CVE-2021-45657

Certain NETGEAR devices are affected by server-side injection. This affects D6200 before 1.1.00.38, D7000 before 1.0.1.78, R6020 before 1.0.0.48, R6080 before 1.0.0.48, R6050 before 1.0.1.26, JR6150 before 1.0.1.26, R6120 before 1.0.0.66, R6220 before 1.1.0.100, R6230 before 1.1.0.100, R6260 before 1.1.0.78, R6800 before 1.2.0.76, R6900v2 before 1.2.0.76, R6700v2 before 1.2.0.76, R7450 before 1.2.0.76, AC2100 before 1.2.0.76, AC2400 before 1.2.0.76, AC2600 before 1.2.0.76, RBK40 before 2.5.1.16, RBR40 before 2.5.1.16, RBS40 before 2.5.1.16, RBK20 before 2.5.1.16, RBR20 before 2.5.1.16, RBS20 before 2.5.1.16, RBK50 before 2.5.1.16, RBR50 before 2.5.1.16, RBS50 before 2.5.1.16, RBS50Y before 2.6.1.40, and WNR2020 before 1.1.0.62.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:netgear:d6200_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:d6200:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:netgear:d7000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:d7000:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:netgear:r6020_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:r6020:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:netgear:r6080_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:r6080:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:netgear:r6050_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:r6050:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:netgear:jr6150_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:jr6150:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:netgear:r6120_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:r6120:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:netgear:r6220_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:r6220:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:netgear:r6230_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:r6230:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:netgear:r6260_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:r6260:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
cpe:2.3:o:netgear:r6800_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:r6800:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND
cpe:2.3:o:netgear:r6900v2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:r6900v2:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND
cpe:2.3:o:netgear:r6700v2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:r6700v2:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND
cpe:2.3:o:netgear:r7450_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:r7450:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND
cpe:2.3:o:netgear:ac2100_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:ac2100:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND
cpe:2.3:o:netgear:ac2400_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:ac2400:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND
cpe:2.3:o:netgear:ac2600_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:ac2600:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND
cpe:2.3:o:netgear:rbk40_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:rbk40:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND
cpe:2.3:o:netgear:rbr40_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:rbr40:-:*:*:*:*:*:*:*

Configuration 20 (hide)

AND
cpe:2.3:o:netgear:rbs40_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:rbs40:-:*:*:*:*:*:*:*

Configuration 21 (hide)

AND
cpe:2.3:o:netgear:rbk20_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:rbk20:-:*:*:*:*:*:*:*

Configuration 22 (hide)

AND
cpe:2.3:o:netgear:rbr20_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:rbr20:-:*:*:*:*:*:*:*

Configuration 23 (hide)

AND
cpe:2.3:o:netgear:rbs20_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:rbs20:-:*:*:*:*:*:*:*

Configuration 24 (hide)

AND
cpe:2.3:o:netgear:rbk50_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:rbk50:-:*:*:*:*:*:*:*

Configuration 25 (hide)

AND
cpe:2.3:o:netgear:rbr50_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:rbr50:-:*:*:*:*:*:*:*

Configuration 26 (hide)

AND
cpe:2.3:o:netgear:rbs50_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:rbs50:-:*:*:*:*:*:*:*

Configuration 27 (hide)

AND
cpe:2.3:o:netgear:rbs50y_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:rbs50y:-:*:*:*:*:*:*:*

Configuration 28 (hide)

AND
cpe:2.3:o:netgear:wnr2020_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:wnr2020:-:*:*:*:*:*:*:*

History

12 Jul 2022, 17:42

Type Values Removed Values Added
CWE CWE-94 CWE-74

05 Jan 2022, 15:14

Type Values Removed Values Added
CWE CWE-94
CPE cpe:2.3:o:netgear:rbs40_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:netgear:ac2600_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:d6200:-:*:*:*:*:*:*:*
cpe:2.3:o:netgear:d7000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:r6700v2:-:*:*:*:*:*:*:*
cpe:2.3:h:netgear:rbr40:-:*:*:*:*:*:*:*
cpe:2.3:h:netgear:rbk20:-:*:*:*:*:*:*:*
cpe:2.3:h:netgear:rbs20:-:*:*:*:*:*:*:*
cpe:2.3:h:netgear:r6260:-:*:*:*:*:*:*:*
cpe:2.3:o:netgear:jr6150_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:netgear:ac2400_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:rbk40:-:*:*:*:*:*:*:*
cpe:2.3:h:netgear:ac2100:-:*:*:*:*:*:*:*
cpe:2.3:o:netgear:rbr20_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:netgear:r6700v2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:r6230:-:*:*:*:*:*:*:*
cpe:2.3:o:netgear:d6200_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:netgear:r6220_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:r6020:-:*:*:*:*:*:*:*
cpe:2.3:o:netgear:rbk20_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:netgear:rbs50_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:ac2400:-:*:*:*:*:*:*:*
cpe:2.3:o:netgear:r7450_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:r6900v2:-:*:*:*:*:*:*:*
cpe:2.3:o:netgear:rbs20_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:rbr50:-:*:*:*:*:*:*:*
cpe:2.3:h:netgear:r6800:-:*:*:*:*:*:*:*
cpe:2.3:o:netgear:r6050_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:rbs50y:-:*:*:*:*:*:*:*
cpe:2.3:o:netgear:r6230_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:netgear:r6120_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:d7000:-:*:*:*:*:*:*:*
cpe:2.3:h:netgear:r6080:-:*:*:*:*:*:*:*
cpe:2.3:h:netgear:r7450:-:*:*:*:*:*:*:*
cpe:2.3:h:netgear:jr6150:-:*:*:*:*:*:*:*
cpe:2.3:o:netgear:rbr40_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:netgear:r6900v2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:netgear:r6800_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:rbs50:-:*:*:*:*:*:*:*
cpe:2.3:o:netgear:rbk40_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:netgear:wnr2020_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:netgear:rbr50_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:netgear:rbs50y_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:netgear:rbk50_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:wnr2020:-:*:*:*:*:*:*:*
cpe:2.3:h:netgear:rbk50:-:*:*:*:*:*:*:*
cpe:2.3:h:netgear:r6120:-:*:*:*:*:*:*:*
cpe:2.3:h:netgear:rbr20:-:*:*:*:*:*:*:*
cpe:2.3:o:netgear:ac2100_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:rbs40:-:*:*:*:*:*:*:*
cpe:2.3:o:netgear:r6020_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:ac2600:-:*:*:*:*:*:*:*
cpe:2.3:o:netgear:r6080_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:netgear:r6260_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:r6220:-:*:*:*:*:*:*:*
cpe:2.3:h:netgear:r6050:-:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : 4.6
v3 : 7.8
First Time Netgear rbk50 Firmware
Netgear r6220 Firmware
Netgear rbs50 Firmware
Netgear r6230 Firmware
Netgear r7450
Netgear
Netgear r6080 Firmware
Netgear d7000 Firmware
Netgear rbk20 Firmware
Netgear rbk20
Netgear d6200 Firmware
Netgear r6020 Firmware
Netgear r6050
Netgear d7000
Netgear d6200
Netgear rbs20 Firmware
Netgear jr6150 Firmware
Netgear wnr2020
Netgear rbr40 Firmware
Netgear rbr20 Firmware
Netgear rbs50
Netgear rbs50y
Netgear r6800 Firmware
Netgear r6800
Netgear r6900v2
Netgear wnr2020 Firmware
Netgear ac2400
Netgear r6700v2 Firmware
Netgear r6260 Firmware
Netgear rbr40
Netgear r6050 Firmware
Netgear r6080
Netgear jr6150
Netgear ac2100 Firmware
Netgear rbk40
Netgear r6260
Netgear rbr20
Netgear r6020
Netgear rbs40 Firmware
Netgear r6120 Firmware
Netgear ac2100
Netgear r6230
Netgear ac2400 Firmware
Netgear ac2600 Firmware
Netgear r6220
Netgear rbs20
Netgear rbr50 Firmware
Netgear r6700v2
Netgear r6900v2 Firmware
Netgear rbr50
Netgear r7450 Firmware
Netgear rbk50
Netgear rbs50y Firmware
Netgear r6120
Netgear rbk40 Firmware
Netgear ac2600
Netgear rbs40
References (MISC) https://kb.netgear.com/000064067/Security-Advisory-for-Server-Side-Injection-on-Some-Routers-and-WiFi-Systems-PSV-2019-0141 - (MISC) https://kb.netgear.com/000064067/Security-Advisory-for-Server-Side-Injection-on-Some-Routers-and-WiFi-Systems-PSV-2019-0141 - Patch, Vendor Advisory

26 Dec 2021, 01:15

Type Values Removed Values Added
New CVE

Information

Published : 2021-12-26 01:15

Updated : 2023-12-10 14:09


NVD link : CVE-2021-45657

Mitre link : CVE-2021-45657

CVE.ORG link : CVE-2021-45657


JSON object : View

Products Affected

netgear

  • d6200
  • r6220_firmware
  • ac2400
  • wnr2020_firmware
  • r6050_firmware
  • r6020_firmware
  • r6900v2
  • ac2100
  • r6080_firmware
  • rbs20
  • rbs20_firmware
  • r7450_firmware
  • r7450
  • rbs50y
  • ac2600_firmware
  • r6700v2_firmware
  • r6900v2_firmware
  • rbs40
  • rbr50
  • d6200_firmware
  • rbk20_firmware
  • wnr2020
  • rbk40_firmware
  • rbk50
  • r6120
  • d7000
  • d7000_firmware
  • ac2400_firmware
  • rbk50_firmware
  • rbk40
  • r6230_firmware
  • r6230
  • r6120_firmware
  • r6020
  • rbs50y_firmware
  • rbr50_firmware
  • r6220
  • rbs40_firmware
  • r6700v2
  • rbs50_firmware
  • r6800
  • rbr40
  • ac2100_firmware
  • jr6150
  • r6050
  • r6080
  • jr6150_firmware
  • rbr20
  • rbr40_firmware
  • ac2600
  • rbr20_firmware
  • r6800_firmware
  • rbk20
  • r6260_firmware
  • rbs50
  • r6260
CWE
CWE-74

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')