Sign-up

ID

VAR-202112-2406


CVE

CVE-2021-45542


TITLE

Netgear NETGEAR Command injection vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202112-2360

DESCRIPTION

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RAX200 before 1.0.4.120, RAX75 before 1.0.4.120, RAX80 before 1.0.4.120, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12. This affects RAX200 prior to 1.0.4.120, RAX75 prior to 1.0.4.120, RAX80 prior to 1.0.4.120, RBK852 prior to 3.2.17.12, RBR850 prior to 3.2.17.12, and RBS850 prior to 3.2.17.12

Trust: 0.99

sources: NVD: CVE-2021-45542 // VULMON: CVE-2021-45542

AFFECTED PRODUCTS

vendor:netgearmodel:rbk852scope:ltversion:3.2.17.12

Trust: 1.0

vendor:netgearmodel:rax75scope:ltversion:1.0.4.120

Trust: 1.0

vendor:netgearmodel:rbs850scope:ltversion:3.2.17.12

Trust: 1.0

vendor:netgearmodel:rax80scope:ltversion:1.0.4.120

Trust: 1.0

vendor:netgearmodel:rbr850scope:ltversion:3.2.17.12

Trust: 1.0

vendor:netgearmodel:rax200scope:ltversion:1.0.4.120

Trust: 1.0

sources: NVD: CVE-2021-45542

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2021-45542
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-202112-2360
value: MEDIUM

Trust: 0.6

VULMON: CVE-2021-45542
value: MEDIUM

Trust: 0.1

VULMON: CVE-2021-45542
severity: MEDIUM
baseScore: 5.2
vectorString: AV:A/AC:L/AU:S/C:P/I:P/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 5.1
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: CVE-2021-45542
baseSeverity: MEDIUM
baseScore: 6.8
vectorString: CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT_NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.9
impactScore: 5.9
version: 3.1

Trust: 1.0

sources: VULMON: CVE-2021-45542 // CNNVD: CNNVD-202112-2360 // NVD: CVE-2021-45542

PROBLEMTYPE DATA

problemtype:CWE-77

Trust: 1.0

sources: NVD: CVE-2021-45542

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202112-2360

TYPE

command injection

Trust: 0.6

sources: CNNVD: CNNVD-202112-2360

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2021-45542

PATCH
title:Netgear NETGEAR Fixes for command injection vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=177070
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-202112-2360

EXTERNAL IDS
db:NVDid:CVE-2021-45542
Trust: 1.7
db:CNNVDid:CNNVD-202112-2360
Trust: 0.6
db:VULMONid:CVE-2021-45542
Trust: 0.1
sources:
            
            
            VULMON: CVE-2021-45542 // 
            
            
            
            CNNVD: CNNVD-202112-2360 // 
            
            
            
            NVD: CVE-2021-45542

REFERENCES
url:https://kb.netgear.com/000064143/security-advisory-for-post-authentication-command-injection-on-some-routers-and-wifi-systems-psv-2020-0540
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2021-45542
Trust: 0.6
url:https://cwe.mitre.org/data/definitions/77.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULMON: CVE-2021-45542 // 
            
            
            
            CNNVD: CNNVD-202112-2360 // 
            
            
            
            NVD: CVE-2021-45542

SOURCES
db:VULMONid:CVE-2021-45542
db:CNNVDid:CNNVD-202112-2360
db:NVDid:CVE-2021-45542

LAST UPDATE DATE
2022-05-04T10:07:01.008000+00:00

SOURCES UPDATE DATE
db:VULMONid:CVE-2021-45542date:2022-01-04T00:00:00
db:CNNVDid:CNNVD-202112-2360date:2022-01-05T00:00:00
db:NVDid:CVE-2021-45542date:2022-01-04T22:09:00

SOURCES RELEASE DATE
db:VULMONid:CVE-2021-45542date:2021-12-26T00:00:00
db:CNNVDid:CNNVD-202112-2360date:2021-12-26T00:00:00
db:NVDid:CVE-2021-45542date:2021-12-26T01:15:00