Details of VAR-202103-1273

ID

VAR-202103-1273

CVE

CVE-2021-29070

TITLE

plural NETGEAR Command injection vulnerabilities in the product

Trust: 0.8

sources: JVNDB: JVNDB-2021-004910

DESCRIPTION

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK852 before 3.2.17.12, RBK853 before 3.2.17.12, RBK854 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12. plural NETGEAR The product contains a command injection vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. This affects RBK852 prior to 3.2.17.12, RBK853 prior to 3.2.17.12, RBK854 prior to 3.2.17.12, RBR850 prior to 3.2.17.12, and RBS850 prior to 3.2.17.12

Trust: 1.71

sources: NVD: CVE-2021-29070 // JVNDB: JVNDB-2021-004910 // VULMON: CVE-2021-29070

AFFECTED PRODUCTS

vendor:	netgear	model:	rbk853	scope:	lt	version:	3.2.17.12	Trust: 1.0
vendor:	netgear	model:	rbr850	scope:	lt	version:	3.2.17.12	Trust: 1.0
vendor:	netgear	model:	rbs850	scope:	lt	version:	3.2.17.12	Trust: 1.0
vendor:	netgear	model:	rbk852	scope:	lt	version:	3.2.17.12	Trust: 1.0
vendor:	netgear	model:	rbk854	scope:	lt	version:	3.2.17.12	Trust: 1.0
vendor:	ネットギア	model:	rbk854	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	rbk852	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	rbs850	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	rbr850	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	rbk853	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-004910 // NVD: CVE-2021-29070

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-29070
value:	HIGH
Trust: 1.0
cve@mitre.org:	CVE-2021-29070
value:	HIGH
Trust: 1.0
NVD:	CVE-2021-29070
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202103-1358
value:	HIGH
Trust: 0.6
VULMON:	CVE-2021-29070
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-29070
severity:	MEDIUM
baseScore:	5.2
vectorString:	AV:A/AC:L/AU:S/C:P/I:P/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	5.1
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9

nvd@nist.gov:	CVE-2021-29070
baseSeverity:	HIGH
baseScore:	8.4
vectorString:	CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.7
impactScore:	6.0
version:	3.1
Trust: 2.0
OTHER:	JVNDB-2021-004910
baseSeverity:	HIGH
baseScore:	8.4
vectorString:	CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
attackVector:	ADJACENT NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULMON: CVE-2021-29070 // JVNDB: JVNDB-2021-004910 // CNNVD: CNNVD-202103-1358 // NVD: CVE-2021-29070 // NVD: CVE-2021-29070

PROBLEMTYPE DATA

problemtype:	CWE-77	Trust: 1.0
problemtype:	Command injection (CWE-77) [NVD Evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-004910 // NVD: CVE-2021-29070

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202103-1358

TYPE

command injection

Trust: 0.6

sources: CNNVD: CNNVD-202103-1358

PATCH

title:	Security Advisory for Post-Authentication Command Injection on Some WiFi Routers, PSV-2020-0530	url:	https://kb.netgear.com/000063019/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-WiFi-Routers-PSV-2020-0530	Trust: 0.8
title:	Netgear NETGEAR Fixes for command injection vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=145680	Trust: 0.6

sources: JVNDB: JVNDB-2021-004910 // CNNVD: CNNVD-202103-1358

EXTERNAL IDS

db:	NVD	id:	CVE-2021-29070	Trust: 2.5
db:	JVNDB	id:	JVNDB-2021-004910	Trust: 0.8
db:	CNNVD	id:	CNNVD-202103-1358	Trust: 0.6
db:	VULMON	id:	CVE-2021-29070	Trust: 0.1

sources: VULMON: CVE-2021-29070 // JVNDB: JVNDB-2021-004910 // CNNVD: CNNVD-202103-1358 // NVD: CVE-2021-29070

REFERENCES

url:	https://kb.netgear.com/000063019/security-advisory-for-post-authentication-command-injection-on-some-wifi-routers-psv-2020-0530	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2021-29070	Trust: 1.4
url:	https://cwe.mitre.org/data/definitions/77.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULMON: CVE-2021-29070 // JVNDB: JVNDB-2021-004910 // CNNVD: CNNVD-202103-1358 // NVD: CVE-2021-29070

SOURCES

db:	VULMON	id:	CVE-2021-29070
db:	JVNDB	id:	JVNDB-2021-004910
db:	CNNVD	id:	CNNVD-202103-1358
db:	NVD	id:	CVE-2021-29070

LAST UPDATE DATE

2024-11-23T22:11:05.212000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2021-29070	date:	2021-03-26T00:00:00
db:	JVNDB	id:	JVNDB-2021-004910	date:	2021-12-02T06:31:00
db:	CNNVD	id:	CNNVD-202103-1358	date:	2021-03-30T00:00:00
db:	NVD	id:	CVE-2021-29070	date:	2024-11-21T06:00:38.747

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2021-29070	date:	2021-03-23T00:00:00
db:	JVNDB	id:	JVNDB-2021-004910	date:	2021-12-02T00:00:00
db:	CNNVD	id:	CNNVD-202103-1358	date:	2021-03-23T00:00:00
db:	NVD	id:	CVE-2021-29070	date:	2021-03-23T07:15:13.483