NetgearEx6100v2 Firmware Version < 1.0.1.86
   NetgearEx6100v2 Version-
NetgearEx6200v2 Firmware Version < 1.0.1.78
   NetgearEx6200v2 Version-
NetgearEx6250 Firmware Version < 1.0.0.110
   NetgearEx6250 Version-
NetgearEx6410 Firmware Version < 1.0.0.110
   NetgearEx6410 Version-
NetgearEx6420 Firmware Version < 1.0.0.110
   NetgearEx6420 Version-
NetgearEx6400v2 Firmware Version < 1.0.0.110
   NetgearEx6400v2 Version-
NetgearEx7300 Firmware Version < 1.0.2.144
   NetgearEx7300 Version-
NetgearEx6400 Firmware Version < 1.0.2.144
   NetgearEx6400 Version-
NetgearEx7320 Firmware Version < 1.0.0.110
   NetgearEx7320 Version-
NetgearEx7300v2 Firmware Version < 1.0.0.110
   NetgearEx7300v2 Version-
NetgearR7500v2 Firmware Version < 1.0.3.48
   NetgearR7500v2 Version-
NetgearR7800 Firmware Version < 1.0.2.68
   NetgearR7800 Version-
NetgearR8900 Firmware Version < 1.0.5.2
   NetgearR8900 Version-
NetgearR9000 Firmware Version < 1.0.5.2
   NetgearR9000 Version-
NetgearRax120 Firmware Version < 1.0.1.90
   NetgearRax120 Version-
NetgearRbk40 Firmware Version < 2.5.1.16
   NetgearRbk40 Version-
NetgearRbk20 Firmware Version < 2.5.1.16
   NetgearRbk20 Version-
NetgearRbr20 Firmware Version < 2.5.1.16
   NetgearRbr20 Version-
NetgearRbs20 Firmware Version < 2.5.1.16
   NetgearRbs20 Version-
NetgearRbk50 Firmware Version < 2.5.1.16
   NetgearRbk50 Version-
NetgearRbr50 Firmware Version < 2.5.1.16
   NetgearRbr50 Version-
NetgearRbs50 Firmware Version < 2.5.1.16
   NetgearRbs50 Version-
NetgearRbs50y Firmware Version < 2.6.1.40
   NetgearRbs50y Version-
NetgearWn3000rpv2 Firmware Version < 1.0.0.78
   NetgearWn3000rpv2 Version-
NetgearWn3000rpv3 Firmware Version < 1.0.2.80
   NetgearWn3000rpv3 Version-
NetgearWnr2000v5 Firmware Version < 1.0.0.72
   NetgearWnr2000v5 Version-
NetgearXr500 Firmware Version < 2.3.2.56
   NetgearXr500 Version-
NetgearXr700 Firmware Version < 1.0.1.20
   NetgearXr700 Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.36% 0.575
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
cve@mitre.org 7.1 1.8 5.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.