CVE-2021-45624

Name of the Vulnerable Software and Affected Versions NETGEAR D7000v2 versions prior to 1.0.0.66 NETGEAR D8500 versions prior to 1.0.3.58 NETGEAR R7000 versions prior to 1.0.11.110 NETGEAR R7100LG versions prior to 1.0.0.72 NETGEAR R7900 versions prior to 1.0.4.30 NETGEAR R8000 versions prior to 1.0.4.62 NETGEAR XR300 versions prior to 1.0.3.56 NETGEAR R7000P versions prior to 1.3.2.132 NETGEAR R8500 versions prior to 1.0.2.144 NETGEAR R6900P versions prior to 1.3.2.132 NETGEAR R8300 versions prior to 1.0.2.144

Description The issue is related to command injection by an unauthenticated attacker due to the lack of input data sanitization in the embedded software of NETGEAR Wi-Fi routers. This allows a remote attacker to execute arbitrary commands.

Recommendations For NETGEAR D7000v2 version prior to 1.0.0.66, update to version 1.0.0.66 or later. For NETGEAR D8500 version prior to 1.0.3.58, update to version 1.0.3.58 or later. For NETGEAR R7000 version prior to 1.0.11.110, update to version 1.0.11.110 or later. For NETGEAR R7100LG version prior to 1.0.0.72, update to version 1.0.0.72 or later. For NETGEAR R7900 version prior to 1.0.4.30, update to version 1.0.4.30 or later. For NETGEAR R8000 version prior to 1.0.4.62, update to version 1.0.4.62 or later. For NETGEAR XR300 version prior to 1.0.3.56, update to version 1.0.3.56 or later. For NETGEAR R7000P version prior to 1.3.2.132, update to version 1.3.2.132 or later. For NETGEAR R8500 version prior to 1.0.2.144, update to version 1.0.2.144 or later. For NETGEAR R6900P version prior to 1.3.2.132, update to version 1.3.2.132 or later. For NETGEAR R8300 version prior to 1.0.2.144, update to version 1.0.2.144 or later.