Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-33514

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker via the vulnerable /sqfs/lib/libsal.so.0.0 library used by a CGI application, as demonstrated by setup.cgi?token=';$HTTP_USER_AGENT;' with an OS command in the User-Agent field. This affects GC108P before 1.0.7.3, GC108PP before 1.0.7.3, GS108Tv3 before 7.0.6.3, GS110TPPv1 before 7.0.6.3, GS110TPv3 before 7.0.6.3, GS110TUPv1 before 1.0.4.3, GS710TUPv1 before 1.0.4.3, GS716TP before 1.0.2.3, GS716TPP before 1.0.2.3, GS724TPPv1 before 2.0.4.3, GS724TPv2 before 2.0.4.3, GS728TPPv2 before 6.0.6.3, GS728TPv2 before 6.0.6.3, GS752TPPv1 before 6.0.6.3, GS752TPv2 before 6.0.6.3, MS510TXM before 1.0.2.3, and MS510TXUP before 1.0.2.3.

Published

2021-05-21T23:15:07.377

Last Modified

2024-11-21T06:08:59.750

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 8.8 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

  • Access Vector: NETWORK
  • Access Complexity: LOW
  • Authentication: NONE
  • Confidentiality Impact: COMPLETE
  • Integrity Impact: COMPLETE
  • Availability Impact: COMPLETE
Exploitability Score

10.0

Impact Score

10.0

Weaknesses
  • Type: Primary
    CWE-78
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Operating System netgear gc108p_firmware < 1.0.7.3 Yes
Hardware netgear gc108p - No
Operating System netgear gc108pp_firmware < 1.0.7.3 Yes
Hardware netgear gc108pp - No
Operating System netgear gs108t_firmware < 7.0.6.3 Yes
Hardware netgear gs108tv3 - No
Operating System netgear gs110tpp_firmware < 7.0.6.3 Yes
Hardware netgear gs110tpp v1 No
Operating System netgear gs110tp_firmware < 7.0.6.3 Yes
Hardware netgear gs110tp v3 No
Operating System netgear gs110tup_firmware < 1.0.4.3 Yes
Hardware netgear gs110tup v1 No
Operating System netgear gs710tup_firmware < 1.0.4.3 Yes
Hardware netgear gs710tup v1 No
Operating System netgear gs716tp_firmware < 1.0.2.3 Yes
Hardware netgear gs716tp - No
Operating System netgear gs716tpp_firmware < 1.0.2.3 Yes
Hardware netgear gs716tpp - No
Operating System netgear gs724tpp_firmware < 2.0.4.3 Yes
Hardware netgear gs724tpp v1 No
Operating System netgear gs724tp_firmware < 2.0.4.3 Yes
Hardware netgear gs724tp v2 No
Operating System netgear gs728tpp_firmware < 6.0.6.3 Yes
Hardware netgear gs728tpp v2 No
Operating System netgear gs728tp_firmware < 6.0.6.3 Yes
Hardware netgear gs728tp v2 No
Operating System netgear gs752tpp_firmware < 6.0.6.3 Yes
Hardware netgear gs752tpp v1 No
Operating System netgear gs752tp_firmware < 6.0.6.3 Yes
Hardware netgear gs752tp v2 No
Operating System netgear ms510txm_firmware < 1.0.2.3 Yes
Hardware netgear ms510txm - No
Operating System netgear ms510txup_firmware < 1.0.2.3 Yes
Hardware netgear ms510txup - No
References