Sign-up

ID

VAR-202112-2329


CVE

CVE-2021-45620


TITLE

plural  NETGEAR  Command injection vulnerability in device

Trust: 0.8

sources: JVNDB: JVNDB-2021-017546

DESCRIPTION

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR40 before 2.5.0.24, CBR750 before 4.6.3.6, EAX20 before 1.0.0.58, EAX80 before 1.0.1.68, LAX20 before 1.1.6.28, MR60 before 1.0.6.116, MR80 before 1.1.2.20, MS60 before 1.0.6.116, MS80 before 1.1.2.20, MK62 before 1.0.6.116, MK83 before 1.1.2.20, R6400 before 1.0.1.70, R6400v2 before 1.0.4.106, R6700v3 before 1.0.4.106, R6900P before 1.3.3.140, R7000 before 1.0.11.126, R7000P before 1.3.3.140, R7850 before 1.0.5.74, R7900 before 1.0.4.46, R7900P before 1.4.2.84, R7960P before 1.4.2.84, R8000 before 1.0.4.74, R8000P before 1.4.2.84, RAX15 before 1.0.3.96, RAX20 before 1.0.3.96, RAX200 before 1.0.4.120, RAX35v2 before 1.0.3.96, RAX40v2 before 1.0.3.96, RAX43 before 1.0.3.96, RAX45 before 1.0.3.96, RAX50 before 1.0.3.96, RAX75 before 1.0.4.120, RAX80 before 1.0.4.120, RBK752 before 3.2.17.12, RBK852 before 3.2.17.12, RBR750 before 3.2.17.12, RBR850 before 3.2.17.12, RBS750 before 3.2.17.12, RBS850 before 3.2.17.12, RS400 before 1.5.1.80, XR1000 before 1.0.0.58, and XR300 before 1.0.3.68. plural NETGEAR A command injection vulnerability exists in the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This affects CBR40 prior to 2.5.0.24, CBR750 prior to 4.6.3.6, EAX20 prior to 1.0.0.58, EAX80 prior to 1.0.1.68, LAX20 prior to 1.1.6.28, MR60 prior to 1.0.6.116, MR80 prior to 1.1.2.20, MS60 prior to 1.0.6.116, MS80 prior to 1.1.2.20, MK62 prior to 1.0.6.116, MK83 prior to 1.1.2.20, R6400 prior to 1.0.1.70, R6400v2 prior to 1.0.4.106, R6700v3 prior to 1.0.4.106, R6900P prior to 1.3.3.140, R7000 prior to 1.0.11.126, R7000P prior to 1.3.3.140, R7850 prior to 1.0.5.74, R7900 prior to 1.0.4.46, R7900P prior to 1.4.2.84, R7960P prior to 1.4.2.84, R8000 prior to 1.0.4.74, R8000P prior to 1.4.2.84, RAX15 prior to 1.0.3.96, RAX20 prior to 1.0.3.96, RAX200 prior to 1.0.4.120, RAX35v2 prior to 1.0.3.96, RAX40v2 prior to 1.0.3.96, RAX43 prior to 1.0.3.96, RAX45 prior to 1.0.3.96, RAX50 prior to 1.0.3.96, RAX75 prior to 1.0.4.120, RAX80 prior to 1.0.4.120, RBK752 prior to 3.2.17.12, RBK852 prior to 3.2.17.12, RBR750 prior to 3.2.17.12, RBR850 prior to 3.2.17.12, RBS750 prior to 3.2.17.12, RBS850 prior to 3.2.17.12, RS400 prior to 1.5.1.80, XR1000 prior to 1.0.0.58, and XR300 prior to 1.0.3.68

Trust: 1.71

sources: NVD: CVE-2021-45620 // JVNDB: JVNDB-2021-017546 // VULMON: CVE-2021-45620

AFFECTED PRODUCTS

vendor:netgearmodel:rbr750scope:ltversion:3.2.17.12

Trust: 1.0

vendor:netgearmodel:mr60scope:ltversion:1.0.6.116

Trust: 1.0

vendor:netgearmodel:r6400scope:ltversion:1.0.1.70

Trust: 1.0

vendor:netgearmodel:ms60scope:ltversion:1.0.6.116

Trust: 1.0

vendor:netgearmodel:r8000pscope:ltversion:1.4.2.84

Trust: 1.0

vendor:netgearmodel:rax15scope:ltversion:1.0.3.96

Trust: 1.0

vendor:netgearmodel:rax45scope:ltversion:1.0.3.96

Trust: 1.0

vendor:netgearmodel:r6400v2scope:ltversion:1.0.4.118

Trust: 1.0

vendor:netgearmodel:rbk752scope:ltversion:3.2.17.12

Trust: 1.0

vendor:netgearmodel:mr80scope:ltversion:1.1.2.20

Trust: 1.0

vendor:netgearmodel:r7900pscope:ltversion:1.4.2.84

Trust: 1.0

vendor:netgearmodel:eax20scope:ltversion:1.0.0.58

Trust: 1.0

vendor:netgearmodel:rax43scope:ltversion:1.0.3.96

Trust: 1.0

vendor:netgearmodel:eax80scope:ltversion:1.0.1.68

Trust: 1.0

vendor:netgearmodel:r7850scope:ltversion:1.0.5.74

Trust: 1.0

vendor:netgearmodel:rbr850scope:ltversion:3.2.17.12

Trust: 1.0

vendor:netgearmodel:r7900scope:ltversion:1.0.4.46

Trust: 1.0

vendor:netgearmodel:rax80scope:ltversion:1.0.4.120

Trust: 1.0

vendor:netgearmodel:rs400scope:ltversion:1.5.1.80

Trust: 1.0

vendor:netgearmodel:r7000pscope:ltversion:1.3.3.140

Trust: 1.0

vendor:netgearmodel:rbs750scope:ltversion:3.2.17.12

Trust: 1.0

vendor:netgearmodel:cbr40scope:ltversion:2.5.0.24

Trust: 1.0

vendor:netgearmodel:ms80scope:ltversion:1.1.2.20

Trust: 1.0

vendor:netgearmodel:cbr750scope:ltversion:4.6.3.6

Trust: 1.0

vendor:netgearmodel:xr1000scope:ltversion:1.0.0.58

Trust: 1.0

vendor:netgearmodel:rbs850scope:ltversion:3.2.17.12

Trust: 1.0

vendor:netgearmodel:mk83scope:ltversion:1.1.2.20

Trust: 1.0

vendor:netgearmodel:rax50scope:ltversion:1.0.3.96

Trust: 1.0

vendor:netgearmodel:lax20scope:ltversion:1.1.6.28

Trust: 1.0

vendor:netgearmodel:rax40v2scope:ltversion:1.0.3.96

Trust: 1.0

vendor:netgearmodel:r6700v3scope:ltversion:1.0.4.118

Trust: 1.0

vendor:netgearmodel:r6900pscope:ltversion:1.3.3.140

Trust: 1.0

vendor:netgearmodel:r8000scope:ltversion:1.0.4.74

Trust: 1.0

vendor:netgearmodel:rax35v2scope:ltversion:1.0.3.96

Trust: 1.0

vendor:netgearmodel:rax200scope:ltversion:1.0.4.120

Trust: 1.0

vendor:netgearmodel:rbk852scope:ltversion:3.2.17.12

Trust: 1.0

vendor:netgearmodel:xr300scope:ltversion:1.0.3.68

Trust: 1.0

vendor:netgearmodel:r7960pscope:ltversion:1.4.2.84

Trust: 1.0

vendor:netgearmodel:rax75scope:ltversion:1.0.4.120

Trust: 1.0

vendor:netgearmodel:r7000scope:ltversion:1.0.11.126

Trust: 1.0

vendor:netgearmodel:mk62scope:ltversion:1.0.6.116

Trust: 1.0

vendor:netgearmodel:rax20scope:ltversion:1.0.3.96

Trust: 1.0

vendor:ネットギアmodel:r6400v2scope: - version: -

Trust: 0.8

vendor:ネットギアmodel:mr60scope: - version: -

Trust: 0.8

vendor:ネットギアmodel:eax20scope: - version: -

Trust: 0.8

vendor:ネットギアmodel:cbr750scope: - version: -

Trust: 0.8

vendor:ネットギアmodel:lax20scope: - version: -

Trust: 0.8

vendor:ネットギアmodel:eax80scope: - version: -

Trust: 0.8

vendor:ネットギアmodel:ms60scope: - version: -

Trust: 0.8

vendor:ネットギアmodel:r6900pscope: - version: -

Trust: 0.8

vendor:ネットギアmodel:cbr40scope: - version: -

Trust: 0.8

vendor:ネットギアmodel:r6700v3scope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-017546 // NVD: CVE-2021-45620

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-45620
value: CRITICAL

Trust: 1.0

cve@mitre.org: CVE-2021-45620
value: CRITICAL

Trust: 1.0

NVD: CVE-2021-45620
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-202112-2416
value: CRITICAL

Trust: 0.6

VULMON: CVE-2021-45620
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2021-45620
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

nvd@nist.gov: CVE-2021-45620
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

cve@mitre.org: CVE-2021-45620
baseSeverity: CRITICAL
baseScore: 9.6
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 6.0
version: 3.1

Trust: 1.0

NVD: CVE-2021-45620
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULMON: CVE-2021-45620 // JVNDB: JVNDB-2021-017546 // CNNVD: CNNVD-202112-2416 // NVD: CVE-2021-45620 // NVD: CVE-2021-45620

PROBLEMTYPE DATA

problemtype:CWE-77

Trust: 1.0

problemtype:Command injection (CWE-77) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2021-017546 // NVD: CVE-2021-45620

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202112-2416

TYPE

command injection

Trust: 0.6

sources: CNNVD: CNNVD-202112-2416

PATCH

title:Security Advisory for Pre-Authentication Command Injection on Some Routers, Extenders, and WiFi Systems, PSV-2020-0509url:https://kb.netgear.com/000064510/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-Routers-Extenders-and-WiFi-Systems-PSV-2020-0509

Trust: 0.8

title:Netgear RBR750 and NETGEAR Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=176395

Trust: 0.6

sources: JVNDB: JVNDB-2021-017546 // CNNVD: CNNVD-202112-2416

EXTERNAL IDS

db:NVDid:CVE-2021-45620

Trust: 3.3

db:JVNDBid:JVNDB-2021-017546

Trust: 0.8

db:CNNVDid:CNNVD-202112-2416

Trust: 0.6

db:VULMONid:CVE-2021-45620

Trust: 0.1

sources: VULMON: CVE-2021-45620 // JVNDB: JVNDB-2021-017546 // CNNVD: CNNVD-202112-2416 // NVD: CVE-2021-45620

REFERENCES

url:https://kb.netgear.com/000064510/security-advisory-for-pre-authentication-command-injection-on-some-routers-extenders-and-wifi-systems-psv-2020-0509

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2021-45620

Trust: 1.4

url:https://cwe.mitre.org/data/definitions/77.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULMON: CVE-2021-45620 // JVNDB: JVNDB-2021-017546 // CNNVD: CNNVD-202112-2416 // NVD: CVE-2021-45620

SOURCES

db:VULMONid:CVE-2021-45620
db:JVNDBid:JVNDB-2021-017546
db:CNNVDid:CNNVD-202112-2416
db:NVDid:CVE-2021-45620

LAST UPDATE DATE

2024-11-23T22:44:07.277000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2021-45620date:2022-01-07T00:00:00
db:JVNDBid:JVNDB-2021-017546date:2023-01-25T02:07:00
db:CNNVDid:CNNVD-202112-2416date:2022-01-10T00:00:00
db:NVDid:CVE-2021-45620date:2024-11-21T06:32:41.723

SOURCES RELEASE DATE

db:VULMONid:CVE-2021-45620date:2021-12-26T00:00:00
db:JVNDBid:JVNDB-2021-017546date:2023-01-25T00:00:00
db:CNNVDid:CNNVD-202112-2416date:2021-12-26T00:00:00
db:NVDid:CVE-2021-45620date:2021-12-26T01:15:18.703