Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-38527

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR40 before 2.5.0.14, EX6100v2 before 1.0.1.98, EX6150v2 before 1.0.1.98, EX6250 before 1.0.0.132, EX6400 before 1.0.2.158, EX6400v2 before 1.0.0.132, EX6410 before 1.0.0.132, EX6420 before 1.0.0.132, EX7300 before 1.0.2.158, EX7300v2 before 1.0.0.132, EX7320 before 1.0.0.132, EX7700 before 1.0.0.216, EX8000 before 1.0.1.232, R7800 before 1.0.2.78, RBK12 before 2.6.1.44, RBR10 before 2.6.1.44, RBS10 before 2.6.1.44, RBK20 before 2.6.1.38, RBR20 before 2.6.1.36, RBS20 before 2.6.1.38, RBK40 before 2.6.1.38, RBR40 before 2.6.1.36, RBS40 before 2.6.1.38, RBK50 before 2.6.1.40, RBR50 before 2.6.1.40, RBS50 before 2.6.1.40, RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, RBS850 before 3.2.16.6, RBS40V before 2.6.2.4, RBS50Y before 2.6.1.40, RBW30 before 2.6.2.2, and XR500 before 2.3.2.114.

Published

2021-08-11T00:16:18.947

Last Modified

2024-11-21T06:17:20.593

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 8.1 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

10.0

Impact Score

10.0

Weaknesses

Type: Primary
CWE-77

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	netgear	cbr40_firmware	< 2.5.0.14	Yes
Hardware	netgear	cbr40	-	No
Operating System	netgear	ex6100_firmware	< 1.0.1.98	Yes
Hardware	netgear	ex6100	v2	No
Operating System	netgear	ex6150_firmware	< 1.0.1.98	Yes
Hardware	netgear	ex6150	v2	No
Operating System	netgear	ex6250_firmware	< 1.0.0.132	Yes
Hardware	netgear	ex6250	-	No
Operating System	netgear	ex6400_firmware	< 1.0.2.158	Yes
Hardware	netgear	ex6400	-	No
Operating System	netgear	ex6400_firmware	< 1.0.0.132	Yes
Hardware	netgear	ex6400	v2	No
Operating System	netgear	ex6410_firmware	< 1.0.0.132	Yes
Hardware	netgear	ex6410	-	No
Operating System	netgear	ex6420_firmware	< 1.0.0.132	Yes
Hardware	netgear	ex6420	-	No
Operating System	netgear	ex7300_firmware	< 1.0.2.158	Yes
Hardware	netgear	ex7300	-	No
Operating System	netgear	ex7300_firmware	< 1.0.2.158	Yes
Hardware	netgear	ex7300	v2	No
Operating System	netgear	ex7320_firmware	< 1.0.0.132	Yes
Hardware	netgear	ex7320	-	No
Operating System	netgear	ex7700_firmware	< 1.0.0.216	Yes
Hardware	netgear	ex7700	-	No
Operating System	netgear	ex8000_firmware	< 1.0.1.232	Yes
Hardware	netgear	ex8000	-	No
Operating System	netgear	r7800_firmware	< 1.0.2.78	Yes
Hardware	netgear	r7800	-	No
Operating System	netgear	rbk12_firmware	< 2.6.1.44	Yes
Hardware	netgear	rbk12	-	No
Operating System	netgear	rbr10_firmware	< 2.6.1.44	Yes
Hardware	netgear	rbr10	-	No
Operating System	netgear	rbs10_firmware	< 2.6.1.44	Yes
Hardware	netgear	rbs10	-	No
Operating System	netgear	rbk20_firmware	< 2.6.1.38	Yes
Hardware	netgear	rbk20	-	No
Operating System	netgear	rbr20_firmware	< 2.6.1.36	Yes
Hardware	netgear	rbr20	-	No
Operating System	netgear	rbs20_firmware	< 2.6.1.38	Yes
Hardware	netgear	rbs20	-	No
Operating System	netgear	rbk40_firmware	< 2.6.1.38	Yes
Hardware	netgear	rbk40	-	No
Operating System	netgear	rbr40_firmware	< 2.6.1.36	Yes
Hardware	netgear	rbr40	-	No
Operating System	netgear	rbs40_firmware	< 2.6.1.38	Yes
Hardware	netgear	rbs40	-	No
Operating System	netgear	rbk50_firmware	< 2.6.1.40	Yes
Hardware	netgear	rbk50	-	No
Operating System	netgear	rbr50_firmware	< 2.6.1.40	Yes
Hardware	netgear	rbr50	-	No
Operating System	netgear	rbs50_firmware	< 2.6.1.40	Yes
Hardware	netgear	rbs50	-	No
Operating System	netgear	rbk752_firmware	< 3.2.16.6	Yes
Hardware	netgear	rbk752	-	No
Operating System	netgear	rbr750_firmware	< 3.2.16.6	Yes
Hardware	netgear	rbr750	-	No
Operating System	netgear	rbs750_firmware	< 3.2.16.6	Yes
Hardware	netgear	rbs750	-	No
Operating System	netgear	rbk852_firmware	< 3.2.16.6	Yes
Hardware	netgear	rbk852	-	No
Operating System	netgear	rbr850_firmware	< 3.2.16.6	Yes
Hardware	netgear	rbr850	-	No
Operating System	netgear	rbs850_firmware	< 3.2.16.6	Yes
Hardware	netgear	rbs850	-	No
Operating System	netgear	rbs40v_firmware	< 2.6.2.4	Yes
Hardware	netgear	rbs40v	-	No
Operating System	netgear	rbs50y_firmware	< 2.6.1.40	Yes
Hardware	netgear	rbs50y	-	No
Operating System	netgear	rbw30_firmware	< 2.6.2.2	Yes
Hardware	netgear	rbw30	-	No
Operating System	netgear	xr500_firmware	< 2.3.2.114	Yes
Hardware	netgear	xr500	-	No

References

https://kb.netgear.com/000063778/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-Extenders-Routers-and-WiFi-Systems-PSV-2020-0025 Vendor Advisory ([email protected])
https://kb.netgear.com/000063778/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-Extenders-Routers-and-WiFi-Systems-PSV-2020-0025 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)