Sign-up

ID

VAR-202108-1624


CVE

CVE-2021-38518


TITLE

Netgear NETGEAR Command injection vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202108-958

DESCRIPTION

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RAX200 before 1.0.4.120, RAX75 before 1.0.4.120, RAX80 before 1.0.4.120, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12. This affects RAX200 prior to 1.0.4.120, RAX75 prior to 1.0.4.120, RAX80 prior to 1.0.4.120, RBK852 prior to 3.2.17.12, RBR850 prior to 3.2.17.12, and RBS850 prior to 3.2.17.12

Trust: 0.99

sources: NVD: CVE-2021-38518 // VULMON: CVE-2021-38518

AFFECTED PRODUCTS

vendor:netgearmodel:rbk852scope:ltversion:3.2.17.12

Trust: 1.0

vendor:netgearmodel:rax75scope:ltversion:1.0.4.120

Trust: 1.0

vendor:netgearmodel:rbs850scope:ltversion:3.2.17.12

Trust: 1.0

vendor:netgearmodel:rax80scope:ltversion:1.0.4.120

Trust: 1.0

vendor:netgearmodel:rbr850scope:ltversion:3.2.17.12

Trust: 1.0

vendor:netgearmodel:rax200scope:ltversion:1.0.4.120

Trust: 1.0

sources: NVD: CVE-2021-38518

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2021-38518
value: HIGH

Trust: 1.0

CNNVD: CNNVD-202108-958
value: HIGH

Trust: 0.6

VULMON: CVE-2021-38518
value: MEDIUM

Trust: 0.1

VULMON: CVE-2021-38518
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: CVE-2021-38518
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.2
impactScore: 5.9
version: 3.1

Trust: 1.0

sources: VULMON: CVE-2021-38518 // CNNVD: CNNVD-202108-958 // NVD: CVE-2021-38518

PROBLEMTYPE DATA

problemtype:CWE-77

Trust: 1.0

sources: NVD: CVE-2021-38518

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202108-958

TYPE

command injection

Trust: 0.6

sources: CNNVD: CNNVD-202108-958

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2021-38518

PATCH
title:Netgear NETGEAR Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=159352
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-202108-958

EXTERNAL IDS
db:NVDid:CVE-2021-38518
Trust: 1.7
db:CNNVDid:CNNVD-202108-958
Trust: 0.6
db:VULMONid:CVE-2021-38518
Trust: 0.1
sources:
            
            
            VULMON: CVE-2021-38518 // 
            
            
            
            CNNVD: CNNVD-202108-958 // 
            
            
            
            NVD: CVE-2021-38518

REFERENCES
url:https://kb.netgear.com/000063783/security-advisory-for-post-authentication-command-injection-on-some-routers-and-wifi-systems-psv-2020-0528
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2021-38518
Trust: 0.6
url:https://cwe.mitre.org/data/definitions/77.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULMON: CVE-2021-38518 // 
            
            
            
            CNNVD: CNNVD-202108-958 // 
            
            
            
            NVD: CVE-2021-38518

SOURCES
db:VULMONid:CVE-2021-38518
db:CNNVDid:CNNVD-202108-958
db:NVDid:CVE-2021-38518

LAST UPDATE DATE
2022-05-04T09:41:58.436000+00:00

SOURCES UPDATE DATE
db:VULMONid:CVE-2021-38518date:2021-08-18T00:00:00
db:CNNVDid:CNNVD-202108-958date:2021-08-19T00:00:00
db:NVDid:CVE-2021-38518date:2021-08-18T19:37:00

SOURCES RELEASE DATE
db:VULMONid:CVE-2021-38518date:2021-08-11T00:00:00
db:CNNVDid:CNNVD-202108-958date:2021-08-10T00:00:00
db:NVDid:CVE-2021-38518date:2021-08-11T00:15:00