Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-45554

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects R6400 before 1.0.1.74, R6400v2 before 1.0.4.118, R6700v3 before 1.0.4.118, R7000 before 1.0.11.126, R6900P before 1.3.3.140, R7000P before 1.3.3.140, and R8000 before 1.0.4.74.

Published

2021-12-26T01:15:15.563

Last Modified

2024-11-21T06:32:30.300

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 8.4 (HIGH)

CVSSv2 Vector

AV:A/AC:L/Au:S/C:P/I:P/A:P

  • Access Vector: ADJACENT_NETWORK
  • Access Complexity: LOW
  • Authentication: SINGLE
  • Confidentiality Impact: PARTIAL
  • Integrity Impact: PARTIAL
  • Availability Impact: PARTIAL
Exploitability Score

5.1

Impact Score

6.4

Weaknesses
  • Type: Primary
    CWE-77
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Operating System netgear r6400_firmware < 1.0.1.74 Yes
Hardware netgear r6400 - No
Operating System netgear r6400v2_firmware < 1.0.4.118 Yes
Hardware netgear r6400v2 - No
Operating System netgear r6700v3_firmware < 1.0.4.118 Yes
Hardware netgear r6700v3 - No
Operating System netgear r7000_firmware < 1.0.11.126 Yes
Hardware netgear r7000 - No
Operating System netgear r6900p_firmware < 1.3.3.140 Yes
Hardware netgear r6900p - No
Operating System netgear r7000p_firmware < 1.3.3.140 Yes
Hardware netgear r7000p - No
Operating System netgear r8000_firmware < 1.0.4.74 Yes
Hardware netgear r8000 - No
References