Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-45593

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBR20 before 2.7.3.22, RBR40 before 2.7.3.22, RBR50 before 2.7.2.102, RBS20 before 2.7.3.22, RBS40 before 2.7.3.22, RBR50 before 2.7.2.102, RBK20 before 2.7.3.22, RBK40 before 2.7.3.22, and RBK50 before 2.7.2.102.

Published

2021-12-26T01:15:17.397

Last Modified

2024-11-21T06:32:36.857

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 8.4 (HIGH)

CVSSv2 Vector

AV:A/AC:L/Au:S/C:P/I:P/A:P

  • Access Vector: ADJACENT_NETWORK
  • Access Complexity: LOW
  • Authentication: SINGLE
  • Confidentiality Impact: PARTIAL
  • Integrity Impact: PARTIAL
  • Availability Impact: PARTIAL
Exploitability Score

5.1

Impact Score

6.4

Weaknesses
  • Type: Primary
    CWE-77
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Operating System netgear rbr20_firmware < 2.7.3.22 Yes
Hardware netgear rbr20 - No
Operating System netgear rbr40_firmware < 2.7.3.22 Yes
Hardware netgear rbr40 - No
Operating System netgear rbr50_firmware < 2.7.2.102 Yes
Hardware netgear rbr50 - No
Operating System netgear rbs20_firmware < 2.7.3.22 Yes
Hardware netgear rbs20 - No
Operating System netgear rbs40_firmware < 2.7.3.22 Yes
Hardware netgear rbs40 - No
Operating System netgear rbr50_firmware < 2.7.2.102 Yes
Hardware netgear rbr50 - No
Operating System netgear rbk20_firmware < 2.7.3.22 Yes
Hardware netgear rbk20 - No
Operating System netgear rbk40_firmware < 2.7.3.22 Yes
Hardware netgear rbk40 - No
Operating System netgear rbk50_firmware < 2.7.2.102 Yes
Hardware netgear rbk50 - No
References