PT-2021-6232 · NetGear · Netgear Gs728Tpv2+15

Published

2021-09-28

·

Updated

2022-01-10

·

CVE-2021-45557

CVSS v2.0

9.0

High

VectorAV:N/AC:L/Au:S/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions NETGEAR GC108P versions prior to 1.0.8.2 NETGEAR GC108PP versions prior to 1.0.8.2 NETGEAR GS108Tv3 versions prior to 7.0.7.2 NETGEAR GS110TPv3 versions prior to 7.0.7.2 NETGEAR GS110TPP versions prior to 7.0.7.2 NETGEAR GS110TUP versions prior to 1.0.5.3 NETGEAR GS308T versions prior to 1.0.3.2 NETGEAR GS310TP versions prior to 1.0.3.2 NETGEAR GS710TUP versions prior to 1.0.5.3 NETGEAR GS716TP versions prior to 1.0.4.2 NETGEAR GS716TPP versions prior to 1.0.4.2 NETGEAR GS724TPP versions prior to 2.0.6.3 NETGEAR GS724TPv2 versions prior to 2.0.6.3 NETGEAR GS728TPPv2 versions prior to 6.0.8.2 NETGEAR GS728TPv2 versions prior to 6.0.8.2 NETGEAR GS752TPv2 versions prior to 6.0.8.2 NETGEAR GS752TPP versions prior to 6.0.8.2 NETGEAR GS750E versions prior to 1.0.1.10 NETGEAR MS510TXM versions prior to 1.0.4.2 NETGEAR MS510TXUP versions prior to 1.0.4.2
Description The issue is related to command injection by an authenticated user due to the lack of input data sanitization. This allows a remote attacker to execute arbitrary commands.
Recommendations For NETGEAR GC108P versions prior to 1.0.8.2, update to version 1.0.8.2 or later. For NETGEAR GC108PP versions prior to 1.0.8.2, update to version 1.0.8.2 or later. For NETGEAR GS108Tv3 versions prior to 7.0.7.2, update to version 7.0.7.2 or later. For NETGEAR GS110TPv3 versions prior to 7.0.7.2, update to version 7.0.7.2 or later. For NETGEAR GS110TPP versions prior to 7.0.7.2, update to version 7.0.7.2 or later. For NETGEAR GS110TUP versions prior to 1.0.5.3, update to version 1.0.5.3 or later. For NETGEAR GS308T versions prior to 1.0.3.2, update to version 1.0.3.2 or later. For NETGEAR GS310TP versions prior to 1.0.3.2, update to version 1.0.3.2 or later. For NETGEAR GS710TUP versions prior to 1.0.5.3, update to version 1.0.5.3 or later. For NETGEAR GS716TP versions prior to 1.0.4.2, update to version 1.0.4.2 or later. For NETGEAR GS716TPP versions prior to 1.0.4.2, update to version 1.0.4.2 or later. For NETGEAR GS724TPP versions prior to 2.0.6.3, update to version 2.0.6.3 or later. For NETGEAR GS724TPv2 versions prior to 2.0.6.3, update to version 2.0.6.3 or later. For NETGEAR GS728TPPv2 versions prior to 6.0.8.2, update to version 6.0.8.2 or later. For NETGEAR GS728TPv2 versions prior to 6.0.8.2, update to version 6.0.8.2 or later. For NETGEAR GS752TPv2 versions prior to 6.0.8.2, update to version 6.0.8.2 or later. For NETGEAR GS752TPP versions prior to 6.0.8.2, update to version 6.0.8.2 or later. For NETGEAR GS750E versions prior to 1.0.1.10, update to version 1.0.1.10 or later. For NETGEAR MS510TXM versions prior to 1.0.4.2, update to version 1.0.4.2 or later. For NETGEAR MS510TXUP versions prior to 1.0.4.2, update to version 1.0.4.2 or later.

Fix

Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-77

Related Identifiers

BDU:2022-01157
CVE-2021-45557

Affected Products

Netgear Gc108P
Netgear Gs108Tv3
Netgear Gs110Tpp
Netgear Gs110Tpv3
Netgear Gs308T
Netgear Gs310Tp
Netgear Gs710Tup
Netgear Gs716Tp
Netgear Gs724Tpp
Netgear Gs724Tpv2
Netgear Gs728Tpv2
Netgear Gs750E
Netgear Gs752Tpp
Netgear Gs752Tpv2
Netgear Ms510Txm
Netgear Ms510Txup