← Back

CVE-2021-45551

nvd nist
Published: Dec 26, 2021Modified: Nov 21, 2024

JSON object

Loading...
8.8
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 2.8 / Impact: 5.9
Source: NVD

Description

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D6200 before 1.1.00.40, D7000 before 1.0.1.78, R6020 before 1.0.0.42, R6080 before 1.0.0.42, R6050 before 1.0.1.26, JR6150 before 1.0.1.26, R6120 before 1.0.0.66, R6220 before 1.1.0.110, R6230 before 1.1.0.110, R6260 before 1.1.0.64, R6800 before 1.2.0.62, R6700v2 before 1.2.0.62, R6900v2 before 1.2.0.62, R7450 before 1.2.0.62, AC2100 before 1.2.0.62, AC2400 before 1.2.0.62, AC2600 before 1.2.0.62, and WNR2020 before 1.1.0.62.

Affected (18)

Netgear
18 products
D6200 Firmware
D7000 Firmware
R6020 Firmware
R6080 Firmware
R6050 Firmware
Jr6150 Firmware
R6120 Firmware
R6220 Firmware
R6230 Firmware
R6260 Firmware
R6800 Firmware
R6700v2 Firmware
R6900v2 Firmware
R7450 Firmware
Ac2100 Firmware
Ac2400 Firmware
Ac2600 Firmware
Wnr2020 Firmware
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
D6200 Firmware
Before 1.1.00.40
Running on/withPlatform Versions
Netgear
D6200
All versions
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
D7000 Firmware
Before 1.0.1.78
Running on/withPlatform Versions
Netgear
D7000
All versions
Configuration C
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
R6020 Firmware
Before 1.0.0.42
Running on/withPlatform Versions
Netgear
R6020
All versions
Configuration D
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
R6080 Firmware
Before 1.0.0.42
Running on/withPlatform Versions
Netgear
R6080
All versions
Configuration E
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
R6050 Firmware
Before 1.0.1.26
Running on/withPlatform Versions
Netgear
R6050
All versions
Configuration F
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Jr6150 Firmware
Before 1.0.1.26
Running on/withPlatform Versions
Netgear
Jr6150
All versions
Configuration G
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
R6120 Firmware
Before 1.0.0.66
Running on/withPlatform Versions
Netgear
R6120
All versions
Configuration H
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
R6220 Firmware
Before 1.1.0.110
Running on/withPlatform Versions
Netgear
R6220
All versions
Configuration I
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
R6230 Firmware
Before 1.1.0.110
Running on/withPlatform Versions
Netgear
R6230
All versions
Configuration J
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
R6260 Firmware
Before 1.1.0.64
Running on/withPlatform Versions
Netgear
R6260
All versions
Configuration K
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
R6800 Firmware
Before 1.2.0.62
Running on/withPlatform Versions
Netgear
R6800
All versions
Configuration L
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
R6700v2 Firmware
Before 1.2.0.62
Running on/withPlatform Versions
Netgear
R6700v2
All versions
Configuration M
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
R6900v2 Firmware
Before 1.2.0.62
Running on/withPlatform Versions
Netgear
R6900v2
All versions
Configuration N
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
R7450 Firmware
Before 1.2.0.62
Running on/withPlatform Versions
Netgear
R7450
All versions
Configuration O
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Ac2100 Firmware
Before 1.2.0.62
Running on/withPlatform Versions
Netgear
Ac2100
All versions
Configuration P
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Ac2400 Firmware
Before 1.2.0.62
Running on/withPlatform Versions
Netgear
Ac2400
All versions
Configuration Q
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Ac2600 Firmware
Before 1.2.0.62
Running on/withPlatform Versions
Netgear
Ac2600
All versions
Configuration R
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Wnr2020 Firmware
Before 1.1.0.62
Running on/withPlatform Versions
Netgear
Wnr2020
All versions

Related CWEs

CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

References (2)

Source: cve@mitre.org
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory

Timeline

No history available yet.