Published: 26/12/2021 Updated: 07/01/2022

CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 890

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR40 prior to 2.5.0.24, CBR750 prior to 4.6.3.6, D7000v2 prior to 1.0.0.74, LAX20 prior to 1.1.6.28, MK62 prior to 1.0.6.116, MR60 prior to 1.0.6.116, MS60 prior to 1.0.6.116, MR80 prior to 1.1.2.20, MS80 prior to 1.1.2.20, RAX15 prior to 1.0.3.96, RAX20 prior to 1.0.3.96, RAX200 prior to 1.0.4.120, RAX45 prior to 1.0.3.96, RAX50 prior to 1.0.3.96, RAX43 prior to 1.0.3.96, RAX40v2 prior to 1.0.3.96, RAX35v2 prior to 1.0.3.96, RAX75 prior to 1.0.4.120, RAX80 prior to 1.0.4.120, RBK752 prior to 3.2.17.12, RBR750 prior to 3.2.17.12, RBS750 prior to 3.2.17.12, RBK852 prior to 3.2.17.12, RBR850 prior to 3.2.17.12, RBS850 prior to 3.2.17.12, and XR1000 prior to 1.0.0.58.

Vulnerable Product	Search on Vulmon	Subscribe to Product
netgear cbr40_firmware
netgear cbr750_firmware
netgear d7000v2_firmware
netgear lax20_firmware
netgear mk62_firmware
netgear mr60_firmware
netgear ms60_firmware
netgear rax15_firmware
netgear rax20_firmware
netgear rax200_firmware
netgear rax35v2_firmware
netgear rax40v2_firmware
netgear rax43_firmware
netgear rax45_firmware
netgear rax50_firmware
netgear rax75_firmware
netgear rax80_firmware
netgear rbk752_firmware
netgear rbk852_firmware
netgear rbr750_firmware
netgear rbr850_firmware
netgear rbs750_firmware
netgear rbs850_firmware
netgear xr1000_firmware
netgear mr80_firmware
netgear ms80_firmware

CWE-77 https://kb.netgear.com/000064138/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-Routers-and-WiFi-Systems-PSV-2020-0508 https://nvd.nist.gov

CVE-2021-45613

Vulnerability Summary

Vulnerability Trend

References

Vulmon Search

About

Products

Connect