CVE-2021-45602

Name of the Vulnerable Software and Affected Versions NETGEAR D7800 versions 1.0.1.66 and earlier NETGEAR EX2700 versions 1.0.1.68 and earlier NETGEAR WN3000RPv2 versions 1.0.0.90 and earlier NETGEAR WN3000RPv3 versions 1.0.2.100 and earlier NETGEAR LBR1020 versions 2.6.5.20 and earlier NETGEAR LBR20 versions 2.6.5.32 and earlier NETGEAR R6700AX versions 1.0.10.110 and earlier NETGEAR R7800 versions 1.0.2.86 and earlier NETGEAR R8900 versions 1.0.5.38 and earlier NETGEAR R9000 versions 1.0.5.38 and earlier NETGEAR RAX10 versions 1.0.10.110 and earlier NETGEAR RAX120v1 versions 1.2.3.28 and earlier NETGEAR RAX120v2 versions 1.2.3.28 and earlier NETGEAR RAX70 versions 1.0.10.110 and earlier NETGEAR RAX78 versions 1.0.10.110 and earlier NETGEAR XR450 versions 2.3.2.130 and earlier NETGEAR XR500 versions 2.3.2.130 and earlier NETGEAR XR700 versions 1.0.1.46 and earlier

Description The issue is related to command injection by an authenticated user due to the lack of input data sanitization. This can allow an attacker to execute arbitrary commands or gain unauthorized access to protected information by sending a specially crafted request to the UPNP port.

Recommendations For NETGEAR D7800 versions 1.0.1.66 and earlier, update to version 1.0.1.66 or later. For NETGEAR EX2700 versions 1.0.1.68 and earlier, update to version 1.0.1.68 or later. For NETGEAR WN3000RPv2 versions 1.0.0.90 and earlier, update to version 1.0.0.90 or later. For NETGEAR WN3000RPv3 versions 1.0.2.100 and earlier, update to version 1.0.2.100 or later. For NETGEAR LBR1020 versions 2.6.5.20 and earlier, update to version 2.6.5.20 or later. For NETGEAR LBR20 versions 2.6.5.32 and earlier, update to version 2.6.5.32 or later. For NETGEAR R6700AX versions 1.0.10.110 and earlier, update to version 1.0.10.110 or later. For NETGEAR R7800 versions 1.0.2.86 and earlier, update to version 1.0.2.86 or later. For NETGEAR R8900 versions 1.0.5.38 and earlier, update to version 1.0.5.38 or later. For NETGEAR R9000 versions 1.0.5.38 and earlier, update to version 1.0.5.38 or later. For NETGEAR RAX10 versions 1.0.10.110 and earlier, update to version 1.0.10.110 or later. For NETGEAR RAX120v1 versions 1.2.3.28 and earlier, update to version 1.2.3.28 or later. For NETGEAR RAX120v2 versions 1.2.3.28 and earlier, update to version 1.2.3.28 or later. For NETGEAR RAX70 versions 1.0.10.110 and earlier, update to version 1.0.10.110 or later. For NETGEAR RAX78 versions 1.0.10.110 and earlier, update to version 1.0.10.110 or later. For NETGEAR XR450 versions 2.3.2.130 and earlier, update to version 2.3.2.130 or later. For NETGEAR XR500 versions 2.3.2.130 and earlier, update to version 2.3.2.130 or later. For NETGEAR XR700 versions 1.0.1.46 and earlier, update to version 1.0.1.46 or later.