PT-2021-5882 · NetGear · Ex6420+35
Alxhh
·
Published
2021-12-21
·
Updated
2022-01-10
·
CVE-2021-45618
CVSS v2.0
10
Critical
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
D7800 versions 1.0.1.64 and earlier
EX6200v2 versions 1.0.1.86 and earlier
EX6250 versions 1.0.0.134 and earlier
EX7700 versions 1.0.0.216 and earlier
EX8000 versions 1.0.1.232 and earlier
LBR20 versions 2.6.3.50 and earlier
R7800 versions 1.0.2.80 and earlier
R8900 versions 1.0.5.26 and earlier
R9000 versions 1.0.5.26 and earlier
RAX120 versions 1.2.0.16 and earlier
RBS50Y versions 1.0.0.56 and earlier
WNR2000v5 versions 1.0.0.76 and earlier
XR450 versions 2.3.2.114 and earlier
XR500 versions 2.3.2.114 and earlier
XR700 versions 1.0.1.36 and earlier
EX6150v2 versions 1.0.1.98 and earlier
EX7300 versions 1.0.2.158 and earlier
EX7320 versions 1.0.0.134 and earlier
EX6100v2 versions 1.0.1.98 and earlier
EX6400 versions 1.0.2.158 and earlier
EX7300v2 versions 1.0.0.134 and earlier
EX6410 versions 1.0.0.134 and earlier
RBR10 versions 2.6.1.44 and earlier
RBR20 versions 2.6.2.104 and earlier
RBR40 versions 2.6.2.104 and earlier
RBR50 versions 2.7.2.102 and earlier
EX6420 versions 1.0.0.134 and earlier
RBS10 versions 2.6.1.44 and earlier
RBS20 versions 2.6.2.104 and earlier
RBS40 versions 2.6.2.104 and earlier
RBS50 versions 2.7.2.102 and earlier
EX6400v2 versions 1.0.0.134 and earlier
RBK12 versions 2.6.1.44 and earlier
RBK20 versions 2.6.2.104 and earlier
RBK40 versions 2.6.2.104 and earlier
RBK50 versions 2.7.2.102 and earlier
Description
The issue is related to command injection by an unauthenticated attacker due to insufficient input data cleaning. This allows a remote attacker to execute arbitrary commands.
Recommendations
Update D7800 to version 1.0.1.64 or later.
Update EX6200v2 to version 1.0.1.86 or later.
Update EX6250 to version 1.0.0.134 or later.
Update EX7700 to version 1.0.0.216 or later.
Update EX8000 to version 1.0.1.232 or later.
Update LBR20 to version 2.6.3.50 or later.
Update R7800 to version 1.0.2.80 or later.
Update R8900 to version 1.0.5.26 or later.
Update R9000 to version 1.0.5.26 or later.
Update RAX120 to version 1.2.0.16 or later.
Update RBS50Y to version 1.0.0.56 or later.
Update WNR2000v5 to version 1.0.0.76 or later.
Update XR450 to version 2.3.2.114 or later.
Update XR500 to version 2.3.2.114 or later.
Update XR700 to version 1.0.1.36 or later.
Update EX6150v2 to version 1.0.1.98 or later.
Update EX7300 to version 1.0.2.158 or later.
Update EX7320 to version 1.0.0.134 or later.
Update EX6100v2 to version 1.0.1.98 or later.
Update EX6400 to version 1.0.2.158 or later.
Update EX7300v2 to version 1.0.0.134 or later.
Update EX6410 to version 1.0.0.134 or later.
Update RBR10 to version 2.6.1.44 or later.
Update RBR20 to version 2.6.2.104 or later.
Update RBR40 to version 2.6.2.104 or later.
Update RBR50 to version 2.7.2.102 or later.
Update EX6420 to version 1.0.0.134 or later.
Update RBS10 to version 2.6.1.44 or later.
Update RBS20 to version 2.6.2.104 or later.
Update RBS40 to version 2.6.2.104 or later.
Update RBS50 to version 2.7.2.102 or later.
Update EX6400v2 to version 1.0.0.134 or later.
Update RBK12 to version 2.6.1.44 or later.
Update RBK20 to version 2.6.2.104 or later.
Update RBK40 to version 2.6.2.104 or later.
Update RBK50 to version 2.7.2.102 or later.
Fix
Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
D7800
Ex6100V2
Ex6150V2
Ex6200V2
Ex6250
Ex6400
Ex6400V2
Ex6410
Ex6420
Ex7300
Ex7300V2
Ex7320
Ex7700
Ex8000
Lbr20
R7800
R8900
R9000
Rax120
Rbk12
Rbk20
Rbk40
Rbk50
Rbr10
Rbr20
Rbr40
Rbr50
Rbs10
Rbs20
Rbs40
Rbs50
Rbs50Y
Wnr2000V5
Xr450
Xr500
Xr700