CVE-2021-45595 — Command Injection in Netgear Lbr20 Firmware

CWE-77 — Command Injection3 documents3 sources

Severity

8.8HIGHNVD

CNA7.6

EPSS

0.2%

top 57.33%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Netgear Lbr20 Firmware Netgear Rbk12 Firmware Netgear Rbk20 Firmware +11 more

Timeline

PublishedDec 26

Latest updateDec 27

Description

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects LBR20 before 2.6.3.50, RBS50Y before 2.7.3.22, RBR10 before 2.7.3.22, RBR20 before 2.7.3.22, RBR40 before 2.7.3.22, RBR50 before 2.7.3.22, RBS10 before 2.7.3.22, RBS20 before 2.7.3.22, RBS40 before 2.7.3.22, RBS50 before 2.7.3.22, RBK12 before 2.7.3.22, RBK20 before 2.7.3.22, RBK40 before 2.7.3.22, and RBK50 before 2.7.3.22.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages14 packages

▶NVDnetgear/rbs50y_firmware< 2.7.3.22

▶NVDnetgear/lbr20_firmware< 2.6.3.50

▶NVDnetgear/rbk12_firmware< 2.7.3.22

▶NVDnetgear/rbk20_firmware< 2.7.3.22

▶NVDnetgear/rbk40_firmware< 2.7.3.22

🔴Vulnerability Details

GHSA

GHSA-r5jx-cqpf-rwcx: Certain NETGEAR devices are affected by command injection by an authenticated user↗2021-12-27

▶

CVEList

CVE-2021-45595: Certain NETGEAR devices are affected by command injection by an authenticated user↗2021-12-26

▶