Sign-up

ID

VAR-202103-1274


CVE

CVE-2021-29071


TITLE

plural  NETGEAR  Command injection vulnerabilities in devices

Trust: 0.8

sources: JVNDB: JVNDB-2021-004577

DESCRIPTION

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK852 before 3.2.17.12, RBK853 before 3.2.17.12, RBK854 before 3.2.17.12, RBR850 before 3.2.17.12, RBS850 before 3.2.17.12, RBR752 before 3.2.17.12, RBR753 before 3.2.17.12, RBR753S before 3.2.17.12, RBR754 before 3.2.17.12, RBR750 before 3.2.17.12, and RBS750 before 3.2.17.12. plural NETGEAR A command injection vulnerability exists in the device.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. This affects RBK852 prior to 3.2.17.12, RBK853 prior to 3.2.17.12, RBK854 prior to 3.2.17.12, RBR850 prior to 3.2.17.12, RBS850 prior to 3.2.17.12, RBR752 prior to 3.2.17.12, RBR753 prior to 3.2.17.12, RBR753S prior to 3.2.17.12, RBR754 prior to 3.2.17.12, RBR750 prior to 3.2.17.12, and RBS750 prior to 3.2.17.12

Trust: 1.71

sources: NVD: CVE-2021-29071 // JVNDB: JVNDB-2021-004577 // VULMON: CVE-2021-29071

AFFECTED PRODUCTS

vendor:netgearmodel:rbr754scope:ltversion:3.2.17.12

Trust: 1.0

vendor:netgearmodel:rbr750scope:ltversion:3.2.17.12

Trust: 1.0

vendor:netgearmodel:rbr753scope:ltversion:3.2.17.12

Trust: 1.0

vendor:netgearmodel:rbs850scope:ltversion:3.2.17.12

Trust: 1.0

vendor:netgearmodel:rbr850scope:ltversion:3.2.17.12

Trust: 1.0

vendor:netgearmodel:rbk852scope:ltversion:3.2.17.12

Trust: 1.0

vendor:netgearmodel:rbr753sscope:ltversion:3.2.17.12

Trust: 1.0

vendor:netgearmodel:rbs750scope:ltversion:3.2.17.12

Trust: 1.0

vendor:netgearmodel:rbr752scope:ltversion:3.2.17.12

Trust: 1.0

vendor:netgearmodel:rbk853scope:ltversion:3.2.17.12

Trust: 1.0

vendor:netgearmodel:rbk854scope:ltversion:3.2.17.12

Trust: 1.0

vendor:ネットギアmodel:rbk852scope: - version: -

Trust: 0.8

vendor:ネットギアmodel:rbk853scope: - version: -

Trust: 0.8

vendor:ネットギアmodel:rbr753sscope: - version: -

Trust: 0.8

vendor:ネットギアmodel:rbk854scope: - version: -

Trust: 0.8

vendor:ネットギアmodel:rbr753scope: - version: -

Trust: 0.8

vendor:ネットギアmodel:rbr850scope: - version: -

Trust: 0.8

vendor:ネットギアmodel:rbr754scope: - version: -

Trust: 0.8

vendor:ネットギアmodel:rbr750scope: - version: -

Trust: 0.8

vendor:ネットギアmodel:rbr752scope: - version: -

Trust: 0.8

vendor:ネットギアmodel:rbs850scope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-004577 // NVD: CVE-2021-29071

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-29071
value: CRITICAL

Trust: 1.0

cve@mitre.org: CVE-2021-29071
value: CRITICAL

Trust: 1.0

NVD: CVE-2021-29071
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-202103-1355
value: CRITICAL

Trust: 0.6

VULMON: CVE-2021-29071
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-29071
severity: MEDIUM
baseScore: 5.2
vectorString: AV:A/AC:L/AU:S/C:P/I:P/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 5.1
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

nvd@nist.gov: CVE-2021-29071
baseSeverity: CRITICAL
baseScore: 9.0
vectorString: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.3
impactScore: 6.0
version: 3.1

Trust: 1.0

cve@mitre.org: CVE-2021-29071
baseSeverity: CRITICAL
baseScore: 9.6
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 6.0
version: 3.1

Trust: 1.0

NVD: CVE-2021-29071
baseSeverity: CRITICAL
baseScore: 9.0
vectorString: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULMON: CVE-2021-29071 // JVNDB: JVNDB-2021-004577 // CNNVD: CNNVD-202103-1355 // NVD: CVE-2021-29071 // NVD: CVE-2021-29071

PROBLEMTYPE DATA

problemtype:CWE-77

Trust: 1.0

problemtype:Command injection (CWE-77) [NVD Evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2021-004577 // NVD: CVE-2021-29071

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202103-1355

TYPE

command injection

Trust: 0.6

sources: CNNVD: CNNVD-202103-1355

PATCH

title:Security Advisory for Post-Authentication Command Injection on Some WiFi Systems, PSV-2020-0476url:https://kb.netgear.com/000063008/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-WiFi-Systems-PSV-2020-0476

Trust: 0.8

title:NETGEAR Repair measures for command injection vulnerabilities in multiple productsurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=144973

Trust: 0.6

sources: JVNDB: JVNDB-2021-004577 // CNNVD: CNNVD-202103-1355

EXTERNAL IDS

db:NVDid:CVE-2021-29071

Trust: 2.5

db:JVNDBid:JVNDB-2021-004577

Trust: 0.8

db:CNNVDid:CNNVD-202103-1355

Trust: 0.6

db:VULMONid:CVE-2021-29071

Trust: 0.1

sources: VULMON: CVE-2021-29071 // JVNDB: JVNDB-2021-004577 // CNNVD: CNNVD-202103-1355 // NVD: CVE-2021-29071

REFERENCES

url:https://kb.netgear.com/000063008/security-advisory-for-post-authentication-command-injection-on-some-wifi-systems-psv-2020-0476

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2021-29071

Trust: 1.4

url:https://cwe.mitre.org/data/definitions/77.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULMON: CVE-2021-29071 // JVNDB: JVNDB-2021-004577 // CNNVD: CNNVD-202103-1355 // NVD: CVE-2021-29071

SOURCES

db:VULMONid:CVE-2021-29071
db:JVNDBid:JVNDB-2021-004577
db:CNNVDid:CNNVD-202103-1355
db:NVDid:CVE-2021-29071

LAST UPDATE DATE

2024-11-23T22:37:03.060000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2021-29071date:2021-03-24T00:00:00
db:JVNDBid:JVNDB-2021-004577date:2021-11-25T03:10:00
db:CNNVDid:CNNVD-202103-1355date:2021-08-16T00:00:00
db:NVDid:CVE-2021-29071date:2024-11-21T06:00:38.910

SOURCES RELEASE DATE

db:VULMONid:CVE-2021-29071date:2021-03-23T00:00:00
db:JVNDBid:JVNDB-2021-004577date:2021-11-25T00:00:00
db:CNNVDid:CNNVD-202103-1355date:2021-03-23T00:00:00
db:NVDid:CVE-2021-29071date:2021-03-23T07:15:13.560