PT-2021-5905 · NetGear · Ex6420+31

Aircut

·

Published

2021-09-25

·

Updated

2022-01-10

·

CVE-2021-45658

CVSS v3.1

9.8

Critical

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions D7800 versions 1.0.1.58 and earlier DM200 versions 1.0.0.66 and earlier EX2700 versions 1.0.1.56 and earlier EX6150v2 versions 1.0.1.86 and earlier EX6100v2 versions 1.0.1.86 and earlier EX6200v2 versions 1.0.1.78 and earlier EX6250 versions 1.0.0.110 and earlier EX6410 versions 1.0.0.110 and earlier EX6420 versions 1.0.0.110 and earlier EX6400v2 versions 1.0.0.110 and earlier EX7300 versions 1.0.2.144 and earlier EX6400 versions 1.0.2.144 and earlier EX7320 versions 1.0.0.110 and earlier EX7300v2 versions 1.0.0.110 and earlier R7500v2 versions 1.0.3.48 and earlier R7800 versions 1.0.2.68 and earlier R8900 versions 1.0.5.2 and earlier R9000 versions 1.0.5.2 and earlier RAX120 versions 1.0.1.90 and earlier RBK40 versions 2.5.1.16 and earlier RBK20 versions 2.5.1.16 and earlier RBR20 versions 2.5.1.16 and earlier RBS20 versions 2.5.1.16 and earlier RBK50 versions 2.5.1.16 and earlier RBR50 versions 2.5.1.16 and earlier RBS50 versions 2.5.1.16 and earlier RBS50Y versions 2.6.1.40 and earlier WN3000RPv2 versions 1.0.0.78 and earlier WN3000RPv3 versions 1.0.2.80 and earlier WNR2000v5 versions 1.0.0.72 and earlier XR500 versions 2.3.2.56 and earlier XR700 versions 1.0.1.20 and earlier
Description The issue is related to server-side injection, which can be exploited due to insufficient cleaning of special elements in output used by an incoming component. This may allow an attacker to perform a server-side include injection attack.
Recommendations For D7800 version 1.0.1.58 and earlier, update to version 1.0.1.58 or later. For DM200 version 1.0.0.66 and earlier, update to version 1.0.0.66 or later. For EX2700 version 1.0.1.56 and earlier, update to version 1.0.1.56 or later. For EX6150v2 version 1.0.1.86 and earlier, update to version 1.0.1.86 or later. For EX6100v2 version 1.0.1.86 and earlier, update to version 1.0.1.86 or later. For EX6200v2 version 1.0.1.78 and earlier, update to version 1.0.1.78 or later. For EX6250 version 1.0.0.110 and earlier, update to version 1.0.0.110 or later. For EX6410 version 1.0.0.110 and earlier, update to version 1.0.0.110 or later. For EX6420 version 1.0.0.110 and earlier, update to version 1.0.0.110 or later. For EX6400v2 version 1.0.0.110 and earlier, update to version 1.0.0.110 or later. For EX7300 version 1.0.2.144 and earlier, update to version 1.0.2.144 or later. For EX6400 version 1.0.2.144 and earlier, update to version 1.0.2.144 or later. For EX7320 version 1.0.0.110 and earlier, update to version 1.0.0.110 or later. For EX7300v2 version 1.0.0.110 and earlier, update to version 1.0.0.110 or later. For R7500v2 version 1.0.3.48 and earlier, update to version 1.0.3.48 or later. For R7800 version 1.0.2.68 and earlier, update to version 1.0.2.68 or later. For R8900 version 1.0.5.2 and earlier, update to version 1.0.5.2 or later. For R9000 version 1.0.5.2 and earlier, update to version 1.0.5.2 or later. For RAX120 version 1.0.1.90 and earlier, update to version 1.0.1.90 or later. For RBK40 version 2.5.1.16 and earlier, update to version 2.5.1.16 or later. For RBK20 version 2.5.1.16 and earlier, update to version 2.5.1.16 or later. For RBR20 version 2.5.1.16 and earlier, update to version 2.5.1.16 or later. For RBS20 version 2.5.1.16 and earlier, update to version 2.5.1.16 or later. For RBK50 version 2.5.1.16 and earlier, update to version 2.5.1.16 or later. For RBR50 version 2.5.1.16 and earlier, update to version 2.5.1.16 or later. For RBS50 version 2.5.1.16 and earlier, update to version 2.5.1.16 or later. For RBS50Y version 2.6.1.40 and earlier, update to version 2.6.1.40 or later. For WN3000RPv2 version 1.0.0.78 and earlier, update to version 1.0.0.78 or later. For WN3000RPv3 version 1.0.2.80 and earlier, update to version 1.0.2.80 or later. For WNR2000v5 version 1.0.0.72 and earlier, update to version 1.0.0.72 or later. For XR500 version 2.3.2.56 and earlier, update to version 2.3.2.56 or later. For XR700 version 1.0.1.20 and earlier, update to version 1.0.1.20 or later.

Fix

Special Elements Injection

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-74

Related Identifiers

BDU:2022-00420
CVE-2021-45658

Affected Products

D7800
Dm200
Ex2700
Ex6100V2
Ex6150V2
Ex6200V2
Ex6250
Ex6400
Ex6400V2
Ex6410
Ex6420
Ex7300
Ex7300V2
Ex7320
R7500V2
R7800
R8900
R9000
Rax120
Rbk20
Rbk40
Rbk50
Rbr20
Rbr50
Rbs20
Rbs50
Rbs50Y
Wn3000Rpv2
Wn3000Rpv3
Wnr2000V5
Xr500
Xr700