Details of VAR-202112-2386

ID

VAR-202112-2386

CVE

CVE-2021-45562

TITLE

plural NETGEAR Command injection vulnerability in device

Trust: 0.8

sources: JVNDB: JVNDB-2021-016905

DESCRIPTION

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6. plural NETGEAR A command injection vulnerability exists in the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Netgear NETGEAR is a router from Netgear. A hardware device that connects two or more networks and acts as a gateway between the networks. A security vulnerability exists in some NETGEAR devices. Attackers can exploit this vulnerability to perform command injection. This affects RBK752 prior to 3.2.16.6, RBR750 prior to 3.2.16.6, RBS750 prior to 3.2.16.6, RBK852 prior to 3.2.16.6, RBR850 prior to 3.2.16.6, and RBS850 prior to 3.2.16.6

Trust: 2.25

sources: NVD: CVE-2021-45562 // JVNDB: JVNDB-2021-016905 // CNVD: CNVD-2022-06686 // VULMON: CVE-2021-45562

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2022-06686

AFFECTED PRODUCTS

vendor:	netgear	model:	rbr850	scope:	lt	version:	3.2.16.6	Trust: 1.0
vendor:	netgear	model:	rbk752	scope:	lt	version:	3.2.16.6	Trust: 1.0
vendor:	netgear	model:	rbr750	scope:	lt	version:	3.2.16.6	Trust: 1.0
vendor:	netgear	model:	rbk852	scope:	lt	version:	3.2.16.6	Trust: 1.0
vendor:	netgear	model:	rbs850	scope:	lt	version:	3.2.16.6	Trust: 1.0
vendor:	netgear	model:	rbs750	scope:	lt	version:	3.2.16.6	Trust: 1.0
vendor:	ネットギア	model:	rbr750	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	rbk752	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	rbr850	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	rbs750	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	rbk852	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	rbs850	scope:	-	version:	-	Trust: 0.8
vendor:	netgear	model:	rbr750	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2022-06686 // JVNDB: JVNDB-2021-016905 // NVD: CVE-2021-45562

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-45562
value:	MEDIUM
Trust: 1.0
cve@mitre.org:	CVE-2021-45562
value:	HIGH
Trust: 1.0
NVD:	CVE-2021-45562
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2022-06686
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202112-2293
value:	MEDIUM
Trust: 0.6
VULMON:	CVE-2021-45562
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-45562
severity:	MEDIUM
baseScore:	5.2
vectorString:	AV:A/AC:L/AU:S/C:P/I:P/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	5.1
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2022-06686
severity:	MEDIUM
baseScore:	5.2
vectorString:	AV:A/AC:L/AU:S/C:P/I:P/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	5.1
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2021-45562
baseSeverity:	MEDIUM
baseScore:	6.8
vectorString:	CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	0.9
impactScore:	5.9
version:	3.1
Trust: 1.0
cve@mitre.org:	CVE-2021-45562
baseSeverity:	HIGH
baseScore:	8.4
vectorString:	CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.7
impactScore:	6.0
version:	3.1
Trust: 1.0
NVD:	CVE-2021-45562
baseSeverity:	MEDIUM
baseScore:	6.8
vectorString:	CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2022-06686 // VULMON: CVE-2021-45562 // JVNDB: JVNDB-2021-016905 // CNNVD: CNNVD-202112-2293 // NVD: CVE-2021-45562 // NVD: CVE-2021-45562

PROBLEMTYPE DATA

problemtype:	CWE-77	Trust: 1.0
problemtype:	Command injection (CWE-77) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-016905 // NVD: CVE-2021-45562

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202112-2293

TYPE

command injection

Trust: 0.6

sources: CNNVD: CNNVD-202112-2293

PATCH

title:	Security Advisory for Post-Authentication Command Injection on Some WiFi Systems, PSV-2020-0060	url:	https://kb.netgear.com/000064082/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-WiFi-Systems-PSV-2020-0060	Trust: 0.8
title:	Patch for NETGEAR RBR750 Command Injection Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/315986	Trust: 0.6
title:	Netgear NETGEAR Fixes for command injection vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=177055	Trust: 0.6

sources: CNVD: CNVD-2022-06686 // JVNDB: JVNDB-2021-016905 // CNNVD: CNNVD-202112-2293

EXTERNAL IDS

db:	NVD	id:	CVE-2021-45562	Trust: 3.9
db:	JVNDB	id:	JVNDB-2021-016905	Trust: 0.8
db:	CNVD	id:	CNVD-2022-06686	Trust: 0.6
db:	CNNVD	id:	CNNVD-202112-2293	Trust: 0.6
db:	VULMON	id:	CVE-2021-45562	Trust: 0.1

sources: CNVD: CNVD-2022-06686 // VULMON: CVE-2021-45562 // JVNDB: JVNDB-2021-016905 // CNNVD: CNNVD-202112-2293 // NVD: CVE-2021-45562

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2021-45562	Trust: 2.0
url:	https://kb.netgear.com/000064082/security-advisory-for-post-authentication-command-injection-on-some-wifi-systems-psv-2020-0060	Trust: 1.7
url:	https://cwe.mitre.org/data/definitions/77.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2022-06686 // VULMON: CVE-2021-45562 // JVNDB: JVNDB-2021-016905 // CNNVD: CNNVD-202112-2293 // NVD: CVE-2021-45562

SOURCES

db:	CNVD	id:	CNVD-2022-06686
db:	VULMON	id:	CVE-2021-45562
db:	JVNDB	id:	JVNDB-2021-016905
db:	CNNVD	id:	CNNVD-202112-2293
db:	NVD	id:	CVE-2021-45562

LAST UPDATE DATE

2024-11-23T23:03:57.868000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2022-06686	date:	2022-01-25T00:00:00
db:	VULMON	id:	CVE-2021-45562	date:	2022-01-04T00:00:00
db:	JVNDB	id:	JVNDB-2021-016905	date:	2022-12-26T08:53:00
db:	CNNVD	id:	CNNVD-202112-2293	date:	2022-01-05T00:00:00
db:	NVD	id:	CVE-2021-45562	date:	2024-11-21T06:32:31.677

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2022-06686	date:	2022-01-25T00:00:00
db:	VULMON	id:	CVE-2021-45562	date:	2021-12-26T00:00:00
db:	JVNDB	id:	JVNDB-2021-016905	date:	2022-12-26T00:00:00
db:	CNNVD	id:	CNNVD-202112-2293	date:	2021-12-25T00:00:00
db:	NVD	id:	CVE-2021-45562	date:	2021-12-26T01:15:15.940