CVE-2021-45540

Name of the Vulnerable Software and Affected Versions NETGEAR R7000 versions prior to 1.0.11.126 NETGEAR R7900 versions prior to 1.0.4.46 NETGEAR R7900P versions prior to 1.4.2.84 NETGEAR R7960P versions prior to 1.4.2.84 NETGEAR R8000 versions prior to 1.0.4.74 NETGEAR R8000P versions prior to 1.4.2.84 NETGEAR RAX200 versions prior to 1.0.3.106 NETGEAR MR60 versions prior to 1.0.6.110 NETGEAR RAX45 versions prior to 1.0.2.66 NETGEAR RAX80 versions prior to 1.0.3.106 NETGEAR MS60 versions prior to 1.0.6.110 NETGEAR RAX50 versions prior to 1.0.2.66 NETGEAR RAX75 versions prior to 1.0.3.106

Description The issue is related to the lack of input data sanitization in the embedded software of certain NETGEAR devices, which can be exploited by an authenticated user to inject commands. This allows a remote attacker to execute arbitrary commands.

Recommendations For NETGEAR R7000 version prior to 1.0.11.126, update to version 1.0.11.126 or later. For NETGEAR R7900 version prior to 1.0.4.46, update to version 1.0.4.46 or later. For NETGEAR R7900P version prior to 1.4.2.84, update to version 1.4.2.84 or later. For NETGEAR R7960P version prior to 1.4.2.84, update to version 1.4.2.84 or later. For NETGEAR R8000 version prior to 1.0.4.74, update to version 1.0.4.74 or later. For NETGEAR R8000P version prior to 1.4.2.84, update to version 1.4.2.84 or later. For NETGEAR RAX200 version prior to 1.0.3.106, update to version 1.0.3.106 or later. For NETGEAR MR60 version prior to 1.0.6.110, update to version 1.0.6.110 or later. For NETGEAR RAX45 version prior to 1.0.2.66, update to version 1.0.2.66 or later. For NETGEAR RAX80 version prior to 1.0.3.106, update to version 1.0.3.106 or later. For NETGEAR MS60 version prior to 1.0.6.110, update to version 1.0.6.110 or later. For NETGEAR RAX50 version prior to 1.0.2.66, update to version 1.0.2.66 or later. For NETGEAR RAX75 version prior to 1.0.3.106, update to version 1.0.3.106 or later.