PT-2021-6245 · NetGear · Netgear Rbr850+11
Published
2021-12-22
·
Updated
2022-01-06
·
CVE-2021-45546
CVSS v2.0
9.0
High
| Vector | AV:N/AC:L/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
NETGEAR R7850 versions 1.0.5.74 and earlier
NETGEAR R7900P versions 1.4.2.84 and earlier
NETGEAR R7960P versions 1.4.2.84 and earlier
NETGEAR R8000 versions 1.0.4.74 and earlier
NETGEAR R8000P versions 1.4.2.84 and earlier
NETGEAR RAX200 versions 1.0.4.120 and earlier
NETGEAR RAX75 versions 1.0.4.120 and earlier
NETGEAR RAX80 versions 1.0.4.120 and earlier
NETGEAR RBK752 versions 3.2.17.12 and earlier
NETGEAR RBK852 versions 3.2.17.12 and earlier
NETGEAR RBR750 versions 3.2.17.12 and earlier
NETGEAR RBR850 versions 3.2.17.12 and earlier
NETGEAR RBS750 versions 3.2.17.12 and earlier
NETGEAR RBS850 versions 3.2.17.12 and earlier
Description
The issue is related to command injection by an authenticated user due to the lack of input data sanitization. This allows a remote attacker to execute arbitrary commands.
Recommendations
For NETGEAR R7850 version 1.0.5.74 and earlier, update to version 1.0.5.74 or later.
For NETGEAR R7900P version 1.4.2.84 and earlier, update to version 1.4.2.84 or later.
For NETGEAR R7960P version 1.4.2.84 and earlier, update to version 1.4.2.84 or later.
For NETGEAR R8000 version 1.0.4.74 and earlier, update to version 1.0.4.74 or later.
For NETGEAR R8000P version 1.4.2.84 and earlier, update to version 1.4.2.84 or later.
For NETGEAR RAX200 version 1.0.4.120 and earlier, update to version 1.0.4.120 or later.
For NETGEAR RAX75 version 1.0.4.120 and earlier, update to version 1.0.4.120 or later.
For NETGEAR RAX80 version 1.0.4.120 and earlier, update to version 1.0.4.120 or later.
For NETGEAR RBK752 version 3.2.17.12 and earlier, update to version 3.2.17.12 or later.
For NETGEAR RBK852 version 3.2.17.12 and earlier, update to version 3.2.17.12 or later.
For NETGEAR RBR750 version 3.2.17.12 and earlier, update to version 3.2.17.12 or later.
For NETGEAR RBR850 version 3.2.17.12 and earlier, update to version 3.2.17.12 or later.
For NETGEAR RBS750 version 3.2.17.12 and earlier, update to version 3.2.17.12 or later.
For NETGEAR RBS850 version 3.2.17.12 and earlier, update to version 3.2.17.12 or later.
Fix
Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Netgear R7850
Netgear R7900
Netgear R7960P
Netgear R8000
Netgear Rax200
Netgear Rax75
Netgear Rax80
Netgear Rbk752
Netgear Rbk852
Netgear Rbr750
Netgear Rbr850
Netgear Rbs750