Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D7800 before 1.0.1.58, R7500v2 before 1.0.3.48, R7800 before 1.0.2.68, R8900 before 1.0.5.2, R9000 before 1.0.5.2, RAX120 before 1.0.1.108, and XR700 before 1.0.1.20.
References
Link | Resource |
---|---|
https://kb.netgear.com/000064071/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Routers-PSV-2019-0199 | Patch Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
AND |
|
History
04 Jan 2022, 21:54
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 6.5
v3 : 7.2 |
References | (MISC) https://kb.netgear.com/000064071/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Routers-PSV-2019-0199 - Patch, Vendor Advisory | |
CPE | cpe:2.3:h:netgear:r9000:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:d7800:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:r8900_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:netgear:rax120:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:d7800_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:netgear:r7800:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:r7500v2:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:r8900:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:xr700:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:r7800_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:netgear:r9000_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:netgear:rax120_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:netgear:xr700_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:netgear:r7500v2_firmware:*:*:*:*:*:*:*:* |
|
CWE | CWE-77 | |
First Time |
Netgear xr700 Firmware
Netgear r7500v2 Firmware Netgear r7500v2 Netgear d7800 Netgear d7800 Firmware Netgear r7800 Firmware Netgear xr700 Netgear r8900 Firmware Netgear Netgear r8900 Netgear r9000 Firmware Netgear rax120 Firmware Netgear r7800 Netgear r9000 Netgear rax120 |
26 Dec 2021, 01:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-12-26 01:15
Updated : 2023-12-10 14:09
NVD link : CVE-2021-45552
Mitre link : CVE-2021-45552
CVE.ORG link : CVE-2021-45552
JSON object : View
Products Affected
netgear
- d7800_firmware
- r9000_firmware
- d7800
- xr700
- r8900
- xr700_firmware
- r7800
- r9000
- rax120_firmware
- r7800_firmware
- r8900_firmware
- r7500v2_firmware
- rax120
- r7500v2
CWE
CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')