Sign-up

ID

VAR-202112-2394


CVE

CVE-2021-45554


TITLE

plural  NETGEAR  Command injection vulnerability in device

Trust: 0.8

sources: JVNDB: JVNDB-2021-016916

DESCRIPTION

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects R6400 before 1.0.1.74, R6400v2 before 1.0.4.118, R6700v3 before 1.0.4.118, R7000 before 1.0.11.126, R6900P before 1.3.3.140, R7000P before 1.3.3.140, and R8000 before 1.0.4.74. plural NETGEAR A command injection vulnerability exists in the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This affects R6400 prior to 1.0.1.74, R6400v2 prior to 1.0.4.118, R6700v3 prior to 1.0.4.118, R7000 prior to 1.0.11.126, R6900P prior to 1.3.3.140, R7000P prior to 1.3.3.140, and R8000 prior to 1.0.4.74

Trust: 1.71

sources: NVD: CVE-2021-45554 // JVNDB: JVNDB-2021-016916 // VULMON: CVE-2021-45554

AFFECTED PRODUCTS

vendor:netgearmodel:r6400v2scope:ltversion:1.0.4.118

Trust: 1.0

vendor:netgearmodel:r6700v3scope:ltversion:1.0.4.118

Trust: 1.0

vendor:netgearmodel:r6900pscope:ltversion:1.3.3.140

Trust: 1.0

vendor:netgearmodel:r8000scope:ltversion:1.0.4.74

Trust: 1.0

vendor:netgearmodel:r6400scope:ltversion:1.0.1.74

Trust: 1.0

vendor:netgearmodel:r7000scope:ltversion:1.0.11.126

Trust: 1.0

vendor:netgearmodel:r7000pscope:ltversion:1.3.3.140

Trust: 1.0

vendor:ネットギアmodel:r6400scope: - version: -

Trust: 0.8

vendor:ネットギアmodel:r8000scope: - version: -

Trust: 0.8

vendor:ネットギアmodel:r6400v2scope: - version: -

Trust: 0.8

vendor:ネットギアmodel:r6700v3scope: - version: -

Trust: 0.8

vendor:ネットギアmodel:r6900pscope: - version: -

Trust: 0.8

vendor:ネットギアmodel:r7000pscope: - version: -

Trust: 0.8

vendor:ネットギアmodel:r7000scope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-016916 // NVD: CVE-2021-45554

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-45554
value: MEDIUM

Trust: 1.0

cve@mitre.org: CVE-2021-45554
value: HIGH

Trust: 1.0

NVD: CVE-2021-45554
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202112-2370
value: MEDIUM

Trust: 0.6

VULMON: CVE-2021-45554
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-45554
severity: MEDIUM
baseScore: 5.2
vectorString: AV:A/AC:L/AU:S/C:P/I:P/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 5.1
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

nvd@nist.gov: CVE-2021-45554
baseSeverity: MEDIUM
baseScore: 6.8
vectorString: CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.9
impactScore: 5.9
version: 3.1

Trust: 1.0

cve@mitre.org: CVE-2021-45554
baseSeverity: HIGH
baseScore: 8.4
vectorString: CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.7
impactScore: 6.0
version: 3.1

Trust: 1.0

NVD: CVE-2021-45554
baseSeverity: MEDIUM
baseScore: 6.8
vectorString: CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULMON: CVE-2021-45554 // JVNDB: JVNDB-2021-016916 // CNNVD: CNNVD-202112-2370 // NVD: CVE-2021-45554 // NVD: CVE-2021-45554

PROBLEMTYPE DATA

problemtype:CWE-77

Trust: 1.0

problemtype:Command injection (CWE-77) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2021-016916 // NVD: CVE-2021-45554

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202112-2370

TYPE

command injection

Trust: 0.6

sources: CNNVD: CNNVD-202112-2370

PATCH

title:Security Advisory for Post-Authentication Command Injection on Some Routers, PSV-2020-0187url:https://kb.netgear.com/000064119/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Routers-PSV-2020-0187

Trust: 0.8

title:Netgear NETGEAR Fixes for command injection vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=177078

Trust: 0.6

sources: JVNDB: JVNDB-2021-016916 // CNNVD: CNNVD-202112-2370

EXTERNAL IDS

db:NVDid:CVE-2021-45554

Trust: 3.3

db:JVNDBid:JVNDB-2021-016916

Trust: 0.8

db:CNNVDid:CNNVD-202112-2370

Trust: 0.6

db:VULMONid:CVE-2021-45554

Trust: 0.1

sources: VULMON: CVE-2021-45554 // JVNDB: JVNDB-2021-016916 // CNNVD: CNNVD-202112-2370 // NVD: CVE-2021-45554

REFERENCES

url:https://kb.netgear.com/000064119/security-advisory-for-post-authentication-command-injection-on-some-routers-psv-2020-0187

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2021-45554

Trust: 1.4

url:https://cwe.mitre.org/data/definitions/77.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULMON: CVE-2021-45554 // JVNDB: JVNDB-2021-016916 // CNNVD: CNNVD-202112-2370 // NVD: CVE-2021-45554

SOURCES

db:VULMONid:CVE-2021-45554
db:JVNDBid:JVNDB-2021-016916
db:CNNVDid:CNNVD-202112-2370
db:NVDid:CVE-2021-45554

LAST UPDATE DATE

2024-11-23T22:29:10.266000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2021-45554date:2022-01-04T00:00:00
db:JVNDBid:JVNDB-2021-016916date:2022-12-27T02:29:00
db:CNNVDid:CNNVD-202112-2370date:2022-01-05T00:00:00
db:NVDid:CVE-2021-45554date:2024-11-21T06:32:30.300

SOURCES RELEASE DATE

db:VULMONid:CVE-2021-45554date:2021-12-26T00:00:00
db:JVNDBid:JVNDB-2021-016916date:2022-12-27T00:00:00
db:CNNVDid:CNNVD-202112-2370date:2021-12-26T00:00:00
db:NVDid:CVE-2021-45554date:2021-12-26T01:15:15.563