Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2018-11106

Summary
Assigner-netgear
Assigner Org ID-a2826606-91e7-4eb6-899e-8484bd4575d5
Published At-01 Apr, 2020 | 16:31
Updated At-05 Aug, 2024 | 07:54
Rejected At-
Credits

NETGEAR has released fixes for a pre-authentication command injection in request_handler.php security vulnerability on the following product models: WC7500, running firmware versions prior to 6.5.3.5; WC7520, running firmware versions prior to 2.5.0.46; WC7600v1, running firmware versions prior to 6.5.3.5; WC7600v2, running firmware versions prior to 6.5.3.5; and WC9500, running firmware versions prior to 6.5.3.5.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:netgear
Assigner Org ID:a2826606-91e7-4eb6-899e-8484bd4575d5
Published At:01 Apr, 2020 | 16:31
Updated At:05 Aug, 2024 | 07:54
Rejected At:
▼CVE Numbering Authority (CNA)

NETGEAR has released fixes for a pre-authentication command injection in request_handler.php security vulnerability on the following product models: WC7500, running firmware versions prior to 6.5.3.5; WC7520, running firmware versions prior to 2.5.0.46; WC7600v1, running firmware versions prior to 6.5.3.5; WC7600v2, running firmware versions prior to 6.5.3.5; and WC9500, running firmware versions prior to 6.5.3.5.

Affected Products
Vendor
NETGEAR, Inc.NETGEAR
Product
WC7500
Versions
Affected
  • firmware versions prior to 6.5.3.5
Vendor
NETGEAR, Inc.NETGEAR
Product
WC7520
Versions
Affected
  • firmware versions prior to 2.5.0.46
Vendor
NETGEAR, Inc.NETGEAR
Product
WC7600v1
Versions
Affected
  • firmware versions prior to 6.5.3.5
Vendor
NETGEAR, Inc.NETGEAR
Product
WC7600v2
Versions
Affected
  • firmware versions prior to 6.5.3.5
Vendor
NETGEAR, Inc.NETGEAR
Product
WC9500
Versions
Affected
  • firmware versions prior to 6.5.3.5
Problem Types
TypeCWE IDDescription
textN/AOther
Type: text
CWE ID: N/A
Description: Other
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://kb.netgear.com/000058243/Security-Advisory-for-Pre-Authentication-Command-Injection-in-request-handler-php-on-Some-Wireless-Controllers-PSV-2018-0051
x_refsource_CONFIRM
Hyperlink: https://kb.netgear.com/000058243/Security-Advisory-for-Pre-Authentication-Command-Injection-in-request-handler-php-on-Some-Wireless-Controllers-PSV-2018-0051
Resource:
x_refsource_CONFIRM
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://kb.netgear.com/000058243/Security-Advisory-for-Pre-Authentication-Command-Injection-in-request-handler-php-on-Some-Wireless-Controllers-PSV-2018-0051
x_refsource_CONFIRM
x_transferred
Hyperlink: https://kb.netgear.com/000058243/Security-Advisory-for-Pre-Authentication-Command-Injection-in-request-handler-php-on-Some-Wireless-Controllers-PSV-2018-0051
Resource:
x_refsource_CONFIRM
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:a2826606-91e7-4eb6-899e-8484bd4575d5
Published At:01 Apr, 2020 | 17:15
Updated At:07 Nov, 2023 | 02:51

NETGEAR has released fixes for a pre-authentication command injection in request_handler.php security vulnerability on the following product models: WC7500, running firmware versions prior to 6.5.3.5; WC7520, running firmware versions prior to 2.5.0.46; WC7600v1, running firmware versions prior to 6.5.3.5; WC7600v2, running firmware versions prior to 6.5.3.5; and WC9500, running firmware versions prior to 6.5.3.5.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary2.010.0HIGH
AV:N/AC:L/Au:N/C:C/I:C/A:C
Type: Primary
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 10.0
Base severity: HIGH
Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C
CPE Matches
NETGEAR, Inc.
netgear
>>wc7500_firmware>>Versions before 6.5.3.5(exclusive)
cpe:2.3:o:netgear:wc7500_firmware:*:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>wc7500>>-
cpe:2.3:h:netgear:wc7500:-:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>wc7520_firmware>>Versions before 2.5.0.46(exclusive)
cpe:2.3:o:netgear:wc7520_firmware:*:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>wc7520>>-
cpe:2.3:h:netgear:wc7520:-:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>wc7600v1_firmware>>Versions before 6.5.3.5(exclusive)
cpe:2.3:o:netgear:wc7600v1_firmware:*:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>wc7600v1>>-
cpe:2.3:h:netgear:wc7600v1:-:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>wc7600v2_firmware>>Versions before 6.5.3.5(exclusive)
cpe:2.3:o:netgear:wc7600v2_firmware:*:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>wc7600v2>>-
cpe:2.3:h:netgear:wc7600v2:-:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>wc9500_firmware>>Versions before 6.5.3.5(exclusive)
cpe:2.3:o:netgear:wc9500_firmware:*:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>wc9500>>-
cpe:2.3:h:netgear:wc9500:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-77Primarynvd@nist.gov
CWE ID: CWE-77
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://kb.netgear.com/000058243/Security-Advisory-for-Pre-Authentication-Command-Injection-in-request-handler-php-on-Some-Wireless-Controllers-PSV-2018-0051a2826606-91e7-4eb6-899e-8484bd4575d5
N/A
Hyperlink: https://kb.netgear.com/000058243/Security-Advisory-for-Pre-Authentication-Command-Injection-in-request-handler-php-on-Some-Wireless-Controllers-PSV-2018-0051
Source: a2826606-91e7-4eb6-899e-8484bd4575d5
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

1117Records found
CVE-2021-45513
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.6||CRITICAL
EPSS-0.24% / 47.51%
||
7 Day CHG~0.00%
Published-26 Dec, 2021 | 01:01
Updated-04 Aug, 2024 | 04:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NETGEAR XR1000 devices before 1.0.0.58 are affected by command injection by an unauthenticated attacker.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-xr1000_firmwarexr1000n/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2021-45631
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.6||CRITICAL
EPSS-0.90% / 74.67%
||
7 Day CHG+0.18%
Published-26 Dec, 2021 | 00:32
Updated-04 Aug, 2024 | 04:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR40 before 2.5.0.24, CBR750 before 4.6.3.6, RBK752 before 3.2.17.12, RBR750 before 3.2.17.12, RBS750 before 3.2.17.12, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-cbr40_firmwarerbs750_firmwarecbr750rbs850_firmwarerbr850rbr750_firmwarecbr750_firmwarecbr40rbs850rbk752_firmwarerbk752rbr750rbs750rbk852_firmwarerbk852rbr850_firmwaren/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2021-45533
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-8.4||HIGH
EPSS-0.14% / 34.08%
||
7 Day CHG~0.00%
Published-26 Dec, 2021 | 00:55
Updated-04 Aug, 2024 | 04:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects EX6120 before 1.0.0.66, EX6130 before 1.0.0.46, EX7000 before 1.0.1.106, EX7500 before 1.0.1.76, EX3700 before 1.0.0.94, EX3800 before 1.0.0.94, RBR850 before 4.6.3.9, RBS850 before 4.6.3.9, and RBK852 before 4.6.3.9.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-ex7500ex6130_firmwarerbs850_firmwarerbr850ex3800_firmwareex7000ex3700ex7500_firmwarerbs850ex3800ex3700_firmwareex7000_firmwareex6120rbk852_firmwarerbk852ex6130ex6120_firmwarerbr850_firmwaren/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2021-45551
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.6||HIGH
EPSS-0.78% / 72.77%
||
7 Day CHG~0.00%
Published-26 Dec, 2021 | 00:51
Updated-04 Aug, 2024 | 04:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D6200 before 1.1.00.40, D7000 before 1.0.1.78, R6020 before 1.0.0.42, R6080 before 1.0.0.42, R6050 before 1.0.1.26, JR6150 before 1.0.1.26, R6120 before 1.0.0.66, R6220 before 1.1.0.110, R6230 before 1.1.0.110, R6260 before 1.1.0.64, R6800 before 1.2.0.62, R6700v2 before 1.2.0.62, R6900v2 before 1.2.0.62, R7450 before 1.2.0.62, AC2100 before 1.2.0.62, AC2400 before 1.2.0.62, AC2600 before 1.2.0.62, and WNR2020 before 1.1.0.62.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-r6700v2_firmwarewnr2020_firmwarer6120r7450_firmwarewnr2020r6220_firmwareac2600r6080_firmwareac2400r6900v2r6120_firmwarer6800r6900v2_firmwarer6050r6260_firmwarer6260r6220r6020ac2400_firmwarer6020_firmwared7000r6080d7000_firmwarer6230r6230_firmwareac2100_firmwared6200_firmwarer6050_firmwarer6700v2ac2100r7450d6200jr6150_firmwarejr6150r6800_firmwareac2600_firmwaren/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2021-45570
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-8.4||HIGH
EPSS-0.08% / 23.82%
||
7 Day CHG~0.00%
Published-26 Dec, 2021 | 00:46
Updated-04 Aug, 2024 | 04:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-rbs850rbk752_firmwarerbk752rbs750_firmwarerbr750rbs750rbs850_firmwarerbr850rbk852_firmwarerbr750_firmwarerbk852rbr850_firmwaren/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2021-45566
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-8.4||HIGH
EPSS-0.14% / 35.42%
||
7 Day CHG~0.00%
Published-26 Dec, 2021 | 00:48
Updated-04 Aug, 2024 | 04:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-rbs850rbk752_firmwarerbk752rbs750_firmwarerbr750rbs750rbs850_firmwarerbr850rbk852_firmwarerbr750_firmwarerbk852rbr850_firmwaren/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2021-45596
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-8.4||HIGH
EPSS-0.54% / 66.56%
||
7 Day CHG~0.00%
Published-26 Dec, 2021 | 00:39
Updated-04 Aug, 2024 | 04:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects CBR750 before 4.6.3.6, RBK752 before 3.2.17.12, RBR750 before 3.2.17.12, RBS750 before 3.2.17.12, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-rbs850rbk752_firmwarerbk752rbs750_firmwarerbr750rbs750cbr750rbs850_firmwarerbr850rbk852_firmwarerbr750_firmwarerbk852cbr750_firmwarerbr850_firmwaren/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2021-45600
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-8.4||HIGH
EPSS-2.27% / 84.00%
||
7 Day CHG~0.00%
Published-26 Dec, 2021 | 00:39
Updated-04 Aug, 2024 | 04:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects CBR750 before 4.6.3.6, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-rbs850cbr750rbs850_firmwarerbr850rbk852rbk852_firmwarecbr750_firmwarerbr850_firmwaren/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2021-45583
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-8.4||HIGH
EPSS-0.14% / 35.42%
||
7 Day CHG~0.00%
Published-26 Dec, 2021 | 00:43
Updated-04 Aug, 2024 | 04:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-rbs850rbk752_firmwarerbk752rbs750_firmwarerbr750rbs750rbs850_firmwarerbr850rbk852_firmwarerbr750_firmwarerbk852rbr850_firmwaren/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2021-45542
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-8.4||HIGH
EPSS-0.11% / 29.47%
||
7 Day CHG~0.00%
Published-26 Dec, 2021 | 00:53
Updated-04 Aug, 2024 | 04:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RAX200 before 1.0.4.120, RAX75 before 1.0.4.120, RAX80 before 1.0.4.120, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-rax200_firmwarerbs850rax80rax200rbs850_firmwarerax75_firmwarerax75rbr850rax80_firmwarerbk852_firmwarerbk852rbr850_firmwaren/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2021-45550
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-6.6||MEDIUM
EPSS-0.08% / 24.52%
||
7 Day CHG~0.00%
Published-26 Dec, 2021 | 00:51
Updated-04 Aug, 2024 | 04:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D3600 before 1.0.0.76, D6000 before 1.0.0.78, D6100 before 1.0.0.63, D6220 before 1.0.0.52, D6400 before 1.0.0.86, D7800 before 1.0.1.56, D8500 before 1.0.3.44, DGN2200Bv4 before 1.0.0.109, DGN2200v4 before 1.0.0.110, R6250 before 1.0.4.34, R6300v2 before 1.0.4.34, R6400 before 1.0.1.46, R6400v2 before 1.0.2.66, R6700 before 1.0.2.6, R6700v3 before 1.0.2.66, R6900 before 1.0.2.4, R6900P before 1.3.1.64, R7000 before 1.0.9.42, R7000P before 1.3.1.64, R7100LG before 1.0.0.50, R7300 before 1.0.0.70, R7900 before 1.0.3.8, R7900P before 1.4.1.30, R8000 before 1.0.4.28, R8000P before 1.4.1.30, R8300 before 1.0.2.128, R8500 before 1.0.2.128, WNDR3400v3 before 1.0.1.24, WNR3500Lv2 before 1.2.0.62, and XR500 before 2.3.2.56.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-r7300d6000_firmwarer7300_firmwarer8000r6400_firmwared7800r6900pr7100lgr7900r8000pr6900p_firmwarewndr3400d3600_firmwared6220r7100lg_firmwarer8300r8500_firmwaredgn2200r7000_firmwared6100_firmwarer8000p_firmwared6400_firmwared3600xr500_firmwared6220_firmwarer6300_firmwared8500_firmwaredgn2200b_firmwarer6250_firmwarer7900pxr500r7000p_firmwared7800_firmwarer8500d8500wndr3400_firmwaredgn2200br6700r8300_firmwarer7000wnr3500l_firmwared6000r6900d6400r7000pwnr3500ldgn2200_firmwarer6900_firmwarer7900_firmwared6100r6300r6400r6700_firmwarer7900p_firmwarer8000_firmwarer6250n/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2021-45568
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-8.4||HIGH
EPSS-0.21% / 43.42%
||
7 Day CHG~0.00%
Published-26 Dec, 2021 | 00:47
Updated-04 Aug, 2024 | 04:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-rbs850rbk752_firmwarerbk752rbs750_firmwarerbr750rbs750rbs850_firmwarerbr850rbk852_firmwarerbr750_firmwarerbk852rbr850_firmwaren/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2021-45628
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.6||CRITICAL
EPSS-0.76% / 72.34%
||
7 Day CHG~0.00%
Published-26 Dec, 2021 | 00:33
Updated-04 Aug, 2024 | 04:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR40 before 2.5.0.24, CBR750 before 3.2.18.2, RBK752 before 3.2.17.12, RBR750 before 3.2.17.12, RBS750 before 3.2.17.12, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, RBS850 before 3.2.17.12, RBS40V before 2.6.2.4, and RBW30 before 2.6.2.2.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-rbs40v_firmwarerbs40vcbr40_firmwarerbw30_firmwarerbs750_firmwarecbr750rbs850_firmwarerbr850rbr750_firmwarecbr750_firmwarerbw30cbr40rbs850rbk752_firmwarerbk752rbr750rbs750rbk852_firmwarerbk852rbr850_firmwaren/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2021-45538
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-8.4||HIGH
EPSS-0.46% / 63.13%
||
7 Day CHG~0.00%
Published-26 Dec, 2021 | 00:54
Updated-04 Aug, 2024 | 04:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RAX75 before 1.0.3.106, RAX80 before 1.0.3.106, RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-rax80rbs750_firmwarerbs850_firmwarerax75rbr850rax80_firmwarerbr750_firmwarerbs850rbk752_firmwarerbk752rbr750rbs750rax75_firmwarerbk852_firmwarerbk852rbr850_firmwaren/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2021-45544
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-8.4||HIGH
EPSS-0.54% / 66.56%
||
7 Day CHG~0.00%
Published-26 Dec, 2021 | 00:53
Updated-04 Aug, 2024 | 04:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects R7850 before 1.0.5.74, R7900P before 1.4.2.84, R7960P before 1.4.2.84, R8000 before 1.0.4.74, R8000P before 1.4.2.84, RAX200 before 1.0.4.120, RAX75 before 1.0.4.120, RAX80 before 1.0.4.120, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-rax200_firmwarerax80r7900p_firmwarerbr850_firmwarer7850_firmwarerbs850_firmwarer8000rax75rbr850rax80_firmwarer8000prbs850r7960pr8000p_firmwarer7960p_firmwarer7850rax200rax75_firmwarerbk852_firmwarerbk852r7900pr8000_firmwaren/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2021-45536
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-8.4||HIGH
EPSS-0.16% / 37.86%
||
7 Day CHG~0.00%
Published-26 Dec, 2021 | 00:54
Updated-04 Aug, 2024 | 04:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RAX75 before 1.0.3.106, RAX80 before 1.0.3.106, RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-rax80rbs750_firmwarerbs850_firmwarerax75rbr850rax80_firmwarerbr750_firmwarerbs850rbk752_firmwarerbk752rbr750rbs750rax75_firmwarerbk852_firmwarerbk852rbr850_firmwaren/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2021-45532
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.14% / 35.49%
||
7 Day CHG~0.00%
Published-26 Dec, 2021 | 00:57
Updated-04 Aug, 2024 | 04:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NETGEAR R8000 devices before 1.0.4.76 are affected by command injection by an authenticated user.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-r8000r8000_firmwaren/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2021-45575
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-8.4||HIGH
EPSS-0.14% / 35.42%
||
7 Day CHG~0.00%
Published-26 Dec, 2021 | 00:44
Updated-04 Aug, 2024 | 04:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-rbs850rbk752_firmwarerbk752rbs750_firmwarerbr750rbs750rbs850_firmwarerbr850rbk852_firmwarerbr750_firmwarerbk852rbr850_firmwaren/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2021-45587
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-8.4||HIGH
EPSS-0.20% / 42.71%
||
7 Day CHG~0.00%
Published-26 Dec, 2021 | 00:42
Updated-04 Aug, 2024 | 04:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-rbs850rbk752_firmwarerbk752rbs750_firmwarerbr750rbs750rbs850_firmwarerbr850rbk852_firmwarerbr750_firmwarerbk852rbr850_firmwaren/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2021-45615
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.6||CRITICAL
EPSS-0.50% / 64.80%
||
7 Day CHG+0.32%
Published-26 Dec, 2021 | 00:36
Updated-04 Aug, 2024 | 04:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR40 before 2.5.0.24, CBR750 before 4.6.3.6, R7900P before 1.4.2.84, R7960P before 1.4.2.84, R8000P before 1.4.2.84, R8300 before 1.0.2.154, R8500 before 1.0.2.154, RBK752 before 3.2.17.12, RBR750 before 3.2.17.12, RBS750 before 3.2.17.12, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-r8500cbr40_firmwarerbr850_firmwarerbs750_firmwarecbr750r8300_firmwarerbs850_firmwarerbr850rbr750_firmwarecbr750_firmwarer8000pcbr40r8300r8500_firmwarer7960prbs850rbk752_firmwarerbk752rbr750r8000p_firmwarerbs750r7960p_firmwarerbk852_firmwarerbk852r7900pr7900p_firmwaren/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2021-45563
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-8.4||HIGH
EPSS-0.11% / 30.31%
||
7 Day CHG~0.00%
Published-26 Dec, 2021 | 00:48
Updated-04 Aug, 2024 | 04:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-rbs850rbk752_firmwarerbk752rbs750_firmwarerbr750rbs750rbs850_firmwarerbr850rbk852_firmwarerbr750_firmwarerbk852rbr850_firmwaren/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2021-45592
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-8.4||HIGH
EPSS-0.14% / 35.42%
||
7 Day CHG~0.00%
Published-26 Dec, 2021 | 00:41
Updated-04 Aug, 2024 | 04:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-rbs850rbk752_firmwarerbk752rbs750_firmwarerbr750rbs750rbs850_firmwarerbr850rbk852_firmwarerbr750_firmwarerbk852rbr850_firmwaren/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2021-45514
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.6||CRITICAL
EPSS-0.41% / 60.42%
||
7 Day CHG~0.00%
Published-26 Dec, 2021 | 01:00
Updated-04 Aug, 2024 | 04:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NETGEAR XR1000 devices before 1.0.0.58 are affected by command injection by an unauthenticated attacker.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-xr1000_firmwarexr1000n/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2021-45552
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-6.3||MEDIUM
EPSS-0.89% / 74.66%
||
7 Day CHG~0.00%
Published-26 Dec, 2021 | 00:51
Updated-04 Aug, 2024 | 04:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D7800 before 1.0.1.58, R7500v2 before 1.0.3.48, R7800 before 1.0.2.68, R8900 before 1.0.5.2, R9000 before 1.0.5.2, RAX120 before 1.0.1.108, and XR700 before 1.0.1.20.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-r7500v2d7800_firmwarer7800r8900r9000_firmwarerax120_firmwarer8900_firmwarer7800_firmwarer7500v2_firmwared7800xr700_firmwarerax120r9000xr700n/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2021-45554
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-8.4||HIGH
EPSS-0.14% / 34.08%
||
7 Day CHG~0.00%
Published-26 Dec, 2021 | 00:51
Updated-04 Aug, 2024 | 04:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects R6400 before 1.0.1.74, R6400v2 before 1.0.4.118, R6700v3 before 1.0.4.118, R7000 before 1.0.11.126, R6900P before 1.3.3.140, R7000P before 1.3.3.140, and R8000 before 1.0.4.74.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-r6400v2_firmwarer7000_firmwarer6900pr7000p_firmwarer6700v3r6400v2r6700v3_firmwarer8000r6400r6400_firmwarer7000r7000pr8000_firmwarer6900p_firmwaren/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2021-45591
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-8.4||HIGH
EPSS-0.07% / 21.33%
||
7 Day CHG~0.00%
Published-26 Dec, 2021 | 00:41
Updated-04 Aug, 2024 | 04:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-rbs850rbk752_firmwarerbk752rbs750_firmwarerbr750rbs750rbs850_firmwarerbr850rbk852_firmwarerbr750_firmwarerbk852rbr850_firmwaren/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2021-45582
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-8.4||HIGH
EPSS-0.14% / 35.42%
||
7 Day CHG~0.00%
Published-26 Dec, 2021 | 00:43
Updated-04 Aug, 2024 | 04:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-rbs850rbk752_firmwarerbk752rbs750_firmwarerbr750rbs750rbs850_firmwarerbr850rbk852_firmwarerbr750_firmwarerbk852rbr850_firmwaren/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2021-45539
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-8.4||HIGH
EPSS-0.14% / 34.08%
||
7 Day CHG~0.00%
Published-26 Dec, 2021 | 00:54
Updated-04 Aug, 2024 | 04:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects R7900P before 1.4.2.84, R7960P before 1.4.2.84, R8000 before 1.0.4.74, R8000P before 1.4.2.84, MR60 before 1.0.6.110, RAX20 before 1.0.2.82, RAX45 before 1.0.2.28, RAX80 before 1.0.3.106, MS60 before 1.0.6.110, RAX15 before 1.0.2.82, RAX50 before 1.0.2.28, and RAX75 before 1.0.3.106.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-rax80mr60rax15mr60_firmwarer8000rax75r7900prax80_firmwarer8000prax50r7960prax45ms60_firmwarer8000_firmwarer8000p_firmwarer7960p_firmwarerax15_firmwarerax20rax75_firmwarerax50_firmwarerax45_firmwarerax20_firmwarems60r7900p_firmwaren/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2021-45553
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-8.7||HIGH
EPSS-1.57% / 80.79%
||
7 Day CHG~0.00%
Published-26 Dec, 2021 | 00:51
Updated-04 Aug, 2024 | 04:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects R7000 before 1.0.11.126, R6900P before 1.3.2.126, and R7000P before 1.3.2.126.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-r7000_firmwarer7000p_firmwarer7000r6900pr7000pr6900p_firmwaren/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2021-45579
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-8.4||HIGH
EPSS-0.14% / 35.42%
||
7 Day CHG~0.00%
Published-26 Dec, 2021 | 00:43
Updated-04 Aug, 2024 | 04:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-rbs850rbk752_firmwarerbk752rbs750_firmwarerbr750rbs750rbs850_firmwarerbr850rbk852_firmwarerbr750_firmwarerbk852rbr850_firmwaren/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2021-45601
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-8.4||HIGH
EPSS-0.54% / 66.56%
||
7 Day CHG~0.00%
Published-26 Dec, 2021 | 00:38
Updated-04 Aug, 2024 | 04:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects CBR40 before 2.5.0.24, CBR750 before 4.6.3.6, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-cbr40rbs850cbr40_firmwarecbr750rbs850_firmwarerbr850rbk852_firmwarerbk852cbr750_firmwarerbr850_firmwaren/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2021-45597
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-8.4||HIGH
EPSS-0.63% / 69.47%
||
7 Day CHG~0.00%
Published-26 Dec, 2021 | 00:39
Updated-04 Aug, 2024 | 04:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects CBR40 before 2.5.0.24, CBR750 before 4.6.3.6, RBR850 before 3.2.17.12, RBS850 before 3.2.17.12, and RBS850 before 3.2.17.12.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-cbr40rbs850cbr40_firmwarecbr750rbs850_firmwarerbr850rbk852_firmwarerbk852cbr750_firmwarerbr850_firmwaren/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2021-45540
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-8.4||HIGH
EPSS-0.14% / 34.08%
||
7 Day CHG~0.00%
Published-26 Dec, 2021 | 00:54
Updated-04 Aug, 2024 | 04:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects R7000 before 1.0.11.126, R7900 before 1.0.4.46, R7900P before 1.4.2.84, R7960P before 1.4.2.84, R8000 before 1.0.4.74, R8000P before 1.4.2.84, RAX200 before 1.0.3.106, MR60 before 1.0.6.110, RAX45 before 1.0.2.66, RAX80 before 1.0.3.106, MS60 before 1.0.6.110, RAX50 before 1.0.2.66, and RAX75 before 1.0.3.106.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-rax200_firmwarerax80mr60mr60_firmwarer8000rax75rax80_firmwarer7000r7900r8000prax50r7960prax45ms60_firmwarer7900_firmwarer7000_firmwarer8000_firmwarer8000p_firmwarer7960p_firmwarerax200rax75_firmwarerax50_firmwarerax45_firmwarer7900pms60r7900p_firmwaren/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2021-45594
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-8.4||HIGH
EPSS-0.18% / 40.42%
||
7 Day CHG~0.00%
Published-26 Dec, 2021 | 00:41
Updated-04 Aug, 2024 | 04:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBS50Y before 2.7.3.22, RBR20 before 2.7.3.22, RBR40 before 2.7.3.22, RBR50 before 2.7.3.22, RBS20 before 2.7.3.22, RBS40 before 2.7.3.22, RBS50 before 2.7.3.22, RBK20 before 2.7.3.22, RBK40 before 2.7.3.22, and RBK50 before 2.7.3.22.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-rbs40rbs50y_firmwarerbs40_firmwarerbk20rbr40_firmwarerbs20_firmwarerbs50_firmwarerbs20rbr40rbs50rbs50yrbr50_firmwarerbk40rbr20rbr50rbr20_firmwarerbk50rbk40_firmwarerbk50_firmwarerbk20_firmwaren/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2021-45626
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.6||CRITICAL
EPSS-0.51% / 65.57%
||
7 Day CHG~0.00%
Published-26 Dec, 2021 | 00:34
Updated-04 Aug, 2024 | 04:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects RBK20 before 2.6.1.36, RBR20 before 2.6.1.36, RBS20 before 2.6.1.38, RBK40 before 2.6.1.36, RBR40 before 2.6.1.36, RBS40 before 2.6.1.38, RBK50 before 2.6.1.40, RBR50 before 2.6.1.40, RBS50 before 2.6.1.40, and RBS50Y before 2.6.1.40.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-rbs40rbs50y_firmwarerbs40_firmwarerbk20rbr40_firmwarerbs20_firmwarerbs50_firmwarerbs20rbr40rbs50rbs50yrbr50_firmwarerbk40rbr20rbr50rbr20_firmwarerbk50rbk40_firmwarerbk50_firmwarerbk20_firmwaren/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2021-45629
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.6||CRITICAL
EPSS-0.56% / 67.11%
||
7 Day CHG~0.00%
Published-26 Dec, 2021 | 00:33
Updated-04 Aug, 2024 | 04:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR750 before 4.6.3.6, RBK752 before 3.2.17.12, RBR750 before 3.2.17.12, RBS750 before 3.2.17.12, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-rbs850rbk752_firmwarerbk752rbs750_firmwarerbr750rbs750cbr750rbs850_firmwarerbr850rbk852_firmwarerbr750_firmwarerbk852cbr750_firmwarerbr850_firmwaren/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2021-45546
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-8.4||HIGH
EPSS-0.54% / 66.56%
||
7 Day CHG~0.00%
Published-26 Dec, 2021 | 00:52
Updated-04 Aug, 2024 | 04:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects R7850 before 1.0.5.74, R7900P before 1.4.2.84, R7960P before 1.4.2.84, R8000 before 1.0.4.74, R8000P before 1.4.2.84, RAX200 before 1.0.4.120, RAX75 before 1.0.4.120, RAX80 before 1.0.4.120, RBK752 before 3.2.17.12, RBK852 before 3.2.17.12, RBR750 before 3.2.17.12, RBR850 before 3.2.17.12, RBS750 before 3.2.17.12, and RBS850 before 3.2.17.12.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-rax200_firmwarerax80r7900p_firmwarerbs750_firmwarer7850_firmwarerbr850_firmwarerbs850_firmwarer8000rax75rbr850rax80_firmwarerbr750_firmwarer8000prbs850rbk752_firmwarer7960prbk752rbr750r8000p_firmwarerbs750r7960p_firmwarer7850rax200rax75_firmwarerbk852_firmwarerbk852r7900pr8000_firmwaren/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2021-45577
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-8.4||HIGH
EPSS-0.14% / 34.51%
||
7 Day CHG~0.00%
Published-26 Dec, 2021 | 00:44
Updated-04 Aug, 2024 | 04:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-rbs850rbk752_firmwarerbk752rbs750_firmwarerbr750rbs750rbs850_firmwarerbr850rbk852_firmwarerbr750_firmwarerbk852rbr850_firmwaren/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2021-45578
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-8.4||HIGH
EPSS-0.46% / 63.13%
||
7 Day CHG~0.00%
Published-26 Dec, 2021 | 00:44
Updated-04 Aug, 2024 | 04:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-rbs850rbk752_firmwarerbk752rbs750_firmwarerbr750rbs750rbs850_firmwarerbr850rbk852_firmwarerbr750_firmwarerbk852rbr850_firmwaren/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2021-45633
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.6||CRITICAL
EPSS-0.51% / 65.57%
||
7 Day CHG~0.00%
Published-26 Dec, 2021 | 00:32
Updated-04 Aug, 2024 | 04:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR750 before 4.6.3.6, RBR750 before 3.2.17.12, RBR850 before 3.2.17.12, RBS750 before 3.2.17.12, RBS850 before 3.2.17.12, RBK752 before 3.2.17.12, and RBK852 before 3.2.17.12.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-rbs850rbk752_firmwarerbk752rbs750_firmwarerbr750rbs750cbr750rbs850_firmwarerbr850rbk852_firmwarerbr750_firmwarerbk852cbr750_firmwarerbr850_firmwaren/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2021-45635
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.6||CRITICAL
EPSS-0.76% / 72.34%
||
7 Day CHG~0.00%
Published-26 Dec, 2021 | 00:32
Updated-04 Aug, 2024 | 04:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR750 before 4.6.3.6, RBK752 before 3.2.17.12, RBR750 before 3.2.17.12, RBS750 before 3.2.17.12, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-rbs850rbk752_firmwarerbk752rbs750_firmwarerbr750rbs750cbr750rbs850_firmwarerbr850rbk852_firmwarerbr750_firmwarerbk852cbr750_firmwarerbr850_firmwaren/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2020-27867
Matching Score-6
Assigner-Zero Day Initiative
ShareView Details
Matching Score-6
Assigner-Zero Day Initiative
CVSS Score-6.8||MEDIUM
EPSS-0.13% / 33.67%
||
7 Day CHG~0.00%
Published-11 Feb, 2021 | 23:35
Updated-04 Aug, 2024 | 16:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6020, R6080, R6120, R6220, R6260, R6700v2, R6800, R6900v2, R7450, JNR3210, WNR2020, Nighthawk AC2100, and Nighthawk AC2400 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the mini_httpd service, which listens on TCP port 80 by default. When parsing the funjsq_access_token parameter, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-11653.

Action-Not Available
Vendor-NETGEAR, Inc.
Product-r6850_firmwarer6120r7450_firmwarer6220_firmwareac2600ac2400r6080_firmwarer7200_firmwarer6120_firmwarer6800r6260_firmwarer6260r6220r6020r6330_firmwareac2400_firmwarer7350_firmwarer7400_firmwarer6020_firmwarer7200r6350_firmwarer6080r6230r6700r6330r6800_firmwarer6230_firmwareac2100_firmwarer6900r6900_firmwarer7400ac2100r7450r6350r6850r6700_firmwarer7350ac2600_firmwareMultiple Routers
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2020-26914
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.38% / 58.75%
||
7 Day CHG~0.00%
Published-09 Oct, 2020 | 06:30
Updated-04 Aug, 2024 | 16:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D6200 before 1.1.00.38, D7000 before 1.0.1.78, JR6150 before 1.0.1.24, R6020 before 1.0.0.42, R6050 before 1.0.1.24, R6080 before 1.0.0.42, R6120 before 1.0.0.66, R6220 before 1.1.0.100, R6260 before 1.1.0.64, R6700v2 before 1.2.0.62, R6800 before 1.2.0.62, R6900v2 before 1.2.0.62, R7450 before 1.2.0.62, and WNR2020 before 1.1.0.62.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-r6700v2_firmwared7000wnr2020_firmwarer6120r6080r7450_firmwarewnr2020d7000_firmwarer6220_firmwarer6080_firmwarer6900v2r6120_firmwared6200_firmwarer6800r6900v2_firmwarer6050_firmwarer6700v2r6050r7450r6260_firmwarer6260r6220r6020jr6150_firmwared6200jr6150r6020_firmwarer6800_firmwaren/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2020-26902
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.6||CRITICAL
EPSS-1.77% / 81.90%
||
7 Day CHG~0.00%
Published-09 Oct, 2020 | 06:33
Updated-04 Aug, 2024 | 16:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects RBK752 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-rbs850rbk752_firmwarerbk752rbs750_firmwarerbr750rbs750rbs850_firmwarerbr850rbk852_firmwarerbr750_firmwarerbk852rbr850_firmwaren/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2020-26910
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-8.4||HIGH
EPSS-0.52% / 65.88%
||
7 Day CHG~0.00%
Published-09 Oct, 2020 | 06:31
Updated-04 Aug, 2024 | 16:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects CBR40 before 2.5.0.10, RBK752 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-cbr40rbs850rbk752_firmwarecbr40_firmwarerbk752rbs750_firmwarerbr750rbs750rbs850_firmwarerbr850rbk852_firmwarerbr750_firmwarerbk852rbr850_firmwaren/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2020-26922
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-6.4||MEDIUM
EPSS-0.21% / 43.67%
||
7 Day CHG~0.00%
Published-09 Oct, 2020 | 06:28
Updated-04 Aug, 2024 | 16:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects WC7500 before 6.5.5.24, WC7600 before 6.5.5.24, WC7600v2 before 6.5.5.24, and WC9500 before 6.5.5.24.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-wc7500_firmwarewc7600v2wc7600v2_firmwarewc9500wc7500wc7600_firmwarewc9500_firmwarewc7600n/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2020-26920
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-1.54% / 80.61%
||
7 Day CHG~0.00%
Published-09 Oct, 2020 | 06:28
Updated-04 Aug, 2024 | 16:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects SRK60 before 2.5.3.110, SRR60 before 2.5.3.110, and SRS60 before 2.5.3.110.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-srk60_firmwaresrr60srs60_firmwaresrk60srs60srr60_firmwaren/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2020-26909
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.36% / 57.13%
||
7 Day CHG~0.00%
Published-09 Oct, 2020 | 06:31
Updated-04 Aug, 2024 | 16:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects D7800 before 1.0.1.58 and R7500v2 before 1.0.3.48.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-d7800_firmwarer7500v2r7500v2_firmwared7800n/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2020-26929
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.3||HIGH
EPSS-0.48% / 64.00%
||
7 Day CHG~0.00%
Published-09 Oct, 2020 | 06:26
Updated-04 Aug, 2024 | 16:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects R6220 before 1.1.0.100 and R6230 before 1.1.0.100.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-r6230_firmwarer6220_firmwarer6220r6230n/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2021-45574
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-8.4||HIGH
EPSS-0.08% / 23.82%
||
7 Day CHG~0.00%
Published-26 Dec, 2021 | 00:45
Updated-04 Aug, 2024 | 04:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-rbs850rbk752_firmwarerbk752rbs750_firmwarerbr750rbs750rbs850_firmwarerbr850rbk852_firmwarerbr750_firmwarerbk852rbr850_firmwaren/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • ...
  • 22
  • 23
  • Next
Details not found