fkie_cve-2021-45613
Vulnerability from fkie_nvd
Published
2021-12-26 01:15
Modified
2024-11-21 06:32
Severity ?
9.6 (Critical) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR40 before 2.5.0.24, CBR750 before 4.6.3.6, D7000v2 before 1.0.0.74, LAX20 before 1.1.6.28, MK62 before 1.0.6.116, MR60 before 1.0.6.116, MS60 before 1.0.6.116, MR80 before 1.1.2.20, MS80 before 1.1.2.20, RAX15 before 1.0.3.96, RAX20 before 1.0.3.96, RAX200 before 1.0.4.120, RAX45 before 1.0.3.96, RAX50 before 1.0.3.96, RAX43 before 1.0.3.96, RAX40v2 before 1.0.3.96, RAX35v2 before 1.0.3.96, RAX75 before 1.0.4.120, RAX80 before 1.0.4.120, RBK752 before 3.2.17.12, RBR750 before 3.2.17.12, RBS750 before 3.2.17.12, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, RBS850 before 3.2.17.12, and XR1000 before 1.0.0.58.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:cbr40_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "7483E92A-5858-49B5-9499-E132941F5ACD", versionEndExcluding: "2.5.0.24", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:cbr40:-:*:*:*:*:*:*:*", matchCriteriaId: "AE0F7E9E-196C-4106-B1C9-C16FA5910A0F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:cbr750_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "A87D3ACB-B5A3-4F1F-BF46-73C0AD690D8C", versionEndExcluding: "4.6.3.6", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:cbr750:-:*:*:*:*:*:*:*", matchCriteriaId: "CBD14EFC-C6EF-485B-A594-73B8525704A5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d7000v2_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "C2D1C234-22F1-4837-9D04-059170A97072", versionEndExcluding: "1.0.0.74", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d7000v2:-:*:*:*:*:*:*:*", matchCriteriaId: "6DC6BD34-1A2C-4247-A20C-0B44C0F56E0F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:lax20_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "48709EA4-81F3-4CF1-B9A8-5379309914B0", versionEndExcluding: "1.1.6.28", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:lax20:-:*:*:*:*:*:*:*", matchCriteriaId: "491CEB8D-22F3-4F86-96F0-03C5C58BA295", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:mk62_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "AE40C2D0-0863-4E0F-B3E7-6FD043B46467", versionEndExcluding: "1.0.6.116", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:mk62:-:*:*:*:*:*:*:*", matchCriteriaId: "69A79475-37BE-47BD-A629-DCEF22500B0B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:mr60_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "EA438541-75AE-4D6B-AB56-02760D08D465", versionEndExcluding: "1.0.6.116", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:mr60:-:*:*:*:*:*:*:*", matchCriteriaId: "65BB3ECD-2F0B-4625-A1DB-F6CEFC46E277", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ms60_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "2234C485-F411-48CC-9A0B-AA49B6961E38", versionEndExcluding: "1.0.6.116", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ms60:-:*:*:*:*:*:*:*", matchCriteriaId: "F003F064-591C-4D7C-9EC4-D0E553BC6683", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rax15_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "2268D5EF-E7FA-4112-A468-507417E18FFF", versionEndExcluding: "1.0.3.96", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rax15:-:*:*:*:*:*:*:*", matchCriteriaId: "B624B4D3-BCF4-4F95-B401-A88BEC3145A5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rax20_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "31289572-2197-4A38-8353-CA4AAD491160", versionEndExcluding: "1.0.3.96", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rax20:-:*:*:*:*:*:*:*", matchCriteriaId: "7038703C-C79D-4DD4-8B16-E1A5FC6694C0", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rax200_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "6334DE4D-E78B-4582-9C6F-6123DA5192C7", versionEndExcluding: "1.0.4.120", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rax200:-:*:*:*:*:*:*:*", matchCriteriaId: "58EB0F2F-FB5C-47D9-9AE6-087AE517B3F9", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rax35v2_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "841D857C-3387-43E0-A3AF-0E81CBEE3E40", versionEndExcluding: "1.0.3.96", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rax35v2:-:*:*:*:*:*:*:*", matchCriteriaId: "9358B2F2-D24E-434D-AEE5-6CE093598793", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rax40v2_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "4FF0E5B9-8D2D-4A3F-881E-2E3122B3577C", versionEndExcluding: "1.0.3.96", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rax40v2:-:*:*:*:*:*:*:*", matchCriteriaId: "3CEAD12D-6D90-4CFB-9E59-2CEBD400C567", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rax43_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "8AC89EAA-344C-438E-A5A5-2C34CF699743", versionEndExcluding: "1.0.3.96", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rax43:-:*:*:*:*:*:*:*", matchCriteriaId: "178BB386-F66C-4CE8-9283-37D22B304691", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rax45_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "0706367A-3F60-4564-8689-E0A46DDC31C2", versionEndExcluding: "1.0.3.96", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rax45:-:*:*:*:*:*:*:*", matchCriteriaId: "4B08BD69-CDCC-4CEB-B887-4E47D2B45D26", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rax50_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "679C4EC5-D17E-469B-A28F-BF5E231CED3D", versionEndExcluding: "1.0.3.96", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rax50:-:*:*:*:*:*:*:*", matchCriteriaId: "C430976E-24C0-4EA7-BF54-F9C188AB9C01", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rax75_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "BDF9F3BA-4239-4F4D-A65E-A6752A5420F6", versionEndExcluding: "1.0.4.120", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rax75:-:*:*:*:*:*:*:*", matchCriteriaId: "1BAA74D7-36A1-4494-96A2-BD0D2D6BF22F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rax80_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "334BB384-5C29-4D24-9F82-B8EE8D0CA8BF", versionEndExcluding: "1.0.4.120", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rax80:-:*:*:*:*:*:*:*", matchCriteriaId: "06B5A85C-3588-4263-B9AD-4E56D3F6CB16", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbk752_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D8D90FF3-F5CE-43DF-ACF7-C64DBDCCA185", versionEndExcluding: "3.2.17.12", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbk752:-:*:*:*:*:*:*:*", matchCriteriaId: "A45832BD-114D-42F1-B9F1-7532496D30A6", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbk852_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "845C1FCC-F54B-452A-B121-1CD1A7867027", versionEndExcluding: "3.2.17.12", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbk852:-:*:*:*:*:*:*:*", matchCriteriaId: "14F257FE-31CE-4F74-829D-29407D74ADF7", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbr750_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "B6AE1767-9D9A-4E9E-B088-6727FACFDE5C", versionEndExcluding: "3.2.17.12", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbr750:-:*:*:*:*:*:*:*", matchCriteriaId: "C13F5C69-FA9B-472A-9036-0C2967BDCDE9", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbr850_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "01E0EF50-145F-407A-8915-4EFFCD833505", versionEndExcluding: "3.2.17.12", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbr850:-:*:*:*:*:*:*:*", matchCriteriaId: "D92E4C8E-222A-476C-8273-F7171FC61F0B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbs750_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "F614A1AB-F0C0-45D7-8D91-ECA3C1AA9165", versionEndExcluding: "3.2.17.12", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbs750:-:*:*:*:*:*:*:*", matchCriteriaId: "B529194C-C440-4BC3-850F-0613FC548F86", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbs850_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "0DC5A075-0619-409C-B057-41015B8C54B3", versionEndExcluding: "3.2.17.12", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbs850:-:*:*:*:*:*:*:*", matchCriteriaId: "221CA950-E984-44CD-9E1B-3AADE3CEBE52", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:xr1000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "F615F516-29EF-4C15-9E18-C5D4F6291A38", versionEndExcluding: "1.0.0.58", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:xr1000:-:*:*:*:*:*:*:*", matchCriteriaId: "4FD4ED11-4130-47DA-8A9D-55B8F6E3E213", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:mr80_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "29757651-068E-4646-AAD8-2CF8FD08B34C", versionEndExcluding: "1.1.2.20", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:mr80:-:*:*:*:*:*:*:*", matchCriteriaId: "2A086E76-3F23-4C21-AC96-F11372A8A186", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ms80_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "1582E16D-ACEE-4E33-9D52-9DD25C035EA8", versionEndExcluding: "1.1.2.20", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ms80:-:*:*:*:*:*:*:*", matchCriteriaId: "DE1A0669-790A-4EE7-A0DC-6E1023D6B4F9", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR40 before 2.5.0.24, CBR750 before 4.6.3.6, D7000v2 before 1.0.0.74, LAX20 before 1.1.6.28, MK62 before 1.0.6.116, MR60 before 1.0.6.116, MS60 before 1.0.6.116, MR80 before 1.1.2.20, MS80 before 1.1.2.20, RAX15 before 1.0.3.96, RAX20 before 1.0.3.96, RAX200 before 1.0.4.120, RAX45 before 1.0.3.96, RAX50 before 1.0.3.96, RAX43 before 1.0.3.96, RAX40v2 before 1.0.3.96, RAX35v2 before 1.0.3.96, RAX75 before 1.0.4.120, RAX80 before 1.0.4.120, RBK752 before 3.2.17.12, RBR750 before 3.2.17.12, RBS750 before 3.2.17.12, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, RBS850 before 3.2.17.12, and XR1000 before 1.0.0.58.", }, { lang: "es", value: "Determinados dispositivos NETGEAR están afectados por una inyección de comandos por parte de un atacante no autenticado. Esto afecta a CBR40 versiones anteriores a 2.5.0.24, CBR750 versiones anteriores a 4.6.3.6, D7000v2 versiones anteriores a 1.0.0.74, LAX20 versiones anteriores a 1.1.6.28, MK62 versiones anteriores a 1.0.6.116, MR60 versiones anteriores a 1.0.6. 116, MS60 versiones anteriores a 1.0.6.116, MR80 versiones anteriores a 1.1.2.20, MS80 versiones anteriores a 1.1.2.20, RAX15 versiones anteriores a 1.0.3.96, RAX20 versiones anteriores a 1.0.3.96, RAX200 versiones anteriores a 1.0.4.120, RAX45 versiones anteriores a 1.0.3. 96, RAX50 versiones anteriores a 1.0.3.96, RAX43 versiones anteriores a 1.0.3.96, RAX40v2 versiones anteriores a 1.0.3.96, RAX35v2 versiones anteriores a 1.0.3.96, RAX75 versiones anteriores a 1.0.4.120, RAX80 versiones anteriores a 1.0.4.120, RBK752 versiones anteriores a 3. 2.17.12, RBR750 versiones anteriores a 3.2.17.12, RBS750 versiones anteriores a 3.2.17.12, RBK852 versiones anteriores a 3.2.17.12, RBR850 versiones anteriores a 3.2.17.12, RBS850 versiones anteriores a 3.2.17.12, y XR1000 versiones anteriores a 1.0.0.58", }, ], id: "CVE-2021-45613", lastModified: "2024-11-21T06:32:40.303", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 9.6, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 6, source: "cve@mitre.org", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-12-26T01:15:18.383", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000064138/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-Routers-and-WiFi-Systems-PSV-2020-0508", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000064138/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-Routers-and-WiFi-Systems-PSV-2020-0508", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-77", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
Title of the comment
Description of the comment
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.