CVE-2021-45544

Name of the Vulnerable Software and Affected Versions NETGEAR R7850 versions prior to 1.0.5.74 NETGEAR R7900P versions prior to 1.4.2.84 NETGEAR R7960P versions prior to 1.4.2.84 NETGEAR R8000 versions prior to 1.0.4.74 NETGEAR R8000P versions prior to 1.4.2.84 NETGEAR RAX200 versions prior to 1.0.4.120 NETGEAR RAX75 versions prior to 1.0.4.120 NETGEAR RAX80 versions prior to 1.0.4.120 NETGEAR RBK852 versions prior to 3.2.17.12 NETGEAR RBR850 versions prior to 3.2.17.12 NETGEAR RBS850 versions prior to 3.2.17.12

Description The issue is related to the lack of input data sanitization in the embedded software of certain NETGEAR devices, which can allow a remote attacker to execute arbitrary commands. This can be exploited by an authenticated user through command injection.

Recommendations For NETGEAR R7850 version prior to 1.0.5.74, update to version 1.0.5.74 or later. For NETGEAR R7900P version prior to 1.4.2.84, update to version 1.4.2.84 or later. For NETGEAR R7960P version prior to 1.4.2.84, update to version 1.4.2.84 or later. For NETGEAR R8000 version prior to 1.0.4.74, update to version 1.0.4.74 or later. For NETGEAR R8000P version prior to 1.4.2.84, update to version 1.4.2.84 or later. For NETGEAR RAX200 version prior to 1.0.4.120, update to version 1.0.4.120 or later. For NETGEAR RAX75 version prior to 1.0.4.120, update to version 1.0.4.120 or later. For NETGEAR RAX80 version prior to 1.0.4.120, update to version 1.0.4.120 or later. For NETGEAR RBK852 version prior to 3.2.17.12, update to version 3.2.17.12 or later. For NETGEAR RBR850 version prior to 3.2.17.12, update to version 3.2.17.12 or later. For NETGEAR RBS850 version prior to 3.2.17.12, update to version 3.2.17.12 or later.