Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-45619

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects EX6200v2 before 1.0.1.86, EX6250 before 1.0.0.134, EX7700 before 1.0.0.216, EX8000 before 1.0.1.232, LBR1020 before 2.6.3.58, LBR20 before 2.6.3.50, R7800 before 1.0.2.80, R8900 before 1.0.5.26, R9000 before 1.0.5.26, RBS50Y before 2.7.3.22, WNR2000v5 before 1.0.0.76, XR700 before 1.0.1.36, EX6150v2 before 1.0.1.98, EX7300 before 1.0.2.158, EX7320 before 1.0.0.134, RAX10 before 1.0.2.88, RAX120 before 1.2.0.16, RAX70 before 1.0.2.88, EX6100v2 before 1.0.1.98, EX6400 before 1.0.2.158, EX7300v2 before 1.0.0.134, R6700AX before 1.0.2.88, RAX120v2 before 1.2.0.16, RAX78 before 1.0.2.88, EX6410 before 1.0.0.134, RBR10 before 2.7.3.22, RBR20 before 2.7.3.22, RBR350 before 4.3.4.7, RBR40 before 2.7.3.22, RBR50 before 2.7.3.22, EX6420 before 1.0.0.134, RBS10 before 2.7.3.22, RBS20 before 2.7.3.22, RBS350 before 4.3.4.7, RBS40 before 2.7.3.22, RBS50 before 2.7.3.22, EX6400v2 before 1.0.0.134, RBK12 before 2.7.3.22, RBK20 before 2.7.3.22, RBK352 before 4.3.4.7, RBK40 before 2.7.3.22, and RBK50 before 2.7.3.22.

Published

2021-12-26T01:15:18.657

Last Modified

2024-11-21T06:32:41.523

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 9.6 (CRITICAL)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

10.0

Impact Score

10.0

Weaknesses

Type: Primary
CWE-77

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	netgear	ex6250_firmware	< 1.0.0.134	Yes
Hardware	netgear	ex6250	-	No
Operating System	netgear	ex7700_firmware	< 1.0.0.216	Yes
Hardware	netgear	ex7700	-	No
Operating System	netgear	ex8000_firmware	< 1.0.1.232	Yes
Hardware	netgear	ex8000	-	No
Operating System	netgear	lbr1020_firmware	< 2.6.3.58	Yes
Hardware	netgear	lbr1020	-	No
Operating System	netgear	lbr20_firmware	< 2.6.3.50	Yes
Hardware	netgear	lbr20	-	No
Operating System	netgear	r7800_firmware	< 1.0.2.80	Yes
Hardware	netgear	r7800	-	No
Operating System	netgear	r8900_firmware	< 1.0.5.26	Yes
Hardware	netgear	r8900	-	No
Operating System	netgear	rbs50y_firmware	< 2.7.3.22	Yes
Hardware	netgear	rbs50y	-	No
Operating System	netgear	wnr2000v5_firmware	< 1.0.0.76	Yes
Hardware	netgear	wnr2000v5	-	No
Operating System	netgear	xr700_firmware	< 1.0.1.36	Yes
Hardware	netgear	xr700	-	No
Operating System	netgear	ex6150v2_firmware	< 1.0.1.98	Yes
Hardware	netgear	ex6150v2	-	No
Operating System	netgear	ex7300_firmware	< 1.0.2.158	Yes
Hardware	netgear	ex7300	-	No
Operating System	netgear	ex7320_firmware	< 1.0.0.134	Yes
Hardware	netgear	ex7320	-	No
Operating System	netgear	rax10_firmware	< 1.0.2.88	Yes
Hardware	netgear	rax10	-	No
Operating System	netgear	rax120_firmware	< 1.2.0.16	Yes
Hardware	netgear	rax120	-	No
Operating System	netgear	rax70_firmware	< 1.0.2.88	Yes
Hardware	netgear	rax70	-	No
Operating System	netgear	ex6100v2_firmware	< 1.0.1.98	Yes
Hardware	netgear	ex6100v2	-	No
Operating System	netgear	ex6400_firmware	< 1.0.2.158	Yes
Hardware	netgear	ex6400	-	No
Operating System	netgear	ex7300v2_firmware	< 1.0.0.134	Yes
Hardware	netgear	ex7300v2	-	No
Operating System	netgear	r6700ax_firmware	< 1.0.2.88	Yes
Hardware	netgear	r6700ax	-	No
Operating System	netgear	rax120v2_firmware	< 1.2.0.16	Yes
Hardware	netgear	rax120v2	-	No
Operating System	netgear	rax78_firmware	< 1.0.2.88	Yes
Hardware	netgear	rax78	-	No
Operating System	netgear	ex6410_firmware	< 1.0.0.134	Yes
Hardware	netgear	ex6410	-	No
Operating System	netgear	rbr10_firmware	< 2.7.3.22	Yes
Hardware	netgear	rbr10	-	No
Operating System	netgear	rbr20_firmware	< 2.7.3.22	Yes
Hardware	netgear	rbr20	-	No
Operating System	netgear	rbr350_firmware	< 4.3.4.7	Yes
Hardware	netgear	rbr350	-	No
Operating System	netgear	rbr40_firmware	< 2.7.3.22	Yes
Hardware	netgear	rbr40	-	No
Operating System	netgear	rbr50_firmware	< 2.7.3.22	Yes
Hardware	netgear	rbr50	-	No
Operating System	netgear	ex6420_firmware	< 1.0.0.134	Yes
Hardware	netgear	ex6420	-	No
Operating System	netgear	rbs10_firmware	< 2.7.3.22	Yes
Hardware	netgear	rbs10	-	No
Operating System	netgear	rbs20_firmware	< 2.7.3.22	Yes
Hardware	netgear	rbs20	-	No
Operating System	netgear	rbs350_firmware	< 4.3.4.7	Yes
Hardware	netgear	rbs350	-	No
Operating System	netgear	rbs40_firmware	< 2.7.3.22	Yes
Hardware	netgear	rbs40	-	No
Operating System	netgear	rbs50_firmware	< 2.7.3.22	Yes
Hardware	netgear	rbs50	-	No
Operating System	netgear	ex6400v2_firmware	< 1.0.0.134	Yes
Hardware	netgear	ex6400v2	-	No
Operating System	netgear	rbk12_firmware	< 2.7.3.22	Yes
Hardware	netgear	rbk12	-	No
Operating System	netgear	rbk20_firmware	< 2.7.3.22	Yes
Hardware	netgear	rbk20	-	No
Operating System	netgear	rbk352_firmware	< 4.3.4.7	Yes
Hardware	netgear	rbk352	-	No
Operating System	netgear	rbk40_firmware	< 2.7.3.22	Yes
Hardware	netgear	rbk40	-	No
Operating System	netgear	rbk50_firmware	< 2.7.3.22	Yes
Hardware	netgear	rbk50	-	No
Operating System	netgear	ex6200v2_firmware	< 1.0.1.86	Yes
Hardware	netgear	ex6200v2	-	No
Operating System	netgear	r9000_firmware	< 1.0.5.26	Yes
Hardware	netgear	r9000	-	No

References

https://kb.netgear.com/000064492/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-Routers-Extenders-and-WiFi-Systems-PSV-2020-0435 Vendor Advisory ([email protected])
https://kb.netgear.com/000064492/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-Routers-Extenders-and-WiFi-Systems-PSV-2020-0435 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)