CVE-2021-45548

Severity Score

8.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D7800 before 1.0.1.60, DM200 before 1.0.0.66, EX2700 before 1.0.1.56, EX6150v2 before 1.0.1.86, EX6200v2 before 1.0.1.86, EX6250 before 1.0.0.128, EX6400 before 1.0.2.144, EX6400v2 before 1.0.0.128, EX6410 before 1.0.0.128, EX6420 before 1.0.0.128, EX7300 before 1.0.2.144, EX7300v2 before 1.0.0.128, EX7320 before 1.0.0.128, R7500v2 before 1.0.3.46, R7800 before 1.0.2.74, R8900 before 1.0.5.26, R9000 before 1.0.5.2, RAX120 before 1.0.1.128, WN3000RPv2 before 1.0.0.78, WN3000RPv3 before 1.0.2.80, WNR2000v5 before 1.0.0.74, XR500 before 2.3.2.66, RBK20 before 2.7.3.22, RBR20 before 2.7.3.22, RBS20 before 2.7.3.22, RBK40 before 2.7.3.22, RBR40 before 2.7.3.22, and RBS40 before 2.7.3.22.

Determinados dispositivos NETGEAR están afectados por una inyección de comandos por parte de un usuario autenticado. Esto afecta a D7800 versiones anteriores a 1.0.1.60, DM200 versiones anteriores a 1.0.0.66, EX2700 versiones anteriores a 1.0.1.56, EX6150v2 versiones anteriores a 1.0.1.86, EX6200v2 versiones anteriores a 1.0.1.86, EX6250 versiones anteriores a 1.0.0.128, EX6400 versiones anteriores a 1.0. 2.144, EX6400v2 versiones anteriores a 1.0.0.128, EX6410 versiones anteriores a 1.0.0.128, EX6420 versiones anteriores a 1.0.0.128, EX7300 versiones anteriores a 1.0.2.144, EX7300v2 versiones anteriores a 1.0.0.128, EX7320 versiones anteriores a 1.0.0.128, R7500v2 versiones anteriores a 1. 0.3.46, R7800 versiones anteriores a 1.0.2.74, R8900 versiones anteriores a 1.0.5.26, R9000 versiones anteriores a 1.0.5.2, RAX120 versiones anteriores a 1.0.1.128, WN3000RPv2 versiones anteriores a 1.0.0.78, WN3000RPv3 versiones anteriores a 1.0.2.80, WNR2000v5 versiones anteriores a 1. 0.0.74, XR500 versiones anteriores a 2.3.2.66, RBK20 versiones anteriores a 2.7.3.22, RBR20 versiones anteriores a 2.7.3.22, RBS20 versiones anteriores a 2.7.3.22, RBK40 versiones anteriores a 2.7.3.22, RBR40 versiones anteriores a 2.7.3.22 y RBS40 versiones anteriores a 2.7.3.22

*Credits: N/A

CVSS Scores

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Local

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

Low

Attack Vector

Local

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

Low

Attack Vector

Network

Attack Complexity

Low

Authentication

Single

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2021-12-25 CVE Reserved
2021-12-26 CVE Published
2024-08-04 CVE Updated
2024-10-06 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')

CAPEC

References (1)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC
https://kb.netgear.com/000064450/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Routers-Extenders-and-WiFi-Systems-PSV-2019-0207	2022-01-10

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Netgear Search vendor "Netgear"	D7800 Firmware Search vendor "Netgear" for product "D7800 Firmware"	< 1.0.1.60 Search vendor "Netgear" for product "D7800 Firmware" and version " < 1.0.1.60"	-	Affected	in	Netgear Search vendor "Netgear"	D7800 Search vendor "Netgear" for product "D7800"	-	-	Safe
Netgear Search vendor "Netgear"	Dm200 Firmware Search vendor "Netgear" for product "Dm200 Firmware"	< 1.0.0.66 Search vendor "Netgear" for product "Dm200 Firmware" and version " < 1.0.0.66"	-	Affected	in	Netgear Search vendor "Netgear"	Dm200 Search vendor "Netgear" for product "Dm200"	-	-	Safe
Netgear Search vendor "Netgear"	Ex2700 Firmware Search vendor "Netgear" for product "Ex2700 Firmware"	< 1.0.1.56 Search vendor "Netgear" for product "Ex2700 Firmware" and version " < 1.0.1.56"	-	Affected	in	Netgear Search vendor "Netgear"	Ex2700 Search vendor "Netgear" for product "Ex2700"	-	-	Safe
Netgear Search vendor "Netgear"	Ex6150v2 Firmware Search vendor "Netgear" for product "Ex6150v2 Firmware"	< 1.0.1.86 Search vendor "Netgear" for product "Ex6150v2 Firmware" and version " < 1.0.1.86"	-	Affected	in	Netgear Search vendor "Netgear"	Ex6150v2 Search vendor "Netgear" for product "Ex6150v2"	-	-	Safe
Netgear Search vendor "Netgear"	Ex6200v2 Firmware Search vendor "Netgear" for product "Ex6200v2 Firmware"	< 1.0.1.86 Search vendor "Netgear" for product "Ex6200v2 Firmware" and version " < 1.0.1.86"	-	Affected	in	Netgear Search vendor "Netgear"	Ex6200v2 Search vendor "Netgear" for product "Ex6200v2"	-	-	Safe
Netgear Search vendor "Netgear"	Ex6250 Firmware Search vendor "Netgear" for product "Ex6250 Firmware"	< 1.0.0.128 Search vendor "Netgear" for product "Ex6250 Firmware" and version " < 1.0.0.128"	-	Affected	in	Netgear Search vendor "Netgear"	Ex6250 Search vendor "Netgear" for product "Ex6250"	-	-	Safe
Netgear Search vendor "Netgear"	Ex6400 Firmware Search vendor "Netgear" for product "Ex6400 Firmware"	< 1.0.2.144 Search vendor "Netgear" for product "Ex6400 Firmware" and version " < 1.0.2.144"	-	Affected	in	Netgear Search vendor "Netgear"	Ex6400 Search vendor "Netgear" for product "Ex6400"	-	-	Safe
Netgear Search vendor "Netgear"	Ex6400v2 Firmware Search vendor "Netgear" for product "Ex6400v2 Firmware"	< 1.0.0.128 Search vendor "Netgear" for product "Ex6400v2 Firmware" and version " < 1.0.0.128"	-	Affected	in	Netgear Search vendor "Netgear"	Ex6400v2 Search vendor "Netgear" for product "Ex6400v2"	-	-	Safe
Netgear Search vendor "Netgear"	Ex6410 Firmware Search vendor "Netgear" for product "Ex6410 Firmware"	< 1.0.0.128 Search vendor "Netgear" for product "Ex6410 Firmware" and version " < 1.0.0.128"	-	Affected	in	Netgear Search vendor "Netgear"	Ex6410 Search vendor "Netgear" for product "Ex6410"	-	-	Safe
Netgear Search vendor "Netgear"	Ex6420 Firmware Search vendor "Netgear" for product "Ex6420 Firmware"	< 1.0.0.128 Search vendor "Netgear" for product "Ex6420 Firmware" and version " < 1.0.0.128"	-	Affected	in	Netgear Search vendor "Netgear"	Ex6420 Search vendor "Netgear" for product "Ex6420"	-	-	Safe
Netgear Search vendor "Netgear"	Ex7300 Firmware Search vendor "Netgear" for product "Ex7300 Firmware"	< 1.0.2.144 Search vendor "Netgear" for product "Ex7300 Firmware" and version " < 1.0.2.144"	-	Affected	in	Netgear Search vendor "Netgear"	Ex7300 Search vendor "Netgear" for product "Ex7300"	-	-	Safe
Netgear Search vendor "Netgear"	Ex7300v2 Firmware Search vendor "Netgear" for product "Ex7300v2 Firmware"	< 1.0.0.128 Search vendor "Netgear" for product "Ex7300v2 Firmware" and version " < 1.0.0.128"	-	Affected	in	Netgear Search vendor "Netgear"	Ex7300v2 Search vendor "Netgear" for product "Ex7300v2"	-	-	Safe
Netgear Search vendor "Netgear"	Ex7320 Firmware Search vendor "Netgear" for product "Ex7320 Firmware"	< 1.0.0.128 Search vendor "Netgear" for product "Ex7320 Firmware" and version " < 1.0.0.128"	-	Affected	in	Netgear Search vendor "Netgear"	Ex7320 Search vendor "Netgear" for product "Ex7320"	-	-	Safe
Netgear Search vendor "Netgear"	R7500v2 Firmware Search vendor "Netgear" for product "R7500v2 Firmware"	< 1.0.3.46 Search vendor "Netgear" for product "R7500v2 Firmware" and version " < 1.0.3.46"	-	Affected	in	Netgear Search vendor "Netgear"	R7500v2 Search vendor "Netgear" for product "R7500v2"	-	-	Safe
Netgear Search vendor "Netgear"	R7800 Firmware Search vendor "Netgear" for product "R7800 Firmware"	< 1.0.2.74 Search vendor "Netgear" for product "R7800 Firmware" and version " < 1.0.2.74"	-	Affected	in	Netgear Search vendor "Netgear"	R7800 Search vendor "Netgear" for product "R7800"	-	-	Safe
Netgear Search vendor "Netgear"	R8900 Firmware Search vendor "Netgear" for product "R8900 Firmware"	< 1.0.5.26 Search vendor "Netgear" for product "R8900 Firmware" and version " < 1.0.5.26"	-	Affected	in	Netgear Search vendor "Netgear"	R8900 Search vendor "Netgear" for product "R8900"	-	-	Safe
Netgear Search vendor "Netgear"	R9000 Firmware Search vendor "Netgear" for product "R9000 Firmware"	< 1.0.5.2 Search vendor "Netgear" for product "R9000 Firmware" and version " < 1.0.5.2"	-	Affected	in	Netgear Search vendor "Netgear"	R9000 Search vendor "Netgear" for product "R9000"	-	-	Safe
Netgear Search vendor "Netgear"	Rax120 Firmware Search vendor "Netgear" for product "Rax120 Firmware"	< 1.0.1.128 Search vendor "Netgear" for product "Rax120 Firmware" and version " < 1.0.1.128"	-	Affected	in	Netgear Search vendor "Netgear"	Rax120 Search vendor "Netgear" for product "Rax120"	-	-	Safe
Netgear Search vendor "Netgear"	Wn3000rpv2 Firmware Search vendor "Netgear" for product "Wn3000rpv2 Firmware"	< 1.0.0.78 Search vendor "Netgear" for product "Wn3000rpv2 Firmware" and version " < 1.0.0.78"	-	Affected	in	Netgear Search vendor "Netgear"	Wn3000rpv2 Search vendor "Netgear" for product "Wn3000rpv2"	-	-	Safe
Netgear Search vendor "Netgear"	Wn3000rpv3 Firmware Search vendor "Netgear" for product "Wn3000rpv3 Firmware"	< 1.0.2.80 Search vendor "Netgear" for product "Wn3000rpv3 Firmware" and version " < 1.0.2.80"	-	Affected	in	Netgear Search vendor "Netgear"	Wn3000rpv3 Search vendor "Netgear" for product "Wn3000rpv3"	-	-	Safe
Netgear Search vendor "Netgear"	Wnr2000v5 Firmware Search vendor "Netgear" for product "Wnr2000v5 Firmware"	< 1.0.0.74 Search vendor "Netgear" for product "Wnr2000v5 Firmware" and version " < 1.0.0.74"	-	Affected	in	Netgear Search vendor "Netgear"	Wnr2000v5 Firmware Search vendor "Netgear" for product "Wnr2000v5 Firmware"	-	-	Safe
Netgear Search vendor "Netgear"	Xr500 Firmware Search vendor "Netgear" for product "Xr500 Firmware"	< 2.3.2.66 Search vendor "Netgear" for product "Xr500 Firmware" and version " < 2.3.2.66"	-	Affected	in	Netgear Search vendor "Netgear"	Xr500 Search vendor "Netgear" for product "Xr500"	-	-	Safe
Netgear Search vendor "Netgear"	Rbk20 Firmware Search vendor "Netgear" for product "Rbk20 Firmware"	< 2.7.3.22 Search vendor "Netgear" for product "Rbk20 Firmware" and version " < 2.7.3.22"	-	Affected	in	Netgear Search vendor "Netgear"	Rbk20 Search vendor "Netgear" for product "Rbk20"	-	-	Safe
Netgear Search vendor "Netgear"	Rbr20 Firmware Search vendor "Netgear" for product "Rbr20 Firmware"	< 2.7.3.22 Search vendor "Netgear" for product "Rbr20 Firmware" and version " < 2.7.3.22"	-	Affected	in	Netgear Search vendor "Netgear"	Rbr20 Search vendor "Netgear" for product "Rbr20"	-	-	Safe
Netgear Search vendor "Netgear"	Rbs20 Firmware Search vendor "Netgear" for product "Rbs20 Firmware"	< 2.7.3.22 Search vendor "Netgear" for product "Rbs20 Firmware" and version " < 2.7.3.22"	-	Affected	in	Netgear Search vendor "Netgear"	Rbs20 Search vendor "Netgear" for product "Rbs20"	-	-	Safe
Netgear Search vendor "Netgear"	Rbk40 Firmware Search vendor "Netgear" for product "Rbk40 Firmware"	< 2.7.3.22 Search vendor "Netgear" for product "Rbk40 Firmware" and version " < 2.7.3.22"	-	Affected	in	Netgear Search vendor "Netgear"	Rbk40 Search vendor "Netgear" for product "Rbk40"	-	-	Safe
Netgear Search vendor "Netgear"	Rbr40 Firmware Search vendor "Netgear" for product "Rbr40 Firmware"	< 2.7.3.22 Search vendor "Netgear" for product "Rbr40 Firmware" and version " < 2.7.3.22"	-	Affected	in	Netgear Search vendor "Netgear"	Rbr40 Search vendor "Netgear" for product "Rbr40"	-	-	Safe
Netgear Search vendor "Netgear"	Rbs40 Firmware Search vendor "Netgear" for product "Rbs40 Firmware"	< 2.7.3.22 Search vendor "Netgear" for product "Rbs40 Firmware" and version " < 2.7.3.22"	-	Affected	in	Netgear Search vendor "Netgear"	Rbs40 Search vendor "Netgear" for product "Rbs40"	-	-	Safe