CVE-2021-45548

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D7800 before 1.0.1.60, DM200 before 1.0.0.66, EX2700 before 1.0.1.56, EX6150v2 before 1.0.1.86, EX6200v2 before 1.0.1.86, EX6250 before 1.0.0.128, EX6400 before 1.0.2.144, EX6400v2 before 1.0.0.128, EX6410 before 1.0.0.128, EX6420 before 1.0.0.128, EX7300 before 1.0.2.144, EX7300v2 before 1.0.0.128, EX7320 before 1.0.0.128, R7500v2 before 1.0.3.46, R7800 before 1.0.2.74, R8900 before 1.0.5.26, R9000 before 1.0.5.2, RAX120 before 1.0.1.128, WN3000RPv2 before 1.0.0.78, WN3000RPv3 before 1.0.2.80, WNR2000v5 before 1.0.0.74, XR500 before 2.3.2.66, RBK20 before 2.7.3.22, RBR20 before 2.7.3.22, RBS20 before 2.7.3.22, RBK40 before 2.7.3.22, RBR40 before 2.7.3.22, and RBS40 before 2.7.3.22.

CVSS v3.0 8.8 HIGH
CVSS v2.0 6.5 MEDIUM

8.8^/10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

6.5^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:S/C:P/I:P/A:P

Exploitability : 8.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://kb.netgear.com/000064450/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Routers-Extenders-and-WiFi-Systems-PSV-2019-0207	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:netgear:d7800_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:d7800:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:netgear:dm200_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:dm200:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:netgear:ex2700_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:ex2700:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:netgear:ex6150v2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:ex6150v2:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:netgear:ex6200v2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:ex6200v2:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:netgear:ex6250_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:ex6250:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:netgear:ex6400_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:ex6400:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:netgear:ex6400v2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:ex6400v2:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:netgear:ex6410_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:ex6410:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:netgear:ex6420_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:ex6420:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND

cpe:2.3:o:netgear:ex7300_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:ex7300:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND

cpe:2.3:o:netgear:ex7300v2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:ex7300v2:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND

cpe:2.3:o:netgear:ex7320_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:ex7320:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND

cpe:2.3:o:netgear:r7500v2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:r7500v2:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND

cpe:2.3:o:netgear:r7800_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:r7800:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND

cpe:2.3:o:netgear:r8900_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:r8900:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND

cpe:2.3:o:netgear:r9000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:r9000:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND

cpe:2.3:o:netgear:rax120_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:rax120:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND

cpe:2.3:o:netgear:wn3000rpv2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:wn3000rpv2:-:*:*:*:*:*:*:*

Configuration 20 (hide)

AND

cpe:2.3:o:netgear:wn3000rpv3_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:wn3000rpv3:-:*:*:*:*:*:*:*

Configuration 21 (hide)

AND

cpe:2.3:o:netgear:wnr2000v5_firmware:*:*:*:*:*:*:*:*

cpe:2.3:o:netgear:wnr2000v5_firmware:-:*:*:*:*:*:*:*

Configuration 22 (hide)

AND

cpe:2.3:o:netgear:xr500_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:xr500:-:*:*:*:*:*:*:*

Configuration 23 (hide)

AND

cpe:2.3:o:netgear:rbk20_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:rbk20:-:*:*:*:*:*:*:*

Configuration 24 (hide)

AND

cpe:2.3:o:netgear:rbr20_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:rbr20:-:*:*:*:*:*:*:*

Configuration 25 (hide)

AND

cpe:2.3:o:netgear:rbs20_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:rbs20:-:*:*:*:*:*:*:*

Configuration 26 (hide)

AND

cpe:2.3:o:netgear:rbk40_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:rbk40:-:*:*:*:*:*:*:*

Configuration 27 (hide)

AND

cpe:2.3:o:netgear:rbr40_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:rbr40:-:*:*:*:*:*:*:*

Configuration 28 (hide)

AND

cpe:2.3:o:netgear:rbs40_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:rbs40:-:*:*:*:*:*:*:*

Information

Published : 2021-12-25 17:15

Updated : 2022-01-10 08:06

NVD link : CVE-2021-45548

Mitre link : CVE-2021-45548

JSON object : View

CWE

CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')

Products Affected

netgear

ex6400v2
rbk40_firmware
dm200
wn3000rpv2
rbk20_firmware
r7800
ex6150v2_firmware
r9000_firmware
ex6400
ex6200v2_firmware
ex2700
ex6150v2
r8900
rbs40_firmware
rbr40_firmware
wn3000rpv2_firmware
rbs20_firmware
wn3000rpv3_firmware
d7800_firmware
r7800_firmware
xr500_firmware
d7800
wn3000rpv3
ex7300_firmware
rbk40
ex2700_firmware
ex6200v2
ex7300v2
rbr40
ex6420_firmware
ex6420
ex6400v2_firmware
dm200_firmware
r7500v2
r8900_firmware
rax120_firmware
rbr20
ex6410
rax120
rbs20
ex7300
r7500v2_firmware
wnr2000v5_firmware
ex6250
ex6400_firmware
xr500
ex7320
r9000
ex6410_firmware
ex7320_firmware
ex7300v2_firmware
rbr20_firmware
ex6250_firmware
rbs40
rbk20

8.8 /10