Details of VAR-202112-2351

ID

VAR-202112-2351

CVE

CVE-2021-45598

TITLE

Netgear NETGEAR Command injection vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202112-2393

DESCRIPTION

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects CBR40 before 2.5.0.24, CBR750 before 4.6.3.6, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12. This affects CBR40 prior to 2.5.0.24, CBR750 prior to 4.6.3.6, RBK852 prior to 3.2.17.12, RBR850 prior to 3.2.17.12, and RBS850 prior to 3.2.17.12

Trust: 0.99

sources: NVD: CVE-2021-45598 // VULMON: CVE-2021-45598

AFFECTED PRODUCTS

vendor:	netgear	model:	rbk852	scope:	lt	version:	3.2.17.12	Trust: 1.0
vendor:	netgear	model:	rbs850	scope:	lt	version:	3.2.17.12	Trust: 1.0
vendor:	netgear	model:	rbr850	scope:	lt	version:	3.2.17.12	Trust: 1.0
vendor:	netgear	model:	cbr40	scope:	lt	version:	2.5.0.24	Trust: 1.0
vendor:	netgear	model:	cbr750	scope:	lt	version:	4.6.3.6	Trust: 1.0

sources: NVD: CVE-2021-45598

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD:	CVE-2021-45598
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-202112-2393
value:	HIGH
Trust: 0.6
VULMON:	CVE-2021-45598
value:	MEDIUM
Trust: 0.1

VULMON:	CVE-2021-45598
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1

NVD:	CVE-2021-45598
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0

sources: VULMON: CVE-2021-45598 // CNNVD: CNNVD-202112-2393 // NVD: CVE-2021-45598

PROBLEMTYPE DATA

problemtype:

CWE-77

Trust: 1.0

sources: NVD: CVE-2021-45598

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202112-2393

TYPE

command injection

Trust: 0.6

sources: CNNVD: CNNVD-202112-2393

CONFIGURATIONS

sources: NVD: CVE-2021-45598

PATCH

title:

Netgear NETGEAR Security vulnerabilities

url:

http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=177113

Trust: 0.6

sources: CNNVD: CNNVD-202112-2393

EXTERNAL IDS

db:	NVD	id:	CVE-2021-45598	Trust: 1.7
db:	CNNVD	id:	CNNVD-202112-2393	Trust: 0.6
db:	VULMON	id:	CVE-2021-45598	Trust: 0.1

sources: VULMON: CVE-2021-45598 // CNNVD: CNNVD-202112-2393 // NVD: CVE-2021-45598

REFERENCES

url:	https://kb.netgear.com/000064144/security-advisory-for-post-authentication-command-injection-on-some-wifi-systems-psv-2020-0544	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2021-45598	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/77.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULMON: CVE-2021-45598 // CNNVD: CNNVD-202112-2393 // NVD: CVE-2021-45598

SOURCES

db:	VULMON	id:	CVE-2021-45598
db:	CNNVD	id:	CNNVD-202112-2393
db:	NVD	id:	CVE-2021-45598

LAST UPDATE DATE

2022-05-04T10:25:10.403000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2021-45598	date:	2022-01-05T00:00:00
db:	CNNVD	id:	CNNVD-202112-2393	date:	2022-01-06T00:00:00
db:	NVD	id:	CVE-2021-45598	date:	2022-01-05T21:30:00

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2021-45598	date:	2021-12-26T00:00:00
db:	CNNVD	id:	CNNVD-202112-2393	date:	2021-12-26T00:00:00
db:	NVD	id:	CVE-2021-45598	date:	2021-12-26T01:15:00