PT-2021-6213 · NetGear · R6350+16

Kevin Breen

·

Published

2021-11-30

·

Updated

2022-01-07

·

CVE-2021-45534

CVSS v2.0

9.0

High

VectorAV:N/AC:L/Au:S/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions NETGEAR AC2100 versions prior to 1.2.0.88 NETGEAR AC2400 versions prior to 1.2.0.88 NETGEAR AC2600 versions prior to 1.2.0.88 NETGEAR D7000 versions prior to 1.0.1.82 NETGEAR R6220 versions prior to 1.1.0.110 NETGEAR R6230 versions prior to 1.1.0.110 NETGEAR R6260 versions prior to 1.1.0.84 NETGEAR R6330 versions prior to 1.1.0.84 NETGEAR R6350 versions prior to 1.1.0.84 NETGEAR R6700v2 versions prior to 1.2.0.88 NETGEAR R6800 versions prior to 1.2.0.88 NETGEAR R6850 versions prior to 1.1.0.84 NETGEAR R6900v2 versions prior to 1.2.0.88 NETGEAR R7200 versions prior to 1.2.0.88 NETGEAR R7350 versions prior to 1.2.0.88 NETGEAR R7400 versions prior to 1.2.0.88 NETGEAR R7450 versions prior to 1.2.0.88
Description The issue is related to command injection by an authenticated user due to the lack of input data sanitization. This allows a remote attacker to execute arbitrary commands.
Recommendations For NETGEAR AC2100 versions prior to 1.2.0.88, update to version 1.2.0.88 or later. For NETGEAR AC2400 versions prior to 1.2.0.88, update to version 1.2.0.88 or later. For NETGEAR AC2600 versions prior to 1.2.0.88, update to version 1.2.0.88 or later. For NETGEAR D7000 versions prior to 1.0.1.82, update to version 1.0.1.82 or later. For NETGEAR R6220 versions prior to 1.1.0.110, update to version 1.1.0.110 or later. For NETGEAR R6230 versions prior to 1.1.0.110, update to version 1.1.0.110 or later. For NETGEAR R6260 versions prior to 1.1.0.84, update to version 1.1.0.84 or later. For NETGEAR R6330 versions prior to 1.1.0.84, update to version 1.1.0.84 or later. For NETGEAR R6350 versions prior to 1.1.0.84, update to version 1.1.0.84 or later. For NETGEAR R6700v2 versions prior to 1.2.0.88, update to version 1.2.0.88 or later. For NETGEAR R6800 versions prior to 1.2.0.88, update to version 1.2.0.88 or later. For NETGEAR R6850 versions prior to 1.1.0.84, update to version 1.1.0.84 or later. For NETGEAR R6900v2 versions prior to 1.2.0.88, update to version 1.2.0.88 or later. For NETGEAR R7200 versions prior to 1.2.0.88, update to version 1.2.0.88 or later. For NETGEAR R7350 versions prior to 1.2.0.88, update to version 1.2.0.88 or later. For NETGEAR R7400 versions prior to 1.2.0.88, update to version 1.2.0.88 or later. For NETGEAR R7450 versions prior to 1.2.0.88, update to version 1.2.0.88 or later.

Fix

Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-77

Related Identifiers

BDU:2022-01129
CVE-2021-45534

Affected Products

Ac2100
Ac2400
Ac2600
D7000
R6220
R6230
R6260
R6330
R6350
R6700V2
R6800
R6850
R6900V2
R7200
R7350
R7400
R7450