Sign-up

ID

VAR-202112-2396


CVE

CVE-2021-45552


TITLE

plural  NETGEAR  Command injection vulnerability in device

Trust: 0.8

sources: JVNDB: JVNDB-2021-016928

DESCRIPTION

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D7800 before 1.0.1.58, R7500v2 before 1.0.3.48, R7800 before 1.0.2.68, R8900 before 1.0.5.2, R9000 before 1.0.5.2, RAX120 before 1.0.1.108, and XR700 before 1.0.1.20. plural NETGEAR A command injection vulnerability exists in the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This affects D7800 prior to 1.0.1.58, R7500v2 prior to 1.0.3.48, R7800 prior to 1.0.2.68, R8900 prior to 1.0.5.2, R9000 prior to 1.0.5.2, RAX120 prior to 1.0.1.108, and XR700 prior to 1.0.1.20

Trust: 1.71

sources: NVD: CVE-2021-45552 // JVNDB: JVNDB-2021-016928 // VULMON: CVE-2021-45552

AFFECTED PRODUCTS

vendor:netgearmodel:r7500v2scope:ltversion:1.0.3.48

Trust: 1.0

vendor:netgearmodel:r9000scope:ltversion:1.0.5.2

Trust: 1.0

vendor:netgearmodel:r8900scope:ltversion:1.0.5.2

Trust: 1.0

vendor:netgearmodel:rax120scope:lteversion:1.0.1.108

Trust: 1.0

vendor:netgearmodel:r7800scope:ltversion:1.0.2.68

Trust: 1.0

vendor:netgearmodel:d7800scope:ltversion:1.0.1.58

Trust: 1.0

vendor:netgearmodel:xr700scope:ltversion:1.0.1.20

Trust: 1.0

vendor:ネットギアmodel:r7800scope: - version: -

Trust: 0.8

vendor:ネットギアmodel:r8900scope: - version: -

Trust: 0.8

vendor:ネットギアmodel:r7500v2scope: - version: -

Trust: 0.8

vendor:ネットギアmodel:d7800scope: - version: -

Trust: 0.8

vendor:ネットギアmodel:rax120scope: - version: -

Trust: 0.8

vendor:ネットギアmodel:xr700scope: - version: -

Trust: 0.8

vendor:ネットギアmodel:r9000scope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-016928 // NVD: CVE-2021-45552

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-45552
value: HIGH

Trust: 1.0

cve@mitre.org: CVE-2021-45552
value: MEDIUM

Trust: 1.0

NVD: CVE-2021-45552
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202112-2366
value: HIGH

Trust: 0.6

VULMON: CVE-2021-45552
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-45552
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

nvd@nist.gov: CVE-2021-45552
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.2
impactScore: 5.9
version: 3.1

Trust: 1.0

cve@mitre.org: CVE-2021-45552
baseSeverity: MEDIUM
baseScore: 6.3
vectorString: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: LOW
exploitabilityScore: 0.8
impactScore: 5.5
version: 3.1

Trust: 1.0

NVD: CVE-2021-45552
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULMON: CVE-2021-45552 // JVNDB: JVNDB-2021-016928 // CNNVD: CNNVD-202112-2366 // NVD: CVE-2021-45552 // NVD: CVE-2021-45552

PROBLEMTYPE DATA

problemtype:CWE-77

Trust: 1.0

problemtype:Command injection (CWE-77) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2021-016928 // NVD: CVE-2021-45552

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202112-2366

TYPE

command injection

Trust: 0.6

sources: CNNVD: CNNVD-202112-2366

PATCH

title:Security Advisory for Post-Authentication Command Injection on Some Routers, PSV-2019-0199url:https://kb.netgear.com/000064071/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Routers-PSV-2019-0199

Trust: 0.8

title:Netgear NETGEAR Fixes for command injection vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=177073

Trust: 0.6

sources: JVNDB: JVNDB-2021-016928 // CNNVD: CNNVD-202112-2366

EXTERNAL IDS

db:NVDid:CVE-2021-45552

Trust: 3.3

db:JVNDBid:JVNDB-2021-016928

Trust: 0.8

db:CNNVDid:CNNVD-202112-2366

Trust: 0.6

db:VULMONid:CVE-2021-45552

Trust: 0.1

sources: VULMON: CVE-2021-45552 // JVNDB: JVNDB-2021-016928 // CNNVD: CNNVD-202112-2366 // NVD: CVE-2021-45552

REFERENCES

url:https://kb.netgear.com/000064071/security-advisory-for-post-authentication-command-injection-on-some-routers-psv-2019-0199

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2021-45552

Trust: 1.4

url:https://cwe.mitre.org/data/definitions/77.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULMON: CVE-2021-45552 // JVNDB: JVNDB-2021-016928 // CNNVD: CNNVD-202112-2366 // NVD: CVE-2021-45552

SOURCES

db:VULMONid:CVE-2021-45552
db:JVNDBid:JVNDB-2021-016928
db:CNNVDid:CNNVD-202112-2366
db:NVDid:CVE-2021-45552

LAST UPDATE DATE

2024-11-23T22:10:56.731000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2021-45552date:2022-01-04T00:00:00
db:JVNDBid:JVNDB-2021-016928date:2022-12-27T03:14:00
db:CNNVDid:CNNVD-202112-2366date:2022-01-05T00:00:00
db:NVDid:CVE-2021-45552date:2024-11-21T06:32:29.873

SOURCES RELEASE DATE

db:VULMONid:CVE-2021-45552date:2021-12-26T00:00:00
db:JVNDBid:JVNDB-2021-016928date:2022-12-27T00:00:00
db:CNNVDid:CNNVD-202112-2366date:2021-12-26T00:00:00
db:NVDid:CVE-2021-45552date:2021-12-26T01:15:15.460