Details of VAR-202112-2392

ID

VAR-202112-2392

CVE

CVE-2021-45556

TITLE

plural NETGEAR Command injection vulnerability in device

Trust: 0.8

sources: JVNDB: JVNDB-2021-017572

DESCRIPTION

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects GS108Tv2 before 5.4.2.36, GS110TPP before 7.0.7.2, GS110TPv2 before 5.4.2.36., GS110TPv3 before 7.0.7.2, GS308T before 1.0.3.2, GS310TP before 1.0.3.2, GS724TPP before 2.0.6.3, GS724TPv2 before 2.0.6.3, GS728TPPv2 before 6.0.8.2, GS728TPv2 before 6.0.8.2, GS752TPP before 6.0.8.2, GS752TPv2 before 6.0.8.2, MS510TXM before 1.0.4.2, and MS510TXUP before 1.0.4.2. plural NETGEAR A command injection vulnerability exists in the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This affects GS108Tv2 prior to 5.4.2.36, GS110TPP prior to 7.0.7.2, GS110TPv2 prior to 5.4.2.36., GS110TPv3 prior to 7.0.7.2, GS308T prior to 1.0.3.2, GS310TP prior to 1.0.3.2, GS724TPP prior to 2.0.6.3, GS724TPv2 prior to 2.0.6.3, GS728TPPv2 prior to 6.0.8.2, GS728TPv2 prior to 6.0.8.2, GS752TPP prior to 6.0.8.2, GS752TPv2 prior to 6.0.8.2, MS510TXM prior to 1.0.4.2, and MS510TXUP prior to 1.0.4.2

Trust: 1.71

sources: NVD: CVE-2021-45556 // JVNDB: JVNDB-2021-017572 // VULMON: CVE-2021-45556

AFFECTED PRODUCTS

vendor:	netgear	model:	ms510txm	scope:	lt	version:	1.0.4.2	Trust: 1.0
vendor:	netgear	model:	gs724tpp	scope:	lt	version:	2.0.6.3	Trust: 1.0
vendor:	netgear	model:	gs110tpp	scope:	lt	version:	7.0.7.2	Trust: 1.0
vendor:	netgear	model:	gs110tpv3	scope:	lt	version:	7.0.7.2	Trust: 1.0
vendor:	netgear	model:	gs752tpp	scope:	lt	version:	6.0.8.2	Trust: 1.0
vendor:	netgear	model:	gs728tppv2	scope:	lt	version:	6.0.8.2	Trust: 1.0
vendor:	netgear	model:	gs752tpv2	scope:	lt	version:	6.0.8.2	Trust: 1.0
vendor:	netgear	model:	gs728tpv2	scope:	lt	version:	6.0.8.2	Trust: 1.0
vendor:	netgear	model:	gs724tpv2	scope:	lt	version:	2.0.6.3	Trust: 1.0
vendor:	netgear	model:	gs308t	scope:	lt	version:	1.0.3.2	Trust: 1.0
vendor:	netgear	model:	ms510txup	scope:	lt	version:	1.0.4.2	Trust: 1.0
vendor:	netgear	model:	gs108tv2	scope:	lt	version:	5.4.2.36	Trust: 1.0
vendor:	netgear	model:	gs110tpv2	scope:	lt	version:	5.4.2.36	Trust: 1.0
vendor:	netgear	model:	gs310tp	scope:	lt	version:	1.0.3.2	Trust: 1.0
vendor:	ネットギア	model:	gs310tp	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	gs308t	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	gs728tppv2	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	gs110tpv2	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	gs110tpv3	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	gs724tpv2	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	gs110tpp	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	gs728tpv2	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	gs724tpp	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	gs108tv2	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-017572 // NVD: CVE-2021-45556

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-45556
value:	HIGH
Trust: 1.0
cve@mitre.org:	CVE-2021-45556
value:	HIGH
Trust: 1.0
NVD:	CVE-2021-45556
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202112-2372
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2021-45556
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8

nvd@nist.gov:	CVE-2021-45556
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
cve@mitre.org:	CVE-2021-45556
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:L/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	HIGH
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.0
impactScore:	6.0
version:	3.1
Trust: 1.0
NVD:	CVE-2021-45556
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2021-017572 // CNNVD: CNNVD-202112-2372 // NVD: CVE-2021-45556 // NVD: CVE-2021-45556

PROBLEMTYPE DATA

problemtype:	CWE-77	Trust: 1.0
problemtype:	Command injection (CWE-77) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-017572 // NVD: CVE-2021-45556

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202112-2372

TYPE

command injection

Trust: 0.6

sources: CNNVD: CNNVD-202112-2372

PATCH

title:	Security Advisory for Post-Authentication Command Injection on Some Smart Managed Pro Switches, PSV-2021-0175	url:	https://kb.netgear.com/000064534/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Smart-Managed-Pro-Switches-PSV-2021-0175	Trust: 0.8
title:	Netgear NETGEAR Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=176664	Trust: 0.6

sources: JVNDB: JVNDB-2021-017572 // CNNVD: CNNVD-202112-2372

EXTERNAL IDS

db:	NVD	id:	CVE-2021-45556	Trust: 3.3
db:	JVNDB	id:	JVNDB-2021-017572	Trust: 0.8
db:	CNNVD	id:	CNNVD-202112-2372	Trust: 0.6
db:	VULMON	id:	CVE-2021-45556	Trust: 0.1

sources: VULMON: CVE-2021-45556 // JVNDB: JVNDB-2021-017572 // CNNVD: CNNVD-202112-2372 // NVD: CVE-2021-45556

REFERENCES

url:	https://kb.netgear.com/000064534/security-advisory-for-post-authentication-command-injection-on-some-smart-managed-pro-switches-psv-2021-0175	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2021-45556	Trust: 1.4
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULMON: CVE-2021-45556 // JVNDB: JVNDB-2021-017572 // CNNVD: CNNVD-202112-2372 // NVD: CVE-2021-45556

SOURCES

db:	VULMON	id:	CVE-2021-45556
db:	JVNDB	id:	JVNDB-2021-017572
db:	CNNVD	id:	CNNVD-202112-2372
db:	NVD	id:	CVE-2021-45556

LAST UPDATE DATE

2024-11-23T22:44:06.919000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2021-45556	date:	2021-12-27T00:00:00
db:	JVNDB	id:	JVNDB-2021-017572	date:	2023-01-27T01:39:00
db:	CNNVD	id:	CNNVD-202112-2372	date:	2022-01-11T00:00:00
db:	NVD	id:	CVE-2021-45556	date:	2024-11-21T06:32:30.637

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2021-45556	date:	2021-12-26T00:00:00
db:	JVNDB	id:	JVNDB-2021-017572	date:	2023-01-27T00:00:00
db:	CNNVD	id:	CNNVD-202112-2372	date:	2021-12-26T00:00:00
db:	NVD	id:	CVE-2021-45556	date:	2021-12-26T01:15:15.660