Details of VAR-202112-2348

ID

VAR-202112-2348

CVE

CVE-2021-45601

TITLE

Netgear NETGEAR Command injection vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202112-2397

DESCRIPTION

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects CBR40 before 2.5.0.24, CBR750 before 4.6.3.6, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12. This affects CBR40 prior to 2.5.0.24, CBR750 prior to 4.6.3.6, RBK852 prior to 3.2.17.12, RBR850 prior to 3.2.17.12, and RBS850 prior to 3.2.17.12

Trust: 0.99

sources: NVD: CVE-2021-45601 // VULMON: CVE-2021-45601

AFFECTED PRODUCTS

vendor:	netgear	model:	rbk852	scope:	lt	version:	3.2.17.12	Trust: 1.0
vendor:	netgear	model:	rbs850	scope:	lt	version:	3.2.17.12	Trust: 1.0
vendor:	netgear	model:	rbr850	scope:	lt	version:	3.2.17.12	Trust: 1.0
vendor:	netgear	model:	cbr40	scope:	lt	version:	2.5.0.24	Trust: 1.0
vendor:	netgear	model:	cbr750	scope:	lt	version:	4.6.3.6	Trust: 1.0

sources: NVD: CVE-2021-45601

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD:	CVE-2021-45601
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-202112-2397
value:	HIGH
Trust: 0.6
VULMON:	CVE-2021-45601
value:	MEDIUM
Trust: 0.1

VULMON:	CVE-2021-45601
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1

NVD:	CVE-2021-45601
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0

sources: VULMON: CVE-2021-45601 // CNNVD: CNNVD-202112-2397 // NVD: CVE-2021-45601

PROBLEMTYPE DATA

problemtype:

CWE-77

Trust: 1.0

sources: NVD: CVE-2021-45601

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202112-2397

TYPE

command injection

Trust: 0.6

sources: CNNVD: CNNVD-202112-2397

CONFIGURATIONS

sources: NVD: CVE-2021-45601

PATCH

title:

Netgear NETGEAR Security vulnerabilities

url:

http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=177118

Trust: 0.6

sources: CNNVD: CNNVD-202112-2397

EXTERNAL IDS

db:	NVD	id:	CVE-2021-45601	Trust: 1.7
db:	CNNVD	id:	CNNVD-202112-2397	Trust: 0.6
db:	VULMON	id:	CVE-2021-45601	Trust: 0.1

sources: VULMON: CVE-2021-45601 // CNNVD: CNNVD-202112-2397 // NVD: CVE-2021-45601

REFERENCES

url:	https://kb.netgear.com/000064147/security-advisory-for-post-authentication-command-injection-on-some-wifi-systems-psv-2020-0563	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2021-45601	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/77.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULMON: CVE-2021-45601 // CNNVD: CNNVD-202112-2397 // NVD: CVE-2021-45601

SOURCES

db:	VULMON	id:	CVE-2021-45601
db:	CNNVD	id:	CNNVD-202112-2397
db:	NVD	id:	CVE-2021-45601

LAST UPDATE DATE

2022-05-04T09:49:42.490000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2021-45601	date:	2022-01-05T00:00:00
db:	CNNVD	id:	CNNVD-202112-2397	date:	2022-01-06T00:00:00
db:	NVD	id:	CVE-2021-45601	date:	2022-01-05T20:57:00

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2021-45601	date:	2021-12-26T00:00:00
db:	CNNVD	id:	CNNVD-202112-2397	date:	2021-12-26T00:00:00
db:	NVD	id:	CVE-2021-45601	date:	2021-12-26T01:15:00