CVE-2021-45614

CWE-77 — Command Injection3 documents3 sources

Severity

9.8CRITICAL

EPSS

0.9%

top 24.00%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Netgear D7000v2 Firmware Netgear Lax20 Firmware Netgear Mk62 Firmware +19 more

Timeline

PublishedDec 26

Latest updateDec 27

Description

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects D7000v2 before 1.0.0.74, LAX20 before 1.1.6.28, MK62 before 1.0.6.116, MR60 before 1.0.6.116, MS60 before 1.0.6.116, RAX15 before 1.0.3.96, RAX20 before 1.0.3.96, RAX200 before 1.0.4.120, RAX45 before 1.0.3.96, RAX50 before 1.0.3.96, RAX43 before 1.0.3.96, RAX40v2 before 1.0.3.96, RAX35v2 before 1.0.3.96, RAX75 before 1.0.4.120, RAX80 before 1.0.4.120, RBK752 before 3.2.17.12, RBR750 before 3.2…

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:HExploitability: 2.8 | Impact: 6.0

Affected Packages22 packages

▶NVDnetgear/rax200_firmware< 1.0.4.120

▶NVDnetgear/mk62_firmware< 1.0.6.116

▶NVDnetgear/mr60_firmware< 1.0.6.116

▶NVDnetgear/ms60_firmware< 1.0.6.116

▶NVDnetgear/lax20_firmware< 1.1.6.28

🔴Vulnerability Details

GHSA

GHSA-3fm5-j2pv-wjf2: Certain NETGEAR devices are affected by command injection by an unauthenticated attacker↗2021-12-27

▶

CVEList

CVE-2021-45614: Certain NETGEAR devices are affected by command injection by an unauthenticated attacker↗2021-12-26

▶