Sign-up

ID

VAR-202112-2356


CVE

CVE-2021-45593


TITLE

plural  NETGEAR  Command injection vulnerability in device

Trust: 0.8

sources: JVNDB: JVNDB-2021-017106

DESCRIPTION

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBR20 before 2.7.3.22, RBR40 before 2.7.3.22, RBR50 before 2.7.2.102, RBS20 before 2.7.3.22, RBS40 before 2.7.3.22, RBR50 before 2.7.2.102, RBK20 before 2.7.3.22, RBK40 before 2.7.3.22, and RBK50 before 2.7.2.102. plural NETGEAR A command injection vulnerability exists in the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This affects RBR20 prior to 2.7.3.22, RBR40 prior to 2.7.3.22, RBR50 prior to 2.7.2.102, RBS20 prior to 2.7.3.22, RBS40 prior to 2.7.3.22, RBR50 prior to 2.7.2.102, RBK20 prior to 2.7.3.22, RBK40 prior to 2.7.3.22, and RBK50 prior to 2.7.2.102

Trust: 1.71

sources: NVD: CVE-2021-45593 // JVNDB: JVNDB-2021-017106 // VULMON: CVE-2021-45593

AFFECTED PRODUCTS

vendor:netgearmodel:rbr50scope:ltversion:2.7.2.102

Trust: 1.0

vendor:netgearmodel:rbk50scope:ltversion:2.7.2.102

Trust: 1.0

vendor:netgearmodel:rbr40scope:ltversion:2.7.3.22

Trust: 1.0

vendor:netgearmodel:rbr20scope:ltversion:2.7.3.22

Trust: 1.0

vendor:netgearmodel:rbk40scope:ltversion:2.7.3.22

Trust: 1.0

vendor:netgearmodel:rbk20scope:ltversion:2.7.3.22

Trust: 1.0

vendor:netgearmodel:rbs20scope:ltversion:2.7.3.22

Trust: 1.0

vendor:netgearmodel:rbs40scope:ltversion:2.7.3.22

Trust: 1.0

vendor:ネットギアmodel:rbr40scope: - version: -

Trust: 0.8

vendor:ネットギアmodel:rbk20scope: - version: -

Trust: 0.8

vendor:ネットギアmodel:rbk40scope: - version: -

Trust: 0.8

vendor:ネットギアmodel:rbk50scope: - version: -

Trust: 0.8

vendor:ネットギアmodel:rbs20scope: - version: -

Trust: 0.8

vendor:ネットギアmodel:rbr20scope: - version: -

Trust: 0.8

vendor:ネットギアmodel:rbs40scope: - version: -

Trust: 0.8

vendor:ネットギアmodel:rbr50scope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-017106 // NVD: CVE-2021-45593

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-45593
value: MEDIUM

Trust: 1.0

cve@mitre.org: CVE-2021-45593
value: HIGH

Trust: 1.0

NVD: CVE-2021-45593
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202112-2389
value: MEDIUM

Trust: 0.6

VULMON: CVE-2021-45593
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-45593
severity: MEDIUM
baseScore: 5.2
vectorString: AV:A/AC:L/AU:S/C:P/I:P/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 5.1
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

nvd@nist.gov: CVE-2021-45593
baseSeverity: MEDIUM
baseScore: 6.8
vectorString: CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.9
impactScore: 5.9
version: 3.1

Trust: 1.0

cve@mitre.org: CVE-2021-45593
baseSeverity: HIGH
baseScore: 8.4
vectorString: CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.7
impactScore: 6.0
version: 3.1

Trust: 1.0

NVD: CVE-2021-45593
baseSeverity: MEDIUM
baseScore: 6.8
vectorString: CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULMON: CVE-2021-45593 // JVNDB: JVNDB-2021-017106 // CNNVD: CNNVD-202112-2389 // NVD: CVE-2021-45593 // NVD: CVE-2021-45593

PROBLEMTYPE DATA

problemtype:CWE-77

Trust: 1.0

problemtype:Command injection (CWE-77) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2021-017106 // NVD: CVE-2021-45593

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202112-2389

TYPE

command injection

Trust: 0.6

sources: CNNVD: CNNVD-202112-2389

PATCH

title:Security Advisory for Post-Authentication Command Injection on Some WiFi Systems, PSV-2020-0175url:https://kb.netgear.com/000064474/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-WiFi-Systems-PSV-2020-0175

Trust: 0.8

title:Netgear NETGEAR Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=177107

Trust: 0.6

sources: JVNDB: JVNDB-2021-017106 // CNNVD: CNNVD-202112-2389

EXTERNAL IDS

db:NVDid:CVE-2021-45593

Trust: 3.3

db:JVNDBid:JVNDB-2021-017106

Trust: 0.8

db:CNNVDid:CNNVD-202112-2389

Trust: 0.6

db:VULMONid:CVE-2021-45593

Trust: 0.1

sources: VULMON: CVE-2021-45593 // JVNDB: JVNDB-2021-017106 // CNNVD: CNNVD-202112-2389 // NVD: CVE-2021-45593

REFERENCES

url:https://kb.netgear.com/000064474/security-advisory-for-post-authentication-command-injection-on-some-wifi-systems-psv-2020-0175

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2021-45593

Trust: 1.4

url:https://cwe.mitre.org/data/definitions/77.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULMON: CVE-2021-45593 // JVNDB: JVNDB-2021-017106 // CNNVD: CNNVD-202112-2389 // NVD: CVE-2021-45593

SOURCES

db:VULMONid:CVE-2021-45593
db:JVNDBid:JVNDB-2021-017106
db:CNNVDid:CNNVD-202112-2389
db:NVDid:CVE-2021-45593

LAST UPDATE DATE

2024-11-23T22:40:38.115000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2021-45593date:2022-01-05T00:00:00
db:JVNDBid:JVNDB-2021-017106date:2023-01-04T06:52:00
db:CNNVDid:CNNVD-202112-2389date:2022-01-06T00:00:00
db:NVDid:CVE-2021-45593date:2024-11-21T06:32:36.857

SOURCES RELEASE DATE

db:VULMONid:CVE-2021-45593date:2021-12-26T00:00:00
db:JVNDBid:JVNDB-2021-017106date:2023-01-04T00:00:00
db:CNNVDid:CNNVD-202112-2389date:2021-12-26T00:00:00
db:NVDid:CVE-2021-45593date:2021-12-26T01:15:17.397