PT-2021-22185 · NetGear · R7000P+5
Published
2021-08-11
·
Updated
2021-08-18
·
CVE-2021-38528
CVSS v2.0
10
Critical
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
D8500 versions prior to 1.0.3.58
R6900P versions prior to 1.3.2.132
R7000P versions prior to 1.3.2.132
R7100LG versions prior to 1.0.0.64
WNDR3400v3 versions prior to 1.0.1.38
XR300 versions prior to 1.0.3.56
Description
The issue affects certain NETGEAR devices, allowing command injection by an unauthenticated attacker.
Recommendations
For D8500 version prior to 1.0.3.58, update to version 1.0.3.58 or later.
For R6900P version prior to 1.3.2.132, update to version 1.3.2.132 or later.
For R7000P version prior to 1.3.2.132, update to version 1.3.2.132 or later.
For R7100LG version prior to 1.0.0.64, update to version 1.0.0.64 or later.
For WNDR3400v3 version prior to 1.0.1.38, update to version 1.0.1.38 or later.
For XR300 version prior to 1.0.3.56, update to version 1.0.3.56 or later.
Fix
Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
D8500
R6900P
R7000P
R7100Lg
Wndr3400V3
Xr300