CVE-2021-45556

Published: Dec 26, 2021Modified: Nov 21, 2024

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects GS108Tv2 before 5.4.2.36, GS110TPP before 7.0.7.2, GS110TPv2 before 5.4.2.36., GS110TPv3 before 7.0.7.2, GS308T before 1.0.3.2, GS310TP before 1.0.3.2, GS724TPP before 2.0.6.3, GS724TPv2 before 2.0.6.3, GS728TPPv2 before 6.0.8.2, GS728TPv2 before 6.0.8.2, GS752TPP before 6.0.8.2, GS752TPv2 before 6.0.8.2, MS510TXM before 1.0.4.2, and MS510TXUP before 1.0.4.2.

Affected (14)

Products: Netgear: Gs108tv2 Firmware, Gs110tpp Firmware, Gs110tpv2 Firmware, Gs308t Firmware, Gs110tpv3 Firmware, Gs310tp Firmware, Gs724tpp Firmware, Gs724tpv2 Firmware, Gs728tppv2 Firmware, Gs728tpv2 Firmware, Gs752tpp Firmware, Gs752tpv2 Firmware, Ms510txm Firmware, Ms510txup Firmware

14 products

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Gs108tv2 Firmware	Before 5.4.2.36

Running on/with	Platform Versions
Netgear Gs108tv2	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Gs110tpp Firmware	Before 7.0.7.2

Running on/with	Platform Versions
Netgear Gs110tpp	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Gs110tpv2 Firmware	Before 5.4.2.36

Running on/with	Platform Versions
Netgear Gs110tpv2	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Gs308t Firmware	Before 1.0.3.2

Running on/with	Platform Versions
Netgear Gs308t	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Gs110tpv3 Firmware	Before 7.0.7.2

Running on/with	Platform Versions
Netgear Gs110tpv3	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Gs310tp Firmware	Before 1.0.3.2

Running on/with	Platform Versions
Netgear Gs310tp	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Gs724tpp Firmware	Before 2.0.6.3

Running on/with	Platform Versions
Netgear Gs724tpp	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Gs724tpv2 Firmware	Before 2.0.6.3

Running on/with	Platform Versions
Netgear Gs724tpv2	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Gs728tppv2 Firmware	Before 6.0.8.2

Running on/with	Platform Versions
Netgear Gs728tppv2	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Gs728tpv2 Firmware	Before 6.0.8.2

Running on/with	Platform Versions
Netgear Gs728tpv2	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Gs752tpp Firmware	Before 6.0.8.2

Running on/with	Platform Versions
Netgear Gs752tpp	All versions

Configuration L

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Gs752tpv2 Firmware	Before 6.0.8.2

Running on/with	Platform Versions
Netgear Gs752tpv2	All versions

Configuration M

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Ms510txm Firmware	Before 1.0.4.2

Running on/with	Platform Versions
Netgear Ms510txm	All versions

Configuration N

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Ms510txup Firmware	Before 1.0.4.2

Running on/with	Platform Versions
Netgear Ms510txup	All versions

Related CWEs

CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

References (2)

https://kb.netgear.com/000064534/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Smart-Managed-Pro-Switches-PSV-2021-0175

Source: cve@mitre.org

PatchVendor Advisory

https://kb.netgear.com/000064534/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Smart-Managed-Pro-Switches-PSV-2021-0175

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.