Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-45538

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RAX75 before 1.0.3.106, RAX80 before 1.0.3.106, RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6.

Published

2021-12-26T01:15:14.793

Last Modified

2024-11-21T06:32:27.467

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 8.4 (HIGH)

CVSSv2 Vector

AV:A/AC:L/Au:S/C:P/I:P/A:P

  • Access Vector: ADJACENT_NETWORK
  • Access Complexity: LOW
  • Authentication: SINGLE
  • Confidentiality Impact: PARTIAL
  • Integrity Impact: PARTIAL
  • Availability Impact: PARTIAL
Exploitability Score

5.1

Impact Score

6.4

Weaknesses
  • Type: Primary
    CWE-77
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Operating System netgear rax75_firmware < 1.0.3.106 Yes
Hardware netgear rax75 - No
Operating System netgear rax80_firmware < 1.0.3.106 Yes
Hardware netgear rax80 - No
Operating System netgear rbk752_firmware < 3.2.16.6 Yes
Hardware netgear rbk752 - No
Operating System netgear rbr750_firmware < 3.2.16.6 Yes
Hardware netgear rbr750 - No
Operating System netgear rbs750_firmware < 3.2.16.6 Yes
Hardware netgear rbs750 - No
Operating System netgear rbk852_firmware < 3.2.16.6 Yes
Hardware netgear rbk852 - No
Operating System netgear rbr850_firmware < 3.2.16.6 Yes
Hardware netgear rbr850 - No
Operating System netgear rbs850_firmware < 3.2.16.6 Yes
Hardware netgear rbs850 - No
References