Sign-up

ID

VAR-202108-1635


CVE

CVE-2021-38529


TITLE

plural  NETGEAR  Command injection vulnerability in device

Trust: 0.8

sources: JVNDB: JVNDB-2021-010405

DESCRIPTION

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects D7800 before 1.0.1.56, R7800 before 1.0.2.68, R8900 before 1.0.4.26, and R9000 before 1.0.4.26. plural NETGEAR A command injection vulnerability exists in the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This affects D7800 prior to 1.0.1.56, R7800 prior to 1.0.2.68, R8900 prior to 1.0.4.26, and R9000 prior to 1.0.4.26

Trust: 1.71

sources: NVD: CVE-2021-38529 // JVNDB: JVNDB-2021-010405 // VULMON: CVE-2021-38529

AFFECTED PRODUCTS

vendor:netgearmodel:d7800scope:ltversion:1.0.1.56

Trust: 1.0

vendor:netgearmodel:r7800scope:ltversion:1.0.2.68

Trust: 1.0

vendor:netgearmodel:r9000scope:ltversion:1.0.4.26

Trust: 1.0

vendor:netgearmodel:r8900scope:ltversion:1.0.4.26

Trust: 1.0

vendor:ネットギアmodel:r9000scope: - version: -

Trust: 0.8

vendor:ネットギアmodel:r7800scope: - version: -

Trust: 0.8

vendor:ネットギアmodel:d7800scope: - version: -

Trust: 0.8

vendor:ネットギアmodel:r8900scope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-010405 // NVD: CVE-2021-38529

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-38529
value: CRITICAL

Trust: 1.0

cve@mitre.org: CVE-2021-38529
value: HIGH

Trust: 1.0

NVD: CVE-2021-38529
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-202108-955
value: CRITICAL

Trust: 0.6

VULMON: CVE-2021-38529
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2021-38529
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

nvd@nist.gov: CVE-2021-38529
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

cve@mitre.org: CVE-2021-38529
baseSeverity: HIGH
baseScore: 8.3
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: LOW
exploitabilityScore: 2.8
impactScore: 5.5
version: 3.1

Trust: 1.0

NVD: CVE-2021-38529
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULMON: CVE-2021-38529 // JVNDB: JVNDB-2021-010405 // CNNVD: CNNVD-202108-955 // NVD: CVE-2021-38529 // NVD: CVE-2021-38529

PROBLEMTYPE DATA

problemtype:CWE-77

Trust: 1.0

problemtype:Command injection (CWE-77) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2021-010405 // NVD: CVE-2021-38529

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202108-955

TYPE

command injection

Trust: 0.6

sources: CNNVD: CNNVD-202108-955

PATCH

title:Security Advisory for Pre-Authentication Command Injection on Some Routers and Gateways, PSV-2018-0616url:https://kb.netgear.com/000063765/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-Routers-and-Gateways-PSV-2018-0616

Trust: 0.8

title:Netgear NETGEAR Fixes for command injection vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=159349

Trust: 0.6

sources: JVNDB: JVNDB-2021-010405 // CNNVD: CNNVD-202108-955

EXTERNAL IDS

db:NVDid:CVE-2021-38529

Trust: 3.3

db:JVNDBid:JVNDB-2021-010405

Trust: 0.8

db:CNNVDid:CNNVD-202108-955

Trust: 0.6

db:VULMONid:CVE-2021-38529

Trust: 0.1

sources: VULMON: CVE-2021-38529 // JVNDB: JVNDB-2021-010405 // CNNVD: CNNVD-202108-955 // NVD: CVE-2021-38529

REFERENCES

url:https://kb.netgear.com/000063765/security-advisory-for-pre-authentication-command-injection-on-some-routers-and-gateways-psv-2018-0616

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2021-38529

Trust: 1.4

url:https://cwe.mitre.org/data/definitions/77.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULMON: CVE-2021-38529 // JVNDB: JVNDB-2021-010405 // CNNVD: CNNVD-202108-955 // NVD: CVE-2021-38529

SOURCES

db:VULMONid:CVE-2021-38529
db:JVNDBid:JVNDB-2021-010405
db:CNNVDid:CNNVD-202108-955
db:NVDid:CVE-2021-38529

LAST UPDATE DATE

2024-08-14T15:22:11.138000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2021-38529date:2021-08-18T00:00:00
db:JVNDBid:JVNDB-2021-010405date:2022-06-30T08:49:00
db:CNNVDid:CNNVD-202108-955date:2021-08-26T00:00:00
db:NVDid:CVE-2021-38529date:2021-08-18T20:44:04.110

SOURCES RELEASE DATE

db:VULMONid:CVE-2021-38529date:2021-08-11T00:00:00
db:JVNDBid:JVNDB-2021-010405date:2022-06-30T00:00:00
db:CNNVDid:CNNVD-202108-955date:2021-08-10T00:00:00
db:NVDid:CVE-2021-38529date:2021-08-11T00:16:52.447