CVE-2021-45602OS Command Injection in Netgear D7800 Firmware

CWE-78OS Command InjectionCWE-77Command Injection3 documents3 sources
Severity
7.8HIGHNVD
CNA6.1
EPSS
0.1%
top 73.45%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
18
Netgear D7800 FirmwareNetgear Ex2700 FirmwareNetgear Lbr1020 Firmware+15 more
Timeline
PublishedDec 26
Latest updateDec 27

Description

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D7800 before 1.0.1.66, EX2700 before 1.0.1.68, WN3000RPv2 before 1.0.0.90, WN3000RPv3 before 1.0.2.100, LBR1020 before 2.6.5.20, LBR20 before 2.6.5.32, R6700AX before 1.0.10.110, R7800 before 1.0.2.86, R8900 before 1.0.5.38, R9000 before 1.0.5.38, RAX10 before 1.0.10.110, RAX120v1 before 1.2.3.28, RAX120v2 before 1.2.3.28, RAX70 before 1.0.10.110, RAX78 before 1.0.10.110, XR450 before 2.3.2.130, XR50

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages18 packages

NVDnetgear/d7800_firmware< 1.0.1.66
NVDnetgear/lbr20_firmware< 2.6.5.32
NVDnetgear/r7800_firmware< 1.0.2.86
NVDnetgear/r8900_firmware< 1.0.5.38
NVDnetgear/r9000_firmware< 1.0.5.38

Patches

Patch: kb.netgear.comPatch: kb.netgear.com

🔴Vulnerability Details

2
GHSA
GHSA-g3q6-9jxv-cjjg: Certain NETGEAR devices are affected by command injection by an authenticated user2021-12-27
CVEList
CVE-2021-45602: Certain NETGEAR devices are affected by command injection by an authenticated user2021-12-26
CVE-2021-45602 — OS Command Injection in Netgear | cvebase