CVE-2021-45614 - OpenCVE

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects D7000v2 before 1.0.0.74, LAX20 before 1.1.6.28, MK62 before 1.0.6.116, MR60 before 1.0.6.116, MS60 before 1.0.6.116, RAX15 before 1.0.3.96, RAX20 before 1.0.3.96, RAX200 before 1.0.4.120, RAX45 before 1.0.3.96, RAX50 before 1.0.3.96, RAX43 before 1.0.3.96, RAX40v2 before 1.0.3.96, RAX35v2 before 1.0.3.96, RAX75 before 1.0.4.120, RAX80 before 1.0.4.120, RBK752 before 3.2.17.12, RBR750 before 3.2.17.12, RBS750 before 3.2.17.12, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, RBS850 before 3.2.17.12, and XR1000 before 1.0.0.58.

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Netgear	D7000v2 D7000v2 Firmware Lax20 Lax20 Firmware Mk62 Mk62 Firmware Mr60 Mr60 Firmware Ms60 Ms60 Firmware Rax15 Rax15 Firmware Rax20 Rax200 Rax200 Firmware Rax20 Firmware Rax35v2 Rax35v2 Firmware Rax40v2 Rax40v2 Firmware Rax43 Rax43 Firmware Rax45 Rax45 Firmware Rax50 Rax50 Firmware Rax75 Rax75 Firmware Rax80 Rax80 Firmware Rbk752 Rbk752 Firmware Rbk852 Rbk852 Firmware Rbr750 Rbr750 Firmware Rbr850 Rbr850 Firmware Rbs750 Rbs750 Firmware Rbs850 Rbs850 Firmware Xr1000 Xr1000 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:netgear:d7000v2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:d7000v2:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:netgear:lax20_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:lax20:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:netgear:mk62_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:mk62:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:netgear:mr60_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:mr60:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:netgear:ms60_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:ms60:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:netgear:rax15_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:rax15:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:netgear:rax20_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:rax20:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:netgear:rax200_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:rax200:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:netgear:rax45_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:rax45:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:netgear:rax50_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:rax50:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:netgear:rax43_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:rax43:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND

cpe:2.3:o:netgear:rax40v2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:rax40v2:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND

cpe:2.3:o:netgear:rax35v2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:rax35v2:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND

cpe:2.3:o:netgear:rax75_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:rax75:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND

cpe:2.3:o:netgear:rax80_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:rax80:-:*:*:*:*:*:*:*

Configuration 16 [-]

AND

cpe:2.3:o:netgear:rbk752_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:rbk752:-:*:*:*:*:*:*:*

Configuration 17 [-]

AND

cpe:2.3:o:netgear:rbr750_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:rbr750:-:*:*:*:*:*:*:*

Configuration 18 [-]

AND

cpe:2.3:o:netgear:rbs750_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:rbs750:-:*:*:*:*:*:*:*

Configuration 19 [-]

AND

cpe:2.3:o:netgear:rbk852_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:rbk852:-:*:*:*:*:*:*:*

Configuration 20 [-]

AND

cpe:2.3:o:netgear:rbr850_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:rbr850:-:*:*:*:*:*:*:*

Configuration 21 [-]

AND

cpe:2.3:o:netgear:rbs850_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:rbs850:-:*:*:*:*:*:*:*

Configuration 22 [-]

AND

cpe:2.3:o:netgear:xr1000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:xr1000:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://kb.netgear.com/000064141/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-Routers-and-WiFi-Systems-PSV-2020-0520

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2021-12-26T00:36:20

Updated: 2024-08-04T04:47:02.115Z

Reserved: 2021-12-25T00:00:00

Link: CVE-2021-45614

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2021-12-26T01:15:18.427

Modified: 2022-01-10T16:16:06.890

Link: CVE-2021-45614

Redhat

No data.

Metrics

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

Metrics

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object