Details of VAR-202112-2347

ID

VAR-202112-2347

CVE

CVE-2021-45602

TITLE

plural NETGEAR On the device OS Command injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2021-017181

DESCRIPTION

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D7800 before 1.0.1.66, EX2700 before 1.0.1.68, WN3000RPv2 before 1.0.0.90, WN3000RPv3 before 1.0.2.100, LBR1020 before 2.6.5.20, LBR20 before 2.6.5.32, R6700AX before 1.0.10.110, R7800 before 1.0.2.86, R8900 before 1.0.5.38, R9000 before 1.0.5.38, RAX10 before 1.0.10.110, RAX120v1 before 1.2.3.28, RAX120v2 before 1.2.3.28, RAX70 before 1.0.10.110, RAX78 before 1.0.10.110, XR450 before 2.3.2.130, XR500 before 2.3.2.130, and XR700 before 1.0.1.46. plural NETGEAR On the device OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This affects D7800 prior to 1.0.1.66, EX2700 prior to 1.0.1.68, WN3000RPv2 prior to 1.0.0.90, WN3000RPv3 prior to 1.0.2.100, LBR1020 prior to 2.6.5.20, LBR20 prior to 2.6.5.32, R6700AX prior to 1.0.10.110, R7800 prior to 1.0.2.86, R8900 prior to 1.0.5.38, R9000 prior to 1.0.5.38, RAX10 prior to 1.0.10.110, RAX120v1 prior to 1.2.3.28, RAX120v2 prior to 1.2.3.28, RAX70 prior to 1.0.10.110, RAX78 prior to 1.0.10.110, XR450 prior to 2.3.2.130, XR500 prior to 2.3.2.130, and XR700 prior to 1.0.1.46

Trust: 1.71

sources: NVD: CVE-2021-45602 // JVNDB: JVNDB-2021-017181 // VULMON: CVE-2021-45602

AFFECTED PRODUCTS

vendor:	netgear	model:	xr500	scope:	lt	version:	2.3.2.130	Trust: 1.0
vendor:	netgear	model:	lbr20	scope:	lt	version:	2.6.5.32	Trust: 1.0
vendor:	netgear	model:	rax120v2	scope:	lt	version:	1.2.3.28	Trust: 1.0
vendor:	netgear	model:	rax10	scope:	lt	version:	1.0.10.110	Trust: 1.0
vendor:	netgear	model:	ex2700	scope:	lt	version:	1.0.1.68	Trust: 1.0
vendor:	netgear	model:	r6700ax	scope:	lt	version:	1.0.10.110	Trust: 1.0
vendor:	netgear	model:	rax78	scope:	lt	version:	1.0.10.110	Trust: 1.0
vendor:	netgear	model:	lbr1020	scope:	lt	version:	2.6.5.20	Trust: 1.0
vendor:	netgear	model:	r7800	scope:	lt	version:	1.0.2.86	Trust: 1.0
vendor:	netgear	model:	r9000	scope:	lt	version:	1.0.5.38	Trust: 1.0
vendor:	netgear	model:	xr700	scope:	lt	version:	1.0.1.46	Trust: 1.0
vendor:	netgear	model:	wn3000rpv3	scope:	lt	version:	1.0.2.100	Trust: 1.0
vendor:	netgear	model:	rax120v1	scope:	lt	version:	1.2.3.28	Trust: 1.0
vendor:	netgear	model:	wn3000rpv2	scope:	lt	version:	1.0.0.90	Trust: 1.0
vendor:	netgear	model:	rax70	scope:	lt	version:	1.0.10.110	Trust: 1.0
vendor:	netgear	model:	r8900	scope:	lt	version:	1.0.5.38	Trust: 1.0
vendor:	netgear	model:	xr450	scope:	lt	version:	2.3.2.130	Trust: 1.0
vendor:	netgear	model:	d7800	scope:	lt	version:	1.0.1.66	Trust: 1.0
vendor:	ネットギア	model:	lbr1020	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	d7800	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	lbr20	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	wn3000rpv2	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	ex2700	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	r9000	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	r6700ax	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	r7800	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	r8900	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	wn3000rpv3	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-017181 // NVD: CVE-2021-45602

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-45602
value:	HIGH
Trust: 1.0
cve@mitre.org:	CVE-2021-45602
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2021-45602
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202112-2398
value:	HIGH
Trust: 0.6
VULMON:	CVE-2021-45602
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-45602
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9

nvd@nist.gov:	CVE-2021-45602
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
cve@mitre.org:	CVE-2021-45602
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	LOW
exploitabilityScore:	1.8
impactScore:	4.2
version:	3.1
Trust: 1.0
NVD:	CVE-2021-45602
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULMON: CVE-2021-45602 // JVNDB: JVNDB-2021-017181 // CNNVD: CNNVD-202112-2398 // NVD: CVE-2021-45602 // NVD: CVE-2021-45602

PROBLEMTYPE DATA

problemtype:	CWE-78	Trust: 1.0
problemtype:	OS Command injection (CWE-78) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-017181 // NVD: CVE-2021-45602

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202112-2398

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-202112-2398

PATCH

title:	Security Advisory for Post-Authentication Command Injection & Sensitive Information Disclosure on Multiple Products, PSV-2021-0169 & PSV-2021-0171	url:	https://kb.netgear.com/000064407/Security-Advisory-for-Post-Authentication-Command-Injection-Sensitive-Information-Disclosure-on-Multiple-Products-PSV-2021-0169-PSV-2021-0171	Trust: 0.8
title:	Netgear NETGEAR Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=177119	Trust: 0.6

sources: JVNDB: JVNDB-2021-017181 // CNNVD: CNNVD-202112-2398

EXTERNAL IDS

db:	NVD	id:	CVE-2021-45602	Trust: 3.3
db:	JVNDB	id:	JVNDB-2021-017181	Trust: 0.8
db:	CNNVD	id:	CNNVD-202112-2398	Trust: 0.6
db:	VULMON	id:	CVE-2021-45602	Trust: 0.1

sources: VULMON: CVE-2021-45602 // JVNDB: JVNDB-2021-017181 // CNNVD: CNNVD-202112-2398 // NVD: CVE-2021-45602

REFERENCES

url:	https://immersivelabs.com/resources/blog/netgear-vulnerabilities-could-put-small-business-routers-at-risk/	Trust: 1.7
url:	https://kb.netgear.com/000064407/security-advisory-for-post-authentication-command-injection-sensitive-information-disclosure-on-multiple-products-psv-2021-0169-psv-2021-0171	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2021-45602	Trust: 1.4
url:	https://www.immersivelabs.com/press/netgear-vulnerabilities-could-put-small-business-routers-at-risk/	Trust: 0.8
url:	https://cwe.mitre.org/data/definitions/77.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULMON: CVE-2021-45602 // JVNDB: JVNDB-2021-017181 // CNNVD: CNNVD-202112-2398 // NVD: CVE-2021-45602

SOURCES

db:	VULMON	id:	CVE-2021-45602
db:	JVNDB	id:	JVNDB-2021-017181
db:	CNNVD	id:	CNNVD-202112-2398
db:	NVD	id:	CVE-2021-45602

LAST UPDATE DATE

2024-11-23T22:50:58.411000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2021-45602	date:	2022-01-06T00:00:00
db:	JVNDB	id:	JVNDB-2021-017181	date:	2023-01-06T06:33:00
db:	CNNVD	id:	CNNVD-202112-2398	date:	2022-07-14T00:00:00
db:	NVD	id:	CVE-2021-45602	date:	2024-11-21T06:32:38.330

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2021-45602	date:	2021-12-26T00:00:00
db:	JVNDB	id:	JVNDB-2021-017181	date:	2023-01-06T00:00:00
db:	CNNVD	id:	CNNVD-202112-2398	date:	2021-12-26T00:00:00
db:	NVD	id:	CVE-2021-45602	date:	2021-12-26T01:15:17.803