Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-45624

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects D7000v2 before 1.0.0.66, D8500 before 1.0.3.58, R7000 before 1.0.11.110, R7100LG before 1.0.0.72, R7900 before 1.0.4.30, R8000 before 1.0.4.62, XR300 before 1.0.3.56, R7000P before 1.3.2.132, R8500 before 1.0.2.144, R6900P before 1.3.2.132, and R8300 before 1.0.2.144.

Published

2021-12-26T01:15:18.917

Last Modified

2024-11-21T06:32:42.523

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 9.6 (CRITICAL)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

  • Access Vector: NETWORK
  • Access Complexity: LOW
  • Authentication: NONE
  • Confidentiality Impact: PARTIAL
  • Integrity Impact: PARTIAL
  • Availability Impact: PARTIAL
Exploitability Score

10.0

Impact Score

6.4

Weaknesses
  • Type: Primary
    CWE-77
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Operating System netgear d7000v2_firmware < 1.0.0.66 Yes
Hardware netgear d7000v2 - No
Operating System netgear d8500_firmware < 1.0.3.58 Yes
Hardware netgear d8500 - No
Operating System netgear r7000_firmware < 1.0.11.110 Yes
Hardware netgear r7000 - No
Operating System netgear r7100lg_firmware < 1.0.0.72 Yes
Hardware netgear r7100lg - No
Operating System netgear r7900_firmware < 1.0.4.30 Yes
Hardware netgear r7900 - No
Operating System netgear r8000_firmware < 1.0.4.62 Yes
Hardware netgear r8000 - No
Operating System netgear xr300_firmware < 1.0.3.56 Yes
Hardware netgear xr300 - No
Operating System netgear r7000p_firmware < 1.3.2.132 Yes
Hardware netgear r7000p - No
Operating System netgear r8500_firmware < 1.0.2.144 Yes
Hardware netgear r8500 - No
Operating System netgear r6900p_firmware < 1.3.2.132 Yes
Hardware netgear r6900p - No
Operating System netgear r8300_firmware < 1.0.2.144 Yes
Hardware netgear r8300 - No
References