PT-2021-5863 · NetGear · Netgear Xr1000

Published

2021-09-26

·

Updated

2022-01-05

·

CVE-2021-45514

CVSS v3.1

9.6

Critical

VectorAC:L/AV:A/A:H/C:H/I:H/PR:N/S:C/UI:N
Name of the Vulnerable Software and Affected Versions NETGEAR XR1000 versions prior to 1.0.0.58
Description The issue is related to insufficient argument validation in a command, allowing for command injection. This can be exploited by a remote attacker to execute arbitrary commands.
Recommendations For versions prior to 1.0.0.58, update to version 1.0.0.58 or later to resolve the issue. As a temporary workaround, consider restricting access to the device to minimize the risk of exploitation.

Fix

Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-77

Related Identifiers

BDU:2022-00378
CVE-2021-45514

Affected Products

Netgear Xr1000