Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D7800 before 1.0.1.66, EX2700 before 1.0.1.68, WN3000RPv2 before 1.0.0.90, WN3000RPv3 before 1.0.2.100, LBR1020 before 2.6.5.20, LBR20 before 2.6.5.32, R6700AX before 1.0.10.110, R7800 before 1.0.2.86, R8900 before 1.0.5.38, R9000 before 1.0.5.38, RAX10 before 1.0.10.110, RAX120v1 before 1.2.3.28, RAX120v2 before 1.2.3.28, RAX70 before 1.0.10.110, RAX78 before 1.0.10.110, XR450 before 2.3.2.130, XR500 before 2.3.2.130, and XR700 before 1.0.1.46.
References
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
AND |
|
Configuration 8 (hide)
AND |
|
Configuration 9 (hide)
AND |
|
Configuration 10 (hide)
AND |
|
Configuration 11 (hide)
AND |
|
Configuration 12 (hide)
AND |
|
Configuration 13 (hide)
AND |
|
Configuration 14 (hide)
AND |
|
Configuration 15 (hide)
AND |
|
Configuration 16 (hide)
AND |
|
Configuration 17 (hide)
AND |
|
Configuration 18 (hide)
AND |
|
History
12 Jul 2022, 17:42
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-78 |
06 Jan 2022, 19:08
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-77 | |
CVSS |
v2 : v3 : |
v2 : 4.6
v3 : 7.8 |
First Time |
Netgear rax120v1 Firmware
Netgear rax70 Netgear r8900 Firmware Netgear Netgear lbr1020 Netgear rax120v2 Firmware Netgear lbr20 Netgear ex2700 Netgear xr450 Firmware Netgear rax78 Netgear rax120v2 Netgear r7800 Firmware Netgear r6700ax Netgear wn3000rpv3 Netgear wn3000rpv3 Firmware Netgear rax10 Firmware Netgear wn3000rpv2 Netgear lbr1020 Firmware Netgear rax78 Firmware Netgear rax10 Netgear xr700 Firmware Netgear rax70 Firmware Netgear r6700ax Firmware Netgear xr500 Netgear r7800 Netgear xr450 Netgear r9000 Netgear xr500 Firmware Netgear wn3000rpv2 Firmware Netgear lbr20 Firmware Netgear rax120v1 Netgear d7800 Netgear d7800 Firmware Netgear ex2700 Firmware Netgear xr700 Netgear r8900 Netgear r9000 Firmware |
|
CPE | cpe:2.3:h:netgear:d7800:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:wn3000rpv2:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:r6700ax_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:netgear:r7800:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:lbr20:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:r8900:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:r9000_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:netgear:lbr1020:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:wn3000rpv3_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:netgear:wn3000rpv2_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:netgear:rax78_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:netgear:r6700ax:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:ex2700_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:netgear:lbr1020_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:netgear:xr500_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:netgear:xr700:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:wn3000rpv3:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:xr450:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:rax10:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:rax120v2_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:netgear:xr700_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:netgear:r9000:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:ex2700:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:xr450_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:netgear:rax120v2:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:r8900_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:netgear:xr500:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:d7800_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:netgear:lbr20_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:netgear:rax120v1_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:netgear:rax120v1:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:rax10_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:netgear:rax70_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:netgear:r7800_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:netgear:rax78:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:rax70:-:*:*:*:*:*:*:* |
|
References | (MISC) https://immersivelabs.com/resources/blog/netgear-vulnerabilities-could-put-small-business-routers-at-risk/ - Third Party Advisory | |
References | (MISC) https://kb.netgear.com/000064407/Security-Advisory-for-Post-Authentication-Command-Injection-Sensitive-Information-Disclosure-on-Multiple-Products-PSV-2021-0169-PSV-2021-0171 - Patch, Vendor Advisory |
26 Dec 2021, 01:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-12-26 01:15
Updated : 2023-12-10 14:09
NVD link : CVE-2021-45602
Mitre link : CVE-2021-45602
CVE.ORG link : CVE-2021-45602
JSON object : View
Products Affected
netgear
- lbr20
- d7800_firmware
- wn3000rpv3_firmware
- r8900_firmware
- rax70
- rax120v1_firmware
- xr500
- r8900
- wn3000rpv2
- rax10_firmware
- rax78
- ex2700
- rax120v2_firmware
- wn3000rpv2_firmware
- lbr1020
- rax70_firmware
- xr500_firmware
- d7800
- ex2700_firmware
- r7800
- xr700_firmware
- r9000
- rax78_firmware
- xr450
- r6700ax_firmware
- lbr20_firmware
- lbr1020_firmware
- r6700ax
- xr700
- wn3000rpv3
- r9000_firmware
- rax10
- rax120v1
- xr450_firmware
- rax120v2
- r7800_firmware
CWE
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')