Details of VAR-202112-2352

ID

VAR-202112-2352

CVE

CVE-2021-45597

TITLE

Netgear NETGEAR Command injection vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202112-2392

DESCRIPTION

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects CBR40 before 2.5.0.24, CBR750 before 4.6.3.6, RBR850 before 3.2.17.12, RBS850 before 3.2.17.12, and RBS850 before 3.2.17.12. This affects CBR40 prior to 2.5.0.24, CBR750 prior to 4.6.3.6, RBR850 prior to 3.2.17.12, RBS850 prior to 3.2.17.12, and RBS850 prior to 3.2.17.12

Trust: 0.99

sources: NVD: CVE-2021-45597 // VULMON: CVE-2021-45597

AFFECTED PRODUCTS

vendor:	netgear	model:	rbk852	scope:	lt	version:	3.2.17.12	Trust: 1.0
vendor:	netgear	model:	rbs850	scope:	lt	version:	3.2.17.12	Trust: 1.0
vendor:	netgear	model:	rbr850	scope:	lt	version:	3.2.17.12	Trust: 1.0
vendor:	netgear	model:	cbr40	scope:	lt	version:	2.5.0.24	Trust: 1.0
vendor:	netgear	model:	cbr750	scope:	lt	version:	4.6.3.6	Trust: 1.0

sources: NVD: CVE-2021-45597

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD:	CVE-2021-45597
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-202112-2392
value:	HIGH
Trust: 0.6
VULMON:	CVE-2021-45597
value:	MEDIUM
Trust: 0.1

VULMON:	CVE-2021-45597
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1

NVD:	CVE-2021-45597
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0

sources: VULMON: CVE-2021-45597 // CNNVD: CNNVD-202112-2392 // NVD: CVE-2021-45597

PROBLEMTYPE DATA

problemtype:

CWE-77

Trust: 1.0

sources: NVD: CVE-2021-45597

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202112-2392

TYPE

command injection

Trust: 0.6

sources: CNNVD: CNNVD-202112-2392

CONFIGURATIONS

sources: NVD: CVE-2021-45597

PATCH

title:

Netgear NETGEAR Security vulnerabilities

url:

http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=177111

Trust: 0.6

sources: CNNVD: CNNVD-202112-2392

EXTERNAL IDS

db:	NVD	id:	CVE-2021-45597	Trust: 1.7
db:	CNNVD	id:	CNNVD-202112-2392	Trust: 0.6
db:	VULMON	id:	CVE-2021-45597	Trust: 0.1

sources: VULMON: CVE-2021-45597 // CNNVD: CNNVD-202112-2392 // NVD: CVE-2021-45597

REFERENCES

url:	https://kb.netgear.com/000064142/security-advisory-for-post-authentication-command-injection-on-some-wifi-systems-psv-2020-0539	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2021-45597	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/77.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULMON: CVE-2021-45597 // CNNVD: CNNVD-202112-2392 // NVD: CVE-2021-45597

SOURCES

db:	VULMON	id:	CVE-2021-45597
db:	CNNVD	id:	CNNVD-202112-2392
db:	NVD	id:	CVE-2021-45597

LAST UPDATE DATE

2022-05-04T10:02:58.375000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2021-45597	date:	2022-01-05T00:00:00
db:	CNNVD	id:	CNNVD-202112-2392	date:	2022-01-06T00:00:00
db:	NVD	id:	CVE-2021-45597	date:	2022-01-05T21:14:00

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2021-45597	date:	2021-12-26T00:00:00
db:	CNNVD	id:	CNNVD-202112-2392	date:	2021-12-26T00:00:00
db:	NVD	id:	CVE-2021-45597	date:	2021-12-26T01:15:00