Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-38528

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects D8500 before 1.0.3.58, R6900P before 1.3.2.132, R7000P before 1.3.2.132, R7100LG before 1.0.0.64, WNDR3400v3 before 1.0.1.38, and XR300 before 1.0.3.56.

Published

2021-08-11T00:16:23.717

Last Modified

2024-11-21T06:17:20.823

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 9.6 (CRITICAL)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

10.0

Impact Score

10.0

Weaknesses

Type: Primary
CWE-77

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	netgear	d8500_firmware	< 1.0.3.58	Yes
Hardware	netgear	d8500	-	No
Operating System	netgear	r6900p_firmware	< 1.3.2.132	Yes
Hardware	netgear	r6900p	-	No
Operating System	netgear	r7000p_firmware	< 1.3.2.132	Yes
Hardware	netgear	r7000p	-	No
Operating System	netgear	r7100lg_firmware	< 1.0.0.64	Yes
Hardware	netgear	r7100lg	-	No
Operating System	netgear	wndr3400_firmware	< 1.0.1.38	Yes
Hardware	netgear	wndr3400	v3	No
Operating System	netgear	xr300_firmware	< 1.0.3.56	Yes
Hardware	netgear	xr300	-	No

References

https://kb.netgear.com/000063781/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-Gateways-and-Routers-PSV-2020-0297 Vendor Advisory ([email protected])
https://kb.netgear.com/000063781/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-Gateways-and-Routers-PSV-2020-0297 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)