Details of VAR-202112-2391

ID

VAR-202112-2391

CVE

CVE-2021-45557

TITLE

plural NETGEAR Command injection vulnerability in device

Trust: 0.8

sources: JVNDB: JVNDB-2021-017573

DESCRIPTION

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects GC108P before 1.0.8.2, GC108PP before 1.0.8.2, GS108Tv3 before 7.0.7.2, GS110TPv3 before 7.0.7.2, GS110TPP before 7.0.7.2, GS110TUP before 1.0.5.3, GS710TUP before 1.0.5.3, GS308T before 1.0.3.2, GS310TP before 1.0.3.2, GS710TUP before 1.0.5.3, GS716TP before 1.0.4.2, GS716TPP before 1.0.4.2, GS724TPP before 2.0.6.3, GS724TPv2 before 2.0.6.3, GS724TPP before 2.0.6.3, GS728TPPv2 before 6.0.8.2, GS728TPv2 before 6.0.8.2, GS752TPv2 before 6.0.8.2, GS752TPP before 6.0.8.2, GS750E before 1.0.1.10, MS510TXM before 1.0.4.2, and MS510TXUP before 1.0.4.2. plural NETGEAR A command injection vulnerability exists in the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This affects GC108P prior to 1.0.8.2, GC108PP prior to 1.0.8.2, GS108Tv3 prior to 7.0.7.2, GS110TPv3 prior to 7.0.7.2, GS110TPP prior to 7.0.7.2, GS110TUP prior to 1.0.5.3, GS710TUP prior to 1.0.5.3, GS308T prior to 1.0.3.2, GS310TP prior to 1.0.3.2, GS710TUP prior to 1.0.5.3, GS716TP prior to 1.0.4.2, GS716TPP prior to 1.0.4.2, GS724TPP prior to 2.0.6.3, GS724TPv2 prior to 2.0.6.3, GS724TPP prior to 2.0.6.3, GS728TPPv2 prior to 6.0.8.2, GS728TPv2 prior to 6.0.8.2, GS752TPv2 prior to 6.0.8.2, GS752TPP prior to 6.0.8.2, GS750E prior to 1.0.1.10, MS510TXM prior to 1.0.4.2, and MS510TXUP prior to 1.0.4.2

Trust: 1.71

sources: NVD: CVE-2021-45557 // JVNDB: JVNDB-2021-017573 // VULMON: CVE-2021-45557

AFFECTED PRODUCTS

vendor:	netgear	model:	gs110tup	scope:	lt	version:	1.0.5.3	Trust: 1.0
vendor:	netgear	model:	ms510txm	scope:	lt	version:	1.0.4.2	Trust: 1.0
vendor:	netgear	model:	gs724tpp	scope:	lt	version:	2.0.6.3	Trust: 1.0
vendor:	netgear	model:	gs108tv3	scope:	lt	version:	7.0.7.2	Trust: 1.0
vendor:	netgear	model:	gs110tpp	scope:	lt	version:	7.0.7.2	Trust: 1.0
vendor:	netgear	model:	gs728tppv2	scope:	lt	version:	6.0.8.2	Trust: 1.0
vendor:	netgear	model:	gc108pp	scope:	lt	version:	1.0.8.2	Trust: 1.0
vendor:	netgear	model:	gs716tp	scope:	lt	version:	1.0.4.2	Trust: 1.0
vendor:	netgear	model:	gs728tpv2	scope:	lt	version:	6.0.8.2	Trust: 1.0
vendor:	netgear	model:	gs724tpv2	scope:	lt	version:	2.0.6.3	Trust: 1.0
vendor:	netgear	model:	gc108p	scope:	lt	version:	1.0.8.2	Trust: 1.0
vendor:	netgear	model:	gs716tpp	scope:	lt	version:	1.0.4.2	Trust: 1.0
vendor:	netgear	model:	gs750e	scope:	lt	version:	1.0.1.10	Trust: 1.0
vendor:	netgear	model:	gs110tpv3	scope:	lt	version:	7.0.7.2	Trust: 1.0
vendor:	netgear	model:	gs752tpv2	scope:	lt	version:	6.0.8.2	Trust: 1.0
vendor:	netgear	model:	gs752tpp	scope:	lt	version:	6.0.8.2	Trust: 1.0
vendor:	netgear	model:	gs308t	scope:	lt	version:	1.0.3.2	Trust: 1.0
vendor:	netgear	model:	ms510txup	scope:	lt	version:	1.0.4.2	Trust: 1.0
vendor:	netgear	model:	gs710tup	scope:	lt	version:	1.0.5.3	Trust: 1.0
vendor:	netgear	model:	gs310tp	scope:	lt	version:	1.0.3.2	Trust: 1.0
vendor:	ネットギア	model:	gs310tp	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	gc108p	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	gs710tup	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	gs308t	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	gc108pp	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	gs110tpv3	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	gs110tup	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	gs110tpp	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	gs108tv3	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-017573 // NVD: CVE-2021-45557

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-45557
value:	HIGH
Trust: 1.0
cve@mitre.org:	CVE-2021-45557
value:	HIGH
Trust: 1.0
NVD:	CVE-2021-45557
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202112-2290
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2021-45557
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8

nvd@nist.gov:	CVE-2021-45557
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
cve@mitre.org:	CVE-2021-45557
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:L/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	HIGH
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.0
impactScore:	6.0
version:	3.1
Trust: 1.0
NVD:	CVE-2021-45557
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2021-017573 // CNNVD: CNNVD-202112-2290 // NVD: CVE-2021-45557 // NVD: CVE-2021-45557

PROBLEMTYPE DATA

problemtype:	CWE-77	Trust: 1.0
problemtype:	Command injection (CWE-77) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-017573 // NVD: CVE-2021-45557

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202112-2290

TYPE

command injection

Trust: 0.6

sources: CNNVD: CNNVD-202112-2290

PATCH

title:	Security Advisory for Post-Authentication Command Injection on Some Switches, PSV-2021-0167	url:	https://kb.netgear.com/000064164/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Switches-PSV-2021-0167	Trust: 0.8
title:	Netgear NETGEAR Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=175966	Trust: 0.6

sources: JVNDB: JVNDB-2021-017573 // CNNVD: CNNVD-202112-2290

EXTERNAL IDS

db:	NVD	id:	CVE-2021-45557	Trust: 3.3
db:	JVNDB	id:	JVNDB-2021-017573	Trust: 0.8
db:	CNNVD	id:	CNNVD-202112-2290	Trust: 0.6
db:	VULMON	id:	CVE-2021-45557	Trust: 0.1

sources: VULMON: CVE-2021-45557 // JVNDB: JVNDB-2021-017573 // CNNVD: CNNVD-202112-2290 // NVD: CVE-2021-45557

REFERENCES

url:	https://kb.netgear.com/000064164/security-advisory-for-post-authentication-command-injection-on-some-switches-psv-2021-0167	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2021-45557	Trust: 1.4
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULMON: CVE-2021-45557 // JVNDB: JVNDB-2021-017573 // CNNVD: CNNVD-202112-2290 // NVD: CVE-2021-45557

SOURCES

db:	VULMON	id:	CVE-2021-45557
db:	JVNDB	id:	JVNDB-2021-017573
db:	CNNVD	id:	CNNVD-202112-2290
db:	NVD	id:	CVE-2021-45557

LAST UPDATE DATE

2024-11-23T22:57:50.272000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2021-45557	date:	2021-12-27T00:00:00
db:	JVNDB	id:	JVNDB-2021-017573	date:	2023-01-27T01:39:00
db:	CNNVD	id:	CNNVD-202112-2290	date:	2022-01-11T00:00:00
db:	NVD	id:	CVE-2021-45557	date:	2024-11-21T06:32:30.807

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2021-45557	date:	2021-12-26T00:00:00
db:	JVNDB	id:	JVNDB-2021-017573	date:	2023-01-27T00:00:00
db:	CNNVD	id:	CNNVD-202112-2290	date:	2021-12-25T00:00:00
db:	NVD	id:	CVE-2021-45557	date:	2021-12-26T01:15:15.707