Certain NETGEAR devices are affected by command injection by an authenticated user. This affects EX6120 before 1.0.0.66, EX6130 before 1.0.0.46, EX7000 before 1.0.1.106, EX7500 before 1.0.1.76, EX3700 before 1.0.0.94, EX3800 before 1.0.0.94, RBR850 before 4.6.3.9, RBS850 before 4.6.3.9, and RBK852 before 4.6.3.9.
References
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
AND |
|
Configuration 8 (hide)
AND |
|
Configuration 9 (hide)
AND |
|
History
05 Jan 2022, 15:41
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 5.2
v3 : 6.8 |
CWE | CWE-77 | |
First Time |
Netgear ex7500 Firmware
Netgear rbr850 Netgear rbr850 Firmware Netgear ex6130 Firmware Netgear ex3700 Netgear rbs850 Firmware Netgear rbs850 Netgear ex7500 Netgear Netgear ex3800 Netgear ex6120 Firmware Netgear ex3800 Firmware Netgear ex3700 Firmware Netgear ex6130 Netgear rbk852 Firmware Netgear ex7000 Netgear rbk852 Netgear ex6120 Netgear ex7000 Firmware |
|
References | (MISC) https://kb.netgear.com/000064458/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Extenders-and-WiFi-Systems-PSV-2020-0062 - Vendor Advisory | |
CPE | cpe:2.3:o:netgear:ex3700_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:netgear:ex3800_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:netgear:ex3800:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:rbr850:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:rbr850_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:netgear:ex6120_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:netgear:ex6130_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:netgear:rbk852:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:ex6120:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:rbs850:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:ex7000:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:ex6130:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:ex7000_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:netgear:ex7500_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:netgear:ex7500:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:ex3700:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:rbk852_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:netgear:rbs850_firmware:*:*:*:*:*:*:*:* |
26 Dec 2021, 01:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-12-26 01:15
Updated : 2023-12-10 14:09
NVD link : CVE-2021-45533
Mitre link : CVE-2021-45533
CVE.ORG link : CVE-2021-45533
JSON object : View
Products Affected
netgear
- ex3700_firmware
- rbr850
- ex7000
- ex6130_firmware
- rbk852
- ex6130
- ex6120_firmware
- rbr850_firmware
- ex3800
- rbk852_firmware
- rbs850
- rbs850_firmware
- ex7000_firmware
- ex7500
- ex3800_firmware
- ex3700
- ex7500_firmware
- ex6120
CWE
CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')