Details of VAR-202103-1272

ID

VAR-202103-1272

CVE

CVE-2021-29069

TITLE

plural NETGEAR Command injection vulnerabilities in the product

Trust: 0.8

sources: JVNDB: JVNDB-2021-004911

DESCRIPTION

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects XR450 before 2.3.2.114, XR500 before 2.3.2.114, and WNR2000v5 before 1.0.0.76. plural NETGEAR The product contains a command injection vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. This affects XR450 prior to 2.3.2.114, XR500 prior to 2.3.2.114, and WNR2000v5 prior to 1.0.0.76

Trust: 1.71

sources: NVD: CVE-2021-29069 // JVNDB: JVNDB-2021-004911 // VULMON: CVE-2021-29069

AFFECTED PRODUCTS

vendor:	netgear	model:	wnr2000v5	scope:	lt	version:	1.0.0.76	Trust: 1.0
vendor:	netgear	model:	xr500	scope:	lt	version:	2.3.2.114	Trust: 1.0
vendor:	netgear	model:	xr450	scope:	lt	version:	2.3.2.114	Trust: 1.0
vendor:	ネットギア	model:	wnr2000v5	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	xr450	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	xr500	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-004911 // NVD: CVE-2021-29069

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-29069
value:	HIGH
Trust: 1.0
cve@mitre.org:	CVE-2021-29069
value:	HIGH
Trust: 1.0
NVD:	CVE-2021-29069
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202103-1357
value:	HIGH
Trust: 0.6
VULMON:	CVE-2021-29069
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-29069
severity:	MEDIUM
baseScore:	5.2
vectorString:	AV:A/AC:L/AU:S/C:P/I:P/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	5.1
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9

nvd@nist.gov:	CVE-2021-29069
baseSeverity:	HIGH
baseScore:	8.4
vectorString:	CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.7
impactScore:	6.0
version:	3.1
Trust: 1.0
cve@mitre.org:	CVE-2021-29069
baseSeverity:	HIGH
baseScore:	7.3
vectorString:	CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	HIGH
privilegesRequired:	HIGH
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	0.7
impactScore:	6.0
version:	3.1
Trust: 1.0
NVD:	CVE-2021-29069
baseSeverity:	HIGH
baseScore:	8.4
vectorString:	CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
attackVector:	ADJACENT NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULMON: CVE-2021-29069 // JVNDB: JVNDB-2021-004911 // CNNVD: CNNVD-202103-1357 // NVD: CVE-2021-29069 // NVD: CVE-2021-29069

PROBLEMTYPE DATA

problemtype:	CWE-77	Trust: 1.0
problemtype:	Command injection (CWE-77) [NVD Evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-004911 // NVD: CVE-2021-29069

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202103-1357

TYPE

command injection

Trust: 0.6

sources: CNNVD: CNNVD-202103-1357

PATCH

title:	Security Advisory for Post-Authentication Command Injection on Some Routers, PSV-2020-0595	url:	https://kb.netgear.com/000063023/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Routers-PSV-2020-0595	Trust: 0.8
title:	Multiple Netgear Product Command Injection Vulnerability Fixes	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=145679	Trust: 0.6

sources: JVNDB: JVNDB-2021-004911 // CNNVD: CNNVD-202103-1357

EXTERNAL IDS

db:	NVD	id:	CVE-2021-29069	Trust: 2.5
db:	JVNDB	id:	JVNDB-2021-004911	Trust: 0.8
db:	CNNVD	id:	CNNVD-202103-1357	Trust: 0.6
db:	VULMON	id:	CVE-2021-29069	Trust: 0.1

sources: VULMON: CVE-2021-29069 // JVNDB: JVNDB-2021-004911 // CNNVD: CNNVD-202103-1357 // NVD: CVE-2021-29069

REFERENCES

url:	https://kb.netgear.com/000063023/security-advisory-for-post-authentication-command-injection-on-some-routers-psv-2020-0595	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2021-29069	Trust: 1.4
url:	https://cwe.mitre.org/data/definitions/77.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULMON: CVE-2021-29069 // JVNDB: JVNDB-2021-004911 // CNNVD: CNNVD-202103-1357 // NVD: CVE-2021-29069

SOURCES

db:	VULMON	id:	CVE-2021-29069
db:	JVNDB	id:	JVNDB-2021-004911
db:	CNNVD	id:	CNNVD-202103-1357
db:	NVD	id:	CVE-2021-29069

LAST UPDATE DATE

2024-11-23T22:44:14.893000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2021-29069	date:	2021-03-26T00:00:00
db:	JVNDB	id:	JVNDB-2021-004911	date:	2021-12-02T06:37:00
db:	CNNVD	id:	CNNVD-202103-1357	date:	2021-03-30T00:00:00
db:	NVD	id:	CVE-2021-29069	date:	2024-11-21T06:00:38.587

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2021-29069	date:	2021-03-23T00:00:00
db:	JVNDB	id:	JVNDB-2021-004911	date:	2021-12-02T00:00:00
db:	CNNVD	id:	CNNVD-202103-1357	date:	2021-03-23T00:00:00
db:	NVD	id:	CVE-2021-29069	date:	2021-03-23T07:15:13.390