Published: 26/12/2021 Updated: 05/01/2022

CVSS v2 Base Score: 5.2 | Impact Score: 6.4 | Exploitability Score: 5.1

CVSS v3 Base Score: 6.8 | Impact Score: 5.9 | Exploitability Score: 0.9

VMScore: 463

Vector: AV:A/AC:L/Au:S/C:P/I:P/A:P

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects LAX20 prior to 1.1.6.28, MK62 prior to 1.1.6.122, MR60 prior to 1.1.6.122, MS60 prior to 1.1.6.122, R6400v2 prior to 1.0.4.118, R6700v3 prior to 1.0.4.118, R6900P prior to 1.3.3.140, R7000 prior to 1.0.11.116, R7000P prior to 1.3.3.140, R7850 prior to 1.0.5.68, R7900 prior to 1.0.4.38, R7900P prior to 1.4.2.84, R7960P prior to 1.4.2.84, R8000 prior to 1.0.4.68, R8000P prior to 1.4.2.84, RAX15 prior to 1.0.3.96, RAX20 prior to 1.0.3.96, RAX200 prior to 1.0.4.120, RAX35v2 prior to 1.0.3.96, RAX40v2 prior to 1.0.3.96, RAX43 prior to 1.0.3.96, RAX45 prior to 1.0.3.96, RAX50 prior to 1.0.3.96, RAX75 prior to 1.0.4.120, RAX80 prior to 1.0.4.120, RS400 prior to 1.5.1.80, and XR1000 prior to 1.0.0.58.

Vulnerable Product	Search on Vulmon	Subscribe to Product
netgear lax20_firmware
netgear mk62_firmware
netgear mr60_firmware
netgear ms60_firmware
netgear r6400_firmware
netgear r6700_firmware
netgear r6900p_firmware
netgear r7000_firmware
netgear r7000p_firmware
netgear r7850_firmware
netgear r7900_firmware
netgear r7900p_firmware
netgear r7960p_firmware
netgear r8000_firmware
netgear r8000p_firmware
netgear rax15_firmware
netgear rax20_firmware
netgear rax200_firmware
netgear rax35_firmware
netgear rax40_firmware
netgear rax43_firmware
netgear rax45_firmware
netgear rax50_firmware
netgear rax75_firmware
netgear rax80_firmware
netgear rs400_firmware
netgear xr1000_firmware

CWE-77 https://kb.netgear.com/000064513/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Routers-Extenders-and-WiFi-Systems-PSV-2020-0517 https://nvd.nist.gov

CVE-2021-45549

Vulnerability Summary

Vulnerability Trend

References

Vulmon Search

About

Products

Connect