CVE-2021-45624

CRITICAL WAF: High

CVSS 9.8 Published: 2021-12-26

CWE-77

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects D7000v2 before 1.0.0.66, D8500 before 1.0.3.58, R7000 before 1.0.11.110, R7100LG before 1.0.0.72, R7900 before 1.0.4.30, R8000 before 1.0.4.62, XR300 before 1.0.3.56, R7000P before 1.3.2.132, R8500 before 1.0.2.144, R6900P before 1.3.2.132, and R8300 before 1.0.2.144.

WAF Coverage Analysis

Command Injection High WAF Coverage

OWASP: A03:2021 Injection

932xxx - Remote Code Execution

Affected Software

Vendor	Product	Version
netgear	d7000v2_firmware	up to 1.0.0.66
netgear	d8500_firmware	up to 1.0.3.58
netgear	r7000_firmware	up to 1.0.11.110
netgear	r7100lg_firmware	up to 1.0.0.72
netgear	r7900_firmware	up to 1.0.4.30
netgear	r8000_firmware	up to 1.0.4.62
netgear	xr300_firmware	up to 1.0.3.56
netgear	r7000p_firmware	up to 1.3.2.132
netgear	r8500_firmware	up to 1.0.2.144
netgear	r6900p_firmware	up to 1.3.2.132

References

kb.netgear.com (Patch, Vendor Advisory)

Back to CVE Database