CVE-2021-45549Command Injection in Netgear Lax20 Firmware

CWE-77Command Injection3 documents3 sources
Severity
6.8MEDIUMNVD
CNA8.4
EPSS
0.2%
top 52.37%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
27
Netgear Lax20 FirmwareNetgear Mk62 FirmwareNetgear Mr60 Firmware+24 more
Timeline
PublishedDec 26
Latest updateDec 27

Description

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects LAX20 before 1.1.6.28, MK62 before 1.1.6.122, MR60 before 1.1.6.122, MS60 before 1.1.6.122, R6400v2 before 1.0.4.118, R6700v3 before 1.0.4.118, R6900P before 1.3.3.140, R7000 before 1.0.11.116, R7000P before 1.3.3.140, R7850 before 1.0.5.68, R7900 before 1.0.4.38, R7900P before 1.4.2.84, R7960P before 1.4.2.84, R8000 before 1.0.4.68, R8000P before 1.4.2.84, RAX15 before 1.0.3.96, RAX20 before 1.0.3.9

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.9 | Impact: 5.9

Affected Packages27 packages

NVDnetgear/r7000p_firmware< 1.3.3.140
NVDnetgear/r7900p_firmware< 1.4.2.84
NVDnetgear/r8000p_firmware< 1.4.2.84
NVDnetgear/rax200_firmware< 1.0.4.120
NVDnetgear/mk62_firmware< 1.1.6.122

🔴Vulnerability Details

2
GHSA
GHSA-m6m8-v67p-7g6q: Certain NETGEAR devices are affected by command injection by an authenticated user2021-12-27
CVEList
CVE-2021-45549: Certain NETGEAR devices are affected by command injection by an authenticated user2021-12-26
CVE-2021-45549 — Command Injection in Netgear | cvebase