CVE-2021-45630

Name of the Vulnerable Software and Affected Versions NETGEAR CBR40 versions prior to 2.5.0.24 NETGEAR CBR750 versions prior to 4.6.3.6 NETGEAR RBK752 versions prior to 3.2.17.12 NETGEAR RBR750 versions prior to 3.2.17.12 NETGEAR RBS750 versions prior to 3.2.17.12 NETGEAR RBK852 versions prior to 3.2.17.12 NETGEAR RBR850 versions prior to 3.2.17.12 NETGEAR RBS850 versions prior to 3.2.17.12

Description The issue is related to command injection by an unauthenticated attacker due to a lack of input data sanitization in the embedded software of certain NETGEAR Wi-Fi routers. This allows a remote attacker to execute arbitrary commands.

Recommendations For NETGEAR CBR40 versions prior to 2.5.0.24, update to version 2.5.0.24 or later. For NETGEAR CBR750 versions prior to 4.6.3.6, update to version 4.6.3.6 or later. For NETGEAR RBK752, RBR750, RBS750, RBK852, RBR850, and RBS850 versions prior to 3.2.17.12, update to version 3.2.17.12 or later. As a temporary workaround, consider restricting access to the affected devices until a patch is applied.