CVE-2021-45557

Published: Dec 26, 2021Modified: Nov 21, 2024

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects GC108P before 1.0.8.2, GC108PP before 1.0.8.2, GS108Tv3 before 7.0.7.2, GS110TPv3 before 7.0.7.2, GS110TPP before 7.0.7.2, GS110TUP before 1.0.5.3, GS710TUP before 1.0.5.3, GS308T before 1.0.3.2, GS310TP before 1.0.3.2, GS710TUP before 1.0.5.3, GS716TP before 1.0.4.2, GS716TPP before 1.0.4.2, GS724TPP before 2.0.6.3, GS724TPv2 before 2.0.6.3, GS724TPP before 2.0.6.3, GS728TPPv2 before 6.0.8.2, GS728TPv2 before 6.0.8.2, GS752TPv2 before 6.0.8.2, GS752TPP before 6.0.8.2, GS750E before 1.0.1.10, MS510TXM before 1.0.4.2, and MS510TXUP before 1.0.4.2.

Affected (20)

Products: Netgear: Gc108p Firmware, Gc108pp Firmware, Gs108tv3 Firmware, Gs110tpv3 Firmware, Gs110tpp Firmware, Gs110tup Firmware, Gs308t Firmware, Gs310tp Firmware, Gs710tup Firmware, Gs716tp Firmware, Gs716tpp Firmware, Gs724tpv2 Firmware, Gs724tpp Firmware, Gs728tppv2 Firmware, Gs728tpv2 Firmware, Gs752tpv2 Firmware, Gs752tpp Firmware, Gs750e Firmware, Ms510txm Firmware, Ms510txup Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Gc108p Firmware	Before 1.0.8.2

Running on/with	Platform Versions
Netgear Gc108p	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Gc108pp Firmware	Before 1.0.8.2

Running on/with	Platform Versions
Netgear Gc108pp	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Gs108tv3 Firmware	Before 7.0.7.2

Running on/with	Platform Versions
Netgear Gs108tv3	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Gs110tpv3 Firmware	Before 7.0.7.2

Running on/with	Platform Versions
Netgear Gs110tpv3	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Gs110tpp Firmware	Before 7.0.7.2

Running on/with	Platform Versions
Netgear Gs110tpp	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Gs110tup Firmware	Before 1.0.5.3

Running on/with	Platform Versions
Netgear Gs110tup	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Gs308t Firmware	Before 1.0.3.2

Running on/with	Platform Versions
Netgear Gs308t	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Gs310tp Firmware	Before 1.0.3.2

Running on/with	Platform Versions
Netgear Gs310tp	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Gs710tup Firmware	Before 1.0.5.3

Running on/with	Platform Versions
Netgear Gs710tup	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Gs716tp Firmware	Before 1.0.4.2

Running on/with	Platform Versions
Netgear Gs716tp	All versions

Configuration L

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Gs716tpp Firmware	Before 1.0.4.2

Running on/with	Platform Versions
Netgear Gs716tpp	All versions

Configuration N

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Gs724tpv2 Firmware	Before 2.0.6.3

Running on/with	Platform Versions
Netgear Gs724tpv2	All versions

Configuration O

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Gs724tpp Firmware	Before 2.0.6.3

Running on/with	Platform Versions
Netgear Gs724tpp	All versions

Configuration P

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Gs728tppv2 Firmware	Before 6.0.8.2

Running on/with	Platform Versions
Netgear Gs728tppv2	All versions

Configuration Q

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Gs728tpv2 Firmware	Before 6.0.8.2

Running on/with	Platform Versions
Netgear Gs728tpv2	All versions

Configuration R

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Gs752tpv2 Firmware	Before 6.0.8.2

Running on/with	Platform Versions
Netgear Gs752tpv2	All versions

Configuration S

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Gs752tpp Firmware	Before 6.0.8.2

Running on/with	Platform Versions
Netgear Gs752tpp	All versions

Configuration T

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Gs750e Firmware	Before 1.0.1.10

Running on/with	Platform Versions
Netgear Gs750e	All versions

Configuration U

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Ms510txm Firmware	Before 1.0.4.2

Running on/with	Platform Versions
Netgear Ms510txm	All versions

Configuration V

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Ms510txup Firmware	Before 1.0.4.2

Running on/with	Platform Versions
Netgear Ms510txup	All versions

Related CWEs

CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

References (2)

https://kb.netgear.com/000064164/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Switches-PSV-2021-0167

Source: cve@mitre.org

PatchVendor Advisory

https://kb.netgear.com/000064164/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Switches-PSV-2021-0167

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.