Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-38530

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects RBK40 before 2.5.1.16, RBR40 before 2.5.1.16, RBS40 before 2.5.1.16, RBK20 before 2.5.1.16, RBR20 before 2.5.1.16, RBS20 before 2.5.1.16, RBK50 before 2.5.1.16, RBR50 before 2.5.1.16, RBS50 before 2.5.1.16, and RBS50Y before 2.6.1.40.

Published

2021-08-11T00:17:02.977

Last Modified

2024-11-21T06:17:21.200

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 9.6 (CRITICAL)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

  • Access Vector: NETWORK
  • Access Complexity: LOW
  • Authentication: NONE
  • Confidentiality Impact: COMPLETE
  • Integrity Impact: COMPLETE
  • Availability Impact: COMPLETE
Exploitability Score

10.0

Impact Score

10.0

Weaknesses
  • Type: Primary
    CWE-77
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Operating System netgear rbk40_firmware < 2.5.1.16 Yes
Hardware netgear rbk40 - No
Operating System netgear rbr40_firmware < 2.5.1.16 Yes
Hardware netgear rbr40 - No
Operating System netgear rbs40_firmware < 2.5.1.16 Yes
Hardware netgear rbs40 - No
Operating System netgear rbk20_firmware < 2.5.1.16 Yes
Hardware netgear rbk20 - No
Operating System netgear rbr20_firmware < 2.5.1.16 Yes
Hardware netgear rbr20 - No
Operating System netgear rbs20_firmware < 2.5.1.16 Yes
Hardware netgear rbs20 - No
Operating System netgear rbk50_firmware < 2.5.1.16 Yes
Hardware netgear rbk50 - No
Operating System netgear rbr50_firmware < 2.5.1.16 Yes
Hardware netgear rbr50 - No
Operating System netgear rbs50_firmware < 2.5.1.16 Yes
Hardware netgear rbs50 - No
Operating System netgear rbs50y_firmware < 2.6.1.40 Yes
Hardware netgear rbs50y - No
References