Details of VAR-202112-2331

ID

VAR-202112-2331

CVE

CVE-2021-45618

TITLE

plural NETGEAR Command injection vulnerability in device

Trust: 0.8

sources: JVNDB: JVNDB-2021-017553

DESCRIPTION

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects D7800 before 1.0.1.64, EX6200v2 before 1.0.1.86, EX6250 before 1.0.0.134, EX7700 before 1.0.0.216, EX8000 before 1.0.1.232, LBR20 before 2.6.3.50, R7800 before 1.0.2.80, R8900 before 1.0.5.26, R9000 before 1.0.5.26, RAX120 before 1.2.0.16, RBS50Y before 1.0.0.56, WNR2000v5 before 1.0.0.76, XR450 before 2.3.2.114, XR500 before 2.3.2.114, XR700 before 1.0.1.36, EX6150v2 before 1.0.1.98, EX7300 before 1.0.2.158, EX7320 before 1.0.0.134, EX6100v2 before 1.0.1.98, EX6400 before 1.0.2.158, EX7300v2 before 1.0.0.134, EX6410 before 1.0.0.134, RBR10 before 2.6.1.44, RBR20 before 2.6.2.104, RBR40 before 2.6.2.104, RBR50 before 2.7.2.102, EX6420 before 1.0.0.134, RBS10 before 2.6.1.44, RBS20 before 2.6.2.104, RBS40 before 2.6.2.104, RBS50 before 2.7.2.102, EX6400v2 before 1.0.0.134, RBK12 before 2.6.1.44, RBK20 before 2.6.2.104, RBK40 before 2.6.2.104, and RBK50 before 2.7.2.102. plural NETGEAR A command injection vulnerability exists in the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This affects D7800 prior to 1.0.1.64, EX6200v2 prior to 1.0.1.86, EX6250 prior to 1.0.0.134, EX7700 prior to 1.0.0.216, EX8000 prior to 1.0.1.232, LBR20 prior to 2.6.3.50, R7800 prior to 1.0.2.80, R8900 prior to 1.0.5.26, R9000 prior to 1.0.5.26, RAX120 prior to 1.2.0.16, RBS50Y prior to 1.0.0.56, WNR2000v5 prior to 1.0.0.76, XR450 prior to 2.3.2.114, XR500 prior to 2.3.2.114, XR700 prior to 1.0.1.36, EX6150v2 prior to 1.0.1.98, EX7300 prior to 1.0.2.158, EX7320 prior to 1.0.0.134, EX6100v2 prior to 1.0.1.98, EX6400 prior to 1.0.2.158, EX7300v2 prior to 1.0.0.134, EX6410 prior to 1.0.0.134, RBR10 prior to 2.6.1.44, RBR20 prior to 2.6.2.104, RBR40 prior to 2.6.2.104, RBR50 prior to 2.7.2.102, EX6420 prior to 1.0.0.134, RBS10 prior to 2.6.1.44, RBS20 prior to 2.6.2.104, RBS40 prior to 2.6.2.104, RBS50 prior to 2.7.2.102, EX6400v2 prior to 1.0.0.134, RBK12 prior to 2.6.1.44, RBK20 prior to 2.6.2.104, RBK40 prior to 2.6.2.104, and RBK50 prior to 2.7.2.102

Trust: 1.71

sources: NVD: CVE-2021-45618 // JVNDB: JVNDB-2021-017553 // VULMON: CVE-2021-45618

AFFECTED PRODUCTS

vendor:	netgear	model:	ex6100v2	scope:	lt	version:	1.0.1.98	Trust: 1.0
vendor:	netgear	model:	rbs50	scope:	lt	version:	2.7.2.102	Trust: 1.0
vendor:	netgear	model:	r9000	scope:	lt	version:	1.0.5.26	Trust: 1.0
vendor:	netgear	model:	rbr40	scope:	lt	version:	2.6.2.104	Trust: 1.0
vendor:	netgear	model:	rbk12	scope:	lt	version:	2.6.1.44	Trust: 1.0
vendor:	netgear	model:	rbk40	scope:	lt	version:	2.6.2.104	Trust: 1.0
vendor:	netgear	model:	ex6200v2	scope:	lt	version:	1.0.1.86	Trust: 1.0
vendor:	netgear	model:	ex6420	scope:	lt	version:	1.0.0.134	Trust: 1.0
vendor:	netgear	model:	rbr10	scope:	lt	version:	2.6.1.44	Trust: 1.0
vendor:	netgear	model:	xr500	scope:	lt	version:	2.3.2.114	Trust: 1.0
vendor:	netgear	model:	ex7320	scope:	lt	version:	1.0.0.134	Trust: 1.0
vendor:	netgear	model:	rbs20	scope:	lt	version:	2.6.2.104	Trust: 1.0
vendor:	netgear	model:	lbr20	scope:	lt	version:	2.6.3.50	Trust: 1.0
vendor:	netgear	model:	rbk20	scope:	lt	version:	2.6.2.104	Trust: 1.0
vendor:	netgear	model:	xr700	scope:	lt	version:	1.0.1.36	Trust: 1.0
vendor:	netgear	model:	ex6400	scope:	lt	version:	1.0.2.158	Trust: 1.0
vendor:	netgear	model:	ex6400v2	scope:	lt	version:	1.0.0.134	Trust: 1.0
vendor:	netgear	model:	ex8000	scope:	lt	version:	1.0.1.232	Trust: 1.0
vendor:	netgear	model:	wnr2000v5	scope:	lt	version:	1.0.0.76	Trust: 1.0
vendor:	netgear	model:	rax120	scope:	lt	version:	1.2.0.16	Trust: 1.0
vendor:	netgear	model:	ex7700	scope:	lt	version:	1.0.0.216	Trust: 1.0
vendor:	netgear	model:	xr450	scope:	lt	version:	2.3.2.114	Trust: 1.0
vendor:	netgear	model:	rbs40	scope:	lt	version:	2.6.2.104	Trust: 1.0
vendor:	netgear	model:	ex7300	scope:	lt	version:	1.0.2.158	Trust: 1.0
vendor:	netgear	model:	rbs50y	scope:	lt	version:	1.0.0.56	Trust: 1.0
vendor:	netgear	model:	ex6410	scope:	lt	version:	1.0.0.134	Trust: 1.0
vendor:	netgear	model:	ex7300v2	scope:	lt	version:	1.0.0.134	Trust: 1.0
vendor:	netgear	model:	rbs10	scope:	lt	version:	2.6.1.44	Trust: 1.0
vendor:	netgear	model:	rbr50	scope:	lt	version:	2.7.2.102	Trust: 1.0
vendor:	netgear	model:	d7800	scope:	lt	version:	1.0.1.64	Trust: 1.0
vendor:	netgear	model:	rbr20	scope:	lt	version:	2.6.2.104	Trust: 1.0
vendor:	netgear	model:	r8900	scope:	lt	version:	1.0.5.26	Trust: 1.0
vendor:	netgear	model:	r7800	scope:	lt	version:	1.0.2.80	Trust: 1.0
vendor:	netgear	model:	ex6150v2	scope:	lt	version:	1.0.1.98	Trust: 1.0
vendor:	netgear	model:	rbk50	scope:	lt	version:	2.7.2.102	Trust: 1.0
vendor:	netgear	model:	ex6250	scope:	lt	version:	1.0.0.134	Trust: 1.0
vendor:	ネットギア	model:	r8900	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	d7800	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	rax120	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	ex6200v2	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	lbr20	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	ex7700	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	r9000	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	ex6250	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	r7800	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	ex8000	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-017553 // NVD: CVE-2021-45618

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-45618
value:	CRITICAL
Trust: 1.0
cve@mitre.org:	CVE-2021-45618
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2021-45618
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-202112-2412
value:	CRITICAL
Trust: 0.6

nvd@nist.gov:	CVE-2021-45618
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8

nvd@nist.gov:	CVE-2021-45618
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
cve@mitre.org:	CVE-2021-45618
baseSeverity:	CRITICAL
baseScore:	9.6
vectorString:	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	6.0
version:	3.1
Trust: 1.0
NVD:	CVE-2021-45618
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2021-017553 // CNNVD: CNNVD-202112-2412 // NVD: CVE-2021-45618 // NVD: CVE-2021-45618

PROBLEMTYPE DATA

problemtype:	CWE-77	Trust: 1.0
problemtype:	Command injection (CWE-77) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-017553 // NVD: CVE-2021-45618

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202112-2412

TYPE

command injection

Trust: 0.6

sources: CNNVD: CNNVD-202112-2412

PATCH

title:	Security Advisory for Pre-Authentication Command Injection on Some Routers, Extenders, and WiFi Systems, PSV-2020-0422	url:	https://kb.netgear.com/000064490/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-Routers-Extenders-and-WiFi-Systems-PSV-2020-0422	Trust: 0.8
title:	Netgear NETGEAR Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=176391	Trust: 0.6

sources: JVNDB: JVNDB-2021-017553 // CNNVD: CNNVD-202112-2412

EXTERNAL IDS

db:	NVD	id:	CVE-2021-45618	Trust: 3.3
db:	JVNDB	id:	JVNDB-2021-017553	Trust: 0.8
db:	CNNVD	id:	CNNVD-202112-2412	Trust: 0.6
db:	VULMON	id:	CVE-2021-45618	Trust: 0.1

sources: VULMON: CVE-2021-45618 // JVNDB: JVNDB-2021-017553 // CNNVD: CNNVD-202112-2412 // NVD: CVE-2021-45618

REFERENCES

url:	https://kb.netgear.com/000064490/security-advisory-for-pre-authentication-command-injection-on-some-routers-extenders-and-wifi-systems-psv-2020-0422	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2021-45618	Trust: 1.4
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULMON: CVE-2021-45618 // JVNDB: JVNDB-2021-017553 // CNNVD: CNNVD-202112-2412 // NVD: CVE-2021-45618

SOURCES

db:	VULMON	id:	CVE-2021-45618
db:	JVNDB	id:	JVNDB-2021-017553
db:	CNNVD	id:	CNNVD-202112-2412
db:	NVD	id:	CVE-2021-45618

LAST UPDATE DATE

2024-11-23T22:29:10.338000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2021-45618	date:	2021-12-27T00:00:00
db:	JVNDB	id:	JVNDB-2021-017553	date:	2023-01-25T05:10:00
db:	CNNVD	id:	CNNVD-202112-2412	date:	2022-01-11T00:00:00
db:	NVD	id:	CVE-2021-45618	date:	2024-11-21T06:32:41.333

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2021-45618	date:	2021-12-26T00:00:00
db:	JVNDB	id:	JVNDB-2021-017553	date:	2023-01-25T00:00:00
db:	CNNVD	id:	CNNVD-202112-2412	date:	2021-12-26T00:00:00
db:	NVD	id:	CVE-2021-45618	date:	2021-12-26T01:15:18.613