Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2021-45596

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-26 Dec, 2021 | 00:39
Updated At-04 Aug, 2024 | 04:47
Rejected At-
Credits

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects CBR750 before 4.6.3.6, RBK752 before 3.2.17.12, RBR750 before 3.2.17.12, RBS750 before 3.2.17.12, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:26 Dec, 2021 | 00:39
Updated At:04 Aug, 2024 | 04:47
Rejected At:
▼CVE Numbering Authority (CNA)

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects CBR750 before 4.6.3.6, RBK752 before 3.2.17.12, RBR750 before 3.2.17.12, RBS750 before 3.2.17.12, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
3.18.4HIGH
CVSS:3.1/AC:L/AV:A/A:H/C:H/I:H/PR:H/S:C/UI:N
Version: 3.1
Base score: 8.4
Base severity: HIGH
Vector:
CVSS:3.1/AC:L/AV:A/A:H/C:H/I:H/PR:H/S:C/UI:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://kb.netgear.com/000064140/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-WiFi-Systems-PSV-2020-0516
x_refsource_MISC
Hyperlink: https://kb.netgear.com/000064140/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-WiFi-Systems-PSV-2020-0516
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://kb.netgear.com/000064140/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-WiFi-Systems-PSV-2020-0516
x_refsource_MISC
x_transferred
Hyperlink: https://kb.netgear.com/000064140/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-WiFi-Systems-PSV-2020-0516
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:26 Dec, 2021 | 01:15
Updated At:05 Jan, 2022 | 20:41

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects CBR750 before 4.6.3.6, RBK752 before 3.2.17.12, RBR750 before 3.2.17.12, RBS750 before 3.2.17.12, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.18.8HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Secondary3.18.4HIGH
CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Primary2.06.5MEDIUM
AV:N/AC:L/Au:S/C:P/I:P/A:P
Type: Primary
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 8.4
Base severity: HIGH
Vector:
CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 6.5
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:S/C:P/I:P/A:P
CPE Matches
NETGEAR, Inc.
netgear
>>cbr750_firmware>>Versions before 4.6.3.6(exclusive)
cpe:2.3:o:netgear:cbr750_firmware:*:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>cbr750>>-
cpe:2.3:h:netgear:cbr750:-:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>rbk752_firmware>>Versions before 3.2.17.12(exclusive)
cpe:2.3:o:netgear:rbk752_firmware:*:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>rbk752>>-
cpe:2.3:h:netgear:rbk752:-:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>rbr750_firmware>>Versions before 3.2.17.12(exclusive)
cpe:2.3:o:netgear:rbr750_firmware:*:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>rbr750>>-
cpe:2.3:h:netgear:rbr750:-:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>rbs750_firmware>>Versions before 3.2.17.12(exclusive)
cpe:2.3:o:netgear:rbs750_firmware:*:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>rbs750>>-
cpe:2.3:h:netgear:rbs750:-:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>rbk852_firmware>>Versions before 3.2.17.12(exclusive)
cpe:2.3:o:netgear:rbk852_firmware:*:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>rbk852>>-
cpe:2.3:h:netgear:rbk852:-:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>rbr850_firmware>>Versions before 3.2.17.12(exclusive)
cpe:2.3:o:netgear:rbr850_firmware:*:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>rbr850>>-
cpe:2.3:h:netgear:rbr850:-:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>rbs850_firmware>>Versions before 3.2.17.12(exclusive)
cpe:2.3:o:netgear:rbs850_firmware:*:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>rbs850>>-
cpe:2.3:h:netgear:rbs850:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-77Primarynvd@nist.gov
CWE ID: CWE-77
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://kb.netgear.com/000064140/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-WiFi-Systems-PSV-2020-0516cve@mitre.org
Patch
Vendor Advisory
Hyperlink: https://kb.netgear.com/000064140/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-WiFi-Systems-PSV-2020-0516
Source: cve@mitre.org
Resource:
Patch
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

1068Records found
CVE-2021-45561
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-8.4||HIGH
EPSS-0.14% / 34.37%
||
7 Day CHG~0.00%
Published-26 Dec, 2021 | 00:50
Updated-04 Aug, 2024 | 04:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-rbs850rbk752_firmwarerbk752rbs750_firmwarerbr750rbs750rbs850_firmwarerbr850rbk852_firmwarerbr750_firmwarerbk852rbr850_firmwaren/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2021-45588
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-8.4||HIGH
EPSS-0.14% / 34.37%
||
7 Day CHG~0.00%
Published-26 Dec, 2021 | 00:42
Updated-04 Aug, 2024 | 04:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-rbs850rbk752_firmwarerbk752rbs750_firmwarerbr750rbs750rbs850_firmwarerbr850rbk852_firmwarerbr750_firmwarerbk852rbr850_firmwaren/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2021-38518
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-8.4||HIGH
EPSS-1.45% / 80.90%
||
7 Day CHG~0.00%
Published-11 Aug, 2021 | 00:02
Updated-04 Aug, 2024 | 01:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RAX200 before 1.0.4.120, RAX75 before 1.0.4.120, RAX80 before 1.0.4.120, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-rax200_firmwarerbs850rax80rax200rbs850_firmwarerax75_firmwarerax75rbr850rax80_firmwarerbk852_firmwarerbk852rbr850_firmwaren/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2021-38521
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.38% / 59.56%
||
7 Day CHG~0.00%
Published-11 Aug, 2021 | 00:02
Updated-04 Aug, 2024 | 01:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects R6400 before 1.0.1.50, R7900P before 1.4.1.50, R8000P before 1.4.1.50, RAX75 before 1.0.1.62, and RAX80 before 1.0.1.62.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-rax80r8000p_firmwarerax75_firmwarerax75r6400r6400_firmwarerax80_firmwarer7900pr8000pr7900p_firmwaren/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2021-38520
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-6.6||MEDIUM
EPSS-0.30% / 53.56%
||
7 Day CHG~0.00%
Published-11 Aug, 2021 | 00:02
Updated-04 Aug, 2024 | 01:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects R6400 before 1.0.1.52, R6400v2 before 1.0.4.84, R6700v3 before 1.0.4.84, R6700v2 before 1.2.0.62, R6900v2 before 1.2.0.62, and R7000P before 1.3.2.124.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-r6900_firmwarer6700r6400r6400_firmwarer6700_firmwarer6900r7000pr7000p_firmwaren/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2021-29070
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-8.4||HIGH
EPSS-0.27% / 50.93%
||
7 Day CHG~0.00%
Published-23 Mar, 2021 | 07:00
Updated-03 Aug, 2024 | 21:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK852 before 3.2.17.12, RBK853 before 3.2.17.12, RBK854 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-rbs850rbr850_firmwarerbk854_firmwarerbk853rbs850_firmwarerbr850rbk852rbk852_firmwarerbk853_firmwarerbk854n/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2021-29069
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.3||HIGH
EPSS-0.08% / 23.60%
||
7 Day CHG~0.00%
Published-23 Mar, 2021 | 07:00
Updated-03 Aug, 2024 | 21:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects XR450 before 2.3.2.114, XR500 before 2.3.2.114, and WNR2000v5 before 1.0.0.76.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-wnr2000v5_firmwarewnr2000v5xr500_firmwarexr450xr500xr450_firmwaren/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2021-29072
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-8.4||HIGH
EPSS-0.27% / 50.93%
||
7 Day CHG~0.00%
Published-23 Mar, 2021 | 06:59
Updated-03 Aug, 2024 | 21:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK852 before 3.2.17.12, RBK853 before 3.2.17.12, RBK854 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-rbs850rbr850_firmwarerbk854_firmwarerbk853rbs850_firmwarerbr850rbk852rbk852_firmwarerbk853_firmwarerbk854n/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2019-12591
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-1.35% / 80.22%
||
7 Day CHG~0.00%
Published-03 Jun, 2019 | 12:35
Updated-04 Aug, 2024 | 23:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NETGEAR Insight Cloud with firmware before Insight 5.6 allows remote authenticated users to achieve command injection.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-insightn/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2023-33533
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-6.52% / 91.18%
||
7 Day CHG~0.00%
Published-06 Jun, 2023 | 00:00
Updated-08 Jan, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Netgear D6220 with Firmware Version 1.0.0.80, D8500 with Firmware Version 1.0.3.60, R6700 with Firmware Version 1.0.2.26, and R6900 with Firmware Version 1.0.2.26 are vulnerable to Command Injection. If an attacker gains web management privileges, they can inject commands into the post request parameters, gaining shell privileges.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-d6220r6900_firmwared8500r6700d6220_firmwarer6700_firmwared8500_firmwarer6900n/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2019-20659
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-6.4||MEDIUM
EPSS-0.29% / 52.12%
||
7 Day CHG~0.00%
Published-15 Apr, 2020 | 18:48
Updated-05 Aug, 2024 | 02:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects R6400v2 before 1.0.4.84, R6700 before 1.0.2.8, R6700v3 before 1.0.4.84, R6900 before 1.0.2.8, and R7900 before 1.0.3.10.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-r6900_firmwarer7900_firmwarer6700r6400r6400_firmwarer6700_firmwarer7900r6900n/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2025-7407
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-6.41% / 91.11%
||
7 Day CHG+4.96%
Published-10 Jul, 2025 | 13:32
Updated-16 Jul, 2025 | 16:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Netgear D6400 diag.cgi os command injection

A vulnerability, which was classified as critical, was found in Netgear D6400 1.0.0.114. This affects an unknown part of the file diag.cgi. The manipulation of the argument host_name leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early and confirmed the existence of the vulnerability. They reacted very quickly, professional and kind. This vulnerability only affects products that are no longer supported by the maintainer.

Action-Not Available
Vendor-NETGEAR, Inc.
Product-d6400d6400_firmwareD6400
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-4122
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-1.75% / 82.69%
||
7 Day CHG~0.00%
Published-30 Apr, 2025 | 14:31
Updated-12 May, 2025 | 19:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Netgear JWNR2000v2 sub_435E04 command injection

A vulnerability was found in Netgear JWNR2000v2 1.0.0.11. It has been rated as critical. Affected by this issue is the function sub_435E04. The manipulation of the argument host leads to command injection. The attack may be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-NETGEAR, Inc.
Product-jwnr2000v2_firmwarejwnr2000v2JWNR2000v2
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2024-35517
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-8.4||HIGH
EPSS-10.90% / 93.44%
||
7 Day CHG~0.00%
Published-11 Oct, 2024 | 00:00
Updated-13 Mar, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Netgear XR1000 v1.0.0.64 is vulnerable to command injection in usb_remote_smb_conf.cgi via the share_name parameter.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-xr1000xr1000_firmwaren/axr1000
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2024-35518
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-8.4||HIGH
EPSS-0.27% / 50.26%
||
7 Day CHG~0.00%
Published-14 Oct, 2024 | 00:00
Updated-19 Mar, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Netgear EX6120 v1.0.0.68 is vulnerable to Command Injection in genie_fix2.cgi via the wan_dns1_pri parameter.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-ex6120ex6120_firmwaren/aex6120
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2024-35520
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-8.4||HIGH
EPSS-5.36% / 90.14%
||
7 Day CHG~0.00%
Published-14 Oct, 2024 | 00:00
Updated-16 Oct, 2024 | 17:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Netgear R7000 1.0.11.136 is vulnerable to Command Injection in RMT_invite.cgi via device_name2 parameter.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-r7000_firmwarer7000n/ar7000_firmware
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2024-35519
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-8.4||HIGH
EPSS-0.25% / 47.88%
||
7 Day CHG~0.00%
Published-14 Oct, 2024 | 00:00
Updated-17 Mar, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Netgear EX6120 v1.0.0.68, Netgear EX6100 v1.0.2.28, and Netgear EX3700 v1.0.0.96 are vulnerable to command injection in operating_mode.cgi via the ap_mode parameter.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-ex6100_firmwareex6120ex6100ex6120_firmwareex3700ex3700_firmwaren/aex6100ex3700ex6120
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-35522
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-8.4||HIGH
EPSS-0.57% / 68.59%
||
7 Day CHG~0.00%
Published-11 Oct, 2024 | 00:00
Updated-13 Mar, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Netgear EX3700 ' AC750 WiFi Range Extender Essentials Edition before 1.0.0.98 contains an authenticated command injection in operating_mode.cgi via the ap_mode parameter with ap_24g_manual set to 1 and ap_24g_manual_sec set to NotNone.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-ex3700ex3700_firmwaren/aex3700_ac750
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2021-45558
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-8.4||HIGH
EPSS-0.14% / 34.37%
||
7 Day CHG~0.00%
Published-26 Dec, 2021 | 00:50
Updated-04 Aug, 2024 | 04:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-rbs850rbk752_firmwarerbk752rbs750_firmwarerbr750rbs750rbs850_firmwarerbr850rbk852_firmwarerbr750_firmwarerbk852rbr850_firmwaren/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2021-45593
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-8.4||HIGH
EPSS-0.10% / 28.11%
||
7 Day CHG~0.00%
Published-26 Dec, 2021 | 00:41
Updated-04 Aug, 2024 | 04:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBR20 before 2.7.3.22, RBR40 before 2.7.3.22, RBR50 before 2.7.2.102, RBS20 before 2.7.3.22, RBS40 before 2.7.3.22, RBR50 before 2.7.2.102, RBK20 before 2.7.3.22, RBK40 before 2.7.3.22, and RBK50 before 2.7.2.102.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-rbs40rbs40_firmwarerbk20rbr40_firmwarerbs20_firmwarerbs20rbr40rbr50_firmwarerbk40rbr20rbr50rbr20_firmwarerbk50rbk40_firmwarerbk50_firmwarerbk20_firmwaren/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2021-45541
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-8.4||HIGH
EPSS-1.88% / 83.29%
||
7 Day CHG~0.00%
Published-26 Dec, 2021 | 00:53
Updated-04 Aug, 2024 | 04:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects R7900 before 1.0.4.38, R7900P before 1.4.2.84, R8000 before 1.0.4.68, R8000P before 1.4.2.84, RAX200 before 1.0.3.106, MR60 before 1.0.6.110, RAX45 before 1.0.2.72, RAX80 before 1.0.3.106, MS60 before 1.0.6.110, RAX50 before 1.0.2.72, RAX75 before 1.0.3.106, RBR750 before 3.2.16.6, RBR850 before 3.2.16.6, RBS750 before 3.2.16.6, RBS850 before 3.2.16.6, RBK752 before 3.2.16.6, and RBK852 before 3.2.16.6.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-rax80rax75r8000r7900r8000prax50rbs850rax45ms60_firmwarerbr750r8000_firmwarer8000p_firmwarerax200r7900prax200_firmwarerbs750_firmwaremr60mr60_firmwarerbs850_firmwarerbr850rax80_firmwarerbr750_firmwarerbk752_firmwarer7900_firmwarerbk752rbs750rax75_firmwarerax50_firmwarerax45_firmwarerbk852_firmwarerbk852r7900p_firmwarems60rbr850_firmwaren/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2021-45591
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-8.4||HIGH
EPSS-0.13% / 31.79%
||
7 Day CHG~0.00%
Published-26 Dec, 2021 | 00:41
Updated-04 Aug, 2024 | 04:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-rbs850rbk752_firmwarerbk752rbs750_firmwarerbr750rbs750rbs850_firmwarerbr850rbk852_firmwarerbr750_firmwarerbk852rbr850_firmwaren/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2021-45586
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-8.4||HIGH
EPSS-0.27% / 50.93%
||
7 Day CHG~0.00%
Published-26 Dec, 2021 | 00:42
Updated-04 Aug, 2024 | 04:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-rbs850rbk752_firmwarerbk752rbs750_firmwarerbr750rbs750rbs850_firmwarerbr850rbk852_firmwarerbr750_firmwarerbk852rbr850_firmwaren/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2021-45553
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-8.7||HIGH
EPSS-1.16% / 78.71%
||
7 Day CHG~0.00%
Published-26 Dec, 2021 | 00:51
Updated-04 Aug, 2024 | 04:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects R7000 before 1.0.11.126, R6900P before 1.3.2.126, and R7000P before 1.3.2.126.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-r7000_firmwarer7000p_firmwarer7000r6900pr7000pr6900p_firmwaren/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2021-45595
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.6||HIGH
EPSS-0.21% / 42.37%
||
7 Day CHG~0.00%
Published-26 Dec, 2021 | 00:41
Updated-04 Aug, 2024 | 04:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects LBR20 before 2.6.3.50, RBS50Y before 2.7.3.22, RBR10 before 2.7.3.22, RBR20 before 2.7.3.22, RBR40 before 2.7.3.22, RBR50 before 2.7.3.22, RBS10 before 2.7.3.22, RBS20 before 2.7.3.22, RBS40 before 2.7.3.22, RBS50 before 2.7.3.22, RBK12 before 2.7.3.22, RBK20 before 2.7.3.22, RBK40 before 2.7.3.22, and RBK50 before 2.7.3.22.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-rbs40rbs50y_firmwarerbk12rbs40_firmwarerbk20rbr10_firmwarerbr10rbs10_firmwarerbr40_firmwarerbs20_firmwarerbs50_firmwarerbs20rbr40rbs50yrbs50rbr50_firmwarerbk40rbr20rbr50lbr20rbs10rbr20_firmwarerbk50rbk40_firmwarelbr20_firmwarerbk50_firmwarerbk20_firmwarerbk12_firmwaren/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2021-45574
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-8.4||HIGH
EPSS-0.13% / 32.08%
||
7 Day CHG~0.00%
Published-26 Dec, 2021 | 00:45
Updated-04 Aug, 2024 | 04:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-rbs850rbk752_firmwarerbk752rbs750_firmwarerbr750rbs750rbs850_firmwarerbr850rbk852_firmwarerbr750_firmwarerbk852rbr850_firmwaren/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2021-45535
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-8.4||HIGH
EPSS-0.27% / 50.93%
||
7 Day CHG~0.00%
Published-26 Dec, 2021 | 00:54
Updated-04 Aug, 2024 | 04:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RAX200 before 1.0.3.106, RAX80 before 1.0.3.106, RAX75 before 1.0.3.106, RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-rax200_firmwarerax80rbs750_firmwarerbs850_firmwarerax75rbr850rax80_firmwarerbr750_firmwarerbs850rbk752rbr750rbs750rax200rax75_firmwarerbk852_firmwarerbk852rbr850_firmwaren/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2021-45584
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-8.4||HIGH
EPSS-0.46% / 64.13%
||
7 Day CHG~0.00%
Published-26 Dec, 2021 | 00:43
Updated-04 Aug, 2024 | 04:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-rbs850rbk752_firmwarerbk752rbs750_firmwarerbr750rbs750rbs850_firmwarerbr850rbk852_firmwarerbr750_firmwarerbk852rbr850_firmwaren/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2021-45578
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-8.4||HIGH
EPSS-0.46% / 64.13%
||
7 Day CHG~0.00%
Published-26 Dec, 2021 | 00:44
Updated-04 Aug, 2024 | 04:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-rbs850rbk752_firmwarerbk752rbs750_firmwarerbr750rbs750rbs850_firmwarerbr850rbk852_firmwarerbr750_firmwarerbk852rbr850_firmwaren/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2021-45555
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-8.4||HIGH
EPSS-0.27% / 50.91%
||
7 Day CHG~0.00%
Published-26 Dec, 2021 | 00:51
Updated-04 Aug, 2024 | 04:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects R7900P before 1.4.2.84, R7960P before 1.4.2.84, and R8000P before 1.4.2.84.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-r7960pr8000p_firmwarer7960p_firmwarer7900pr8000pr7900p_firmwaren/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2021-45600
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-8.4||HIGH
EPSS-2.20% / 84.53%
||
7 Day CHG~0.00%
Published-26 Dec, 2021 | 00:39
Updated-04 Aug, 2024 | 04:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects CBR750 before 4.6.3.6, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-rbs850cbr750rbs850_firmwarerbr850rbk852rbk852_firmwarecbr750_firmwarerbr850_firmwaren/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2021-45548
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-6.3||MEDIUM
EPSS-0.82% / 74.46%
||
7 Day CHG~0.00%
Published-26 Dec, 2021 | 00:52
Updated-04 Aug, 2024 | 04:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D7800 before 1.0.1.60, DM200 before 1.0.0.66, EX2700 before 1.0.1.56, EX6150v2 before 1.0.1.86, EX6200v2 before 1.0.1.86, EX6250 before 1.0.0.128, EX6400 before 1.0.2.144, EX6400v2 before 1.0.0.128, EX6410 before 1.0.0.128, EX6420 before 1.0.0.128, EX7300 before 1.0.2.144, EX7300v2 before 1.0.0.128, EX7320 before 1.0.0.128, R7500v2 before 1.0.3.46, R7800 before 1.0.2.74, R8900 before 1.0.5.26, R9000 before 1.0.5.2, RAX120 before 1.0.1.128, WN3000RPv2 before 1.0.0.78, WN3000RPv3 before 1.0.2.80, WNR2000v5 before 1.0.0.74, XR500 before 2.3.2.66, RBK20 before 2.7.3.22, RBR20 before 2.7.3.22, RBS20 before 2.7.3.22, RBK40 before 2.7.3.22, RBR40 before 2.7.3.22, and RBS40 before 2.7.3.22.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-wn3000rpv2rbk20ex6400_firmwareex6150v2_firmwareex7300_firmwarer8900_firmwarerbr40_firmwarerbs20_firmwared7800ex6150v2dm200_firmwarerbk20_firmwarerbk40ex7320_firmwareex6410ex6420_firmwarerbr20wn3000rpv3ex7300v2_firmwarewnr2000v5_firmwareex6250_firmwarexr500_firmwarer7500v2_firmwarerbk40_firmwarerax120ex6400v2_firmwarexr500ex7300ex6420ex7300v2rbs40d7800_firmwaredm200r8900ex6250r9000_firmwarewn3000rpv3_firmwarerbs40_firmwarewn3000rpv2_firmwareex6410_firmwarerbs20ex2700rbr40r9000ex6200v2_firmwareex6400v2r7500v2r7800rax120_firmwareex2700_firmwarerbr20_firmwareex7320r7800_firmwareex6400ex6200v2n/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2021-45545
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-8.4||HIGH
EPSS-0.14% / 34.37%
||
7 Day CHG~0.00%
Published-26 Dec, 2021 | 00:53
Updated-04 Aug, 2024 | 04:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects R7850 before 1.0.5.74, R7900P before 1.4.2.84, R7960P before 1.4.2.84, R8000 before 1.0.4.74, R8000P before 1.4.2.84, RAX200 before 1.0.4.120, RAX75 before 1.0.4.120, RAX80 before 1.0.4.120, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-rax200_firmwarerax80r7900p_firmwarerbr850_firmwarer7850_firmwarerbs850_firmwarer8000rax75rbr850rax80_firmwarer8000prbs850r7960pr8000p_firmwarer7960p_firmwarer7850rax200rax75_firmwarerbk852_firmwarerbk852r7900pr8000_firmwaren/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2021-45598
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-8.4||HIGH
EPSS-0.98% / 76.84%
||
7 Day CHG~0.00%
Published-26 Dec, 2021 | 00:39
Updated-04 Aug, 2024 | 04:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects CBR40 before 2.5.0.24, CBR750 before 4.6.3.6, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-cbr40rbs850cbr40_firmwarecbr750rbs850_firmwarerbr850rbk852_firmwarerbk852cbr750_firmwarerbr850_firmwaren/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2021-45560
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-8.4||HIGH
EPSS-0.46% / 64.13%
||
7 Day CHG~0.00%
Published-26 Dec, 2021 | 00:50
Updated-04 Aug, 2024 | 04:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-rbs850rbk752_firmwarerbk752rbs750_firmwarerbr750rbs750rbs850_firmwarerbr850rbk852_firmwarerbr750_firmwarerbk852rbr850_firmwaren/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2021-45559
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-8.4||HIGH
EPSS-0.14% / 34.37%
||
7 Day CHG~0.00%
Published-26 Dec, 2021 | 00:50
Updated-04 Aug, 2024 | 04:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-rbs850rbk752_firmwarerbk752rbs750_firmwarerbr750rbs750rbs850_firmwarerbr850rbk852_firmwarerbr750_firmwarerbk852rbr850_firmwaren/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2021-45569
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-8.4||HIGH
EPSS-0.14% / 34.37%
||
7 Day CHG~0.00%
Published-26 Dec, 2021 | 00:46
Updated-04 Aug, 2024 | 04:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-rbs850rbk752_firmwarerbk752rbs750_firmwarerbr750rbs750rbs850_firmwarerbr850rbk852_firmwarerbr750_firmwarerbk852rbr850_firmwaren/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2021-45585
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-8.4||HIGH
EPSS-0.14% / 34.37%
||
7 Day CHG~0.00%
Published-26 Dec, 2021 | 00:42
Updated-04 Aug, 2024 | 04:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-rbs850rbk752_firmwarerbk752rbs750_firmwarerbr750rbs750rbs850_firmwarerbr850rbk852_firmwarerbr750_firmwarerbk852rbr850_firmwaren/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2021-45566
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-8.4||HIGH
EPSS-0.14% / 34.37%
||
7 Day CHG~0.00%
Published-26 Dec, 2021 | 00:48
Updated-04 Aug, 2024 | 04:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-rbs850rbk752_firmwarerbk752rbs750_firmwarerbr750rbs750rbs850_firmwarerbr850rbk852_firmwarerbr750_firmwarerbk852rbr850_firmwaren/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2021-45570
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-8.4||HIGH
EPSS-0.13% / 32.08%
||
7 Day CHG~0.00%
Published-26 Dec, 2021 | 00:46
Updated-04 Aug, 2024 | 04:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-rbs850rbk752_firmwarerbk752rbs750_firmwarerbr750rbs750rbs850_firmwarerbr850rbk852_firmwarerbr750_firmwarerbk852rbr850_firmwaren/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2021-45579
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-8.4||HIGH
EPSS-0.14% / 34.37%
||
7 Day CHG~0.00%
Published-26 Dec, 2021 | 00:43
Updated-04 Aug, 2024 | 04:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-rbs850rbk752_firmwarerbk752rbs750_firmwarerbr750rbs750rbs850_firmwarerbr850rbk852_firmwarerbr750_firmwarerbk852rbr850_firmwaren/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2023-44450
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-39.20% / 97.31%
||
7 Day CHG~0.00%
Published-03 May, 2024 | 02:14
Updated-07 Feb, 2025 | 01:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NETGEAR ProSAFE Network Management System getNodesByTopologyMapSearch SQL Injection Remote Code Execution Vulnerability

NETGEAR ProSAFE Network Management System getNodesByTopologyMapSearch SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System. Authentication is required to exploit this vulnerability. The specific flaw exists within the getNodesByTopologyMapSearch function. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-21858.

Action-Not Available
Vendor-NETGEAR, Inc.
Product-prosafe_network_management_systemProSAFE Network Management Systemprosafe_network_management_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-41182
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-7.2||HIGH
EPSS-2.46% / 85.35%
||
7 Day CHG~0.00%
Published-03 May, 2024 | 02:11
Updated-07 Feb, 2025 | 01:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NETGEAR ProSAFE Network Management System ZipUtils Directory Traversal Remote Code Execution Vulnerability

NETGEAR ProSAFE Network Management System ZipUtils Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the ZipUtils class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-19716.

Action-Not Available
Vendor-NETGEAR, Inc.
Product-prosafe_network_management_systemProSAFE Network Management Systemprosafe_network_management_system
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2023-38102
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-0.35% / 57.27%
||
7 Day CHG~0.00%
Published-03 May, 2024 | 01:59
Updated-06 Feb, 2025 | 18:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NETGEAR ProSAFE Network Management System createUser Missing Authorization Privilege Escalation Vulnerability

NETGEAR ProSAFE Network Management System createUser Missing Authorization Privilege Escalation Vulnerability. This vulnerability allows remote attackers to escalate privileges on affected installations of NETGEAR ProSAFE Network Management System. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the createUser function. The issue results from the lack of authorization prior to allowing access to functionality. An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the user. Was ZDI-CAN-19726.

Action-Not Available
Vendor-NETGEAR, Inc.
Product-prosafe_network_management_systemProSAFE Network Management Systemprosafe_network_management_system
CWE ID-CWE-862
Missing Authorization
CVE-2023-38926
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.43% / 62.95%
||
7 Day CHG+0.09%
Published-07 Aug, 2023 | 00:00
Updated-11 Oct, 2024 | 13:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Netgear EX6200 v1.0.3.94 was discovered to contain a buffer overflow via the wla_temp_ssid parameter at acosNvramConfig_set.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-ex6200ex6200_firmwaren/aex6200v1
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-38098
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-79.36% / 99.09%
||
7 Day CHG~0.00%
Published-03 May, 2024 | 01:59
Updated-06 Feb, 2025 | 18:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NETGEAR ProSAFE Network Management System UpLoadServlet Unrestricted File Upload Remote Code Execution Vulnerability

NETGEAR ProSAFE Network Management System UpLoadServlet Unrestricted File Upload Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the UpLoadServlet class. The issue results from the lack of proper validation of user-supplied data, which can allow the upload of arbitrary files. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-19720.

Action-Not Available
Vendor-NETGEAR, Inc.
Product-prosafe_network_management_systemProSAFE Network Management Systemprosafe_network_management_system
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2023-38095
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-19.09% / 95.38%
||
7 Day CHG~0.00%
Published-03 May, 2024 | 01:58
Updated-06 Feb, 2025 | 18:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NETGEAR ProSAFE Network Management System MFileUploadController Unrestricted File Upload Remote Code Execution Vulnerability

NETGEAR ProSAFE Network Management System MFileUploadController Unrestricted File Upload Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the MFileUploadController class. The issue results from the lack of proper validation of user-supplied data, which can allow the upload of arbitrary files. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-19717.

Action-Not Available
Vendor-NETGEAR, Inc.
Product-prosafe_network_management_systemProSAFE Network Management Systemprosafe_network_management_system
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2023-38099
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-0.84% / 74.77%
||
7 Day CHG~0.00%
Published-03 May, 2024 | 01:59
Updated-06 Feb, 2025 | 18:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NETGEAR ProSAFE Network Management System getNodesByTopologyMapSearch SQL Injection Remote Code Execution Vulnerability

NETGEAR ProSAFE Network Management System getNodesByTopologyMapSearch SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the getNodesByTopologyMapSearch function. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-19723.

Action-Not Available
Vendor-NETGEAR, Inc.
Product-prosafe_network_management_systemProSAFE Network Management Systemprosafe_network_management_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-48725
Matching Score-8
Assigner-Talos
ShareView Details
Matching Score-8
Assigner-Talos
CVSS Score-7.2||HIGH
EPSS-31.74% / 96.83%
||
7 Day CHG-0.02%
Published-07 Mar, 2024 | 14:59
Updated-04 Nov, 2025 | 19:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A stack-based buffer overflow vulnerability exists in the JSON Parsing getblockschedule() functionality of Netgear RAX30 1.0.11.96 and 1.0.7.78. A specially crafted HTTP request can lead to code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.

Action-Not Available
Vendor-NETGEAR, Inc.
Product-rax30_firmwarerax30RAX30rax30_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-20170
Matching Score-8
Assigner-Tenable Network Security, Inc.
ShareView Details
Matching Score-8
Assigner-Tenable Network Security, Inc.
CVSS Score-8.8||HIGH
EPSS-0.16% / 36.38%
||
7 Day CHG~0.00%
Published-30 Dec, 2021 | 21:31
Updated-03 Aug, 2024 | 17:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Netgear RAX43 version 1.0.3.96 makes use of hardcoded credentials. It does not appear that normal users are intended to be able to manipulate configuration backups due to the fact that they are encrypted. This encryption is accomplished via a password-protected zip file with a hardcoded password (RAX50w!a4udk). By unzipping the configuration using this password, a user can reconfigure settings not intended to be manipulated, re-zip the configuration, and restore a backup causing these settings to be changed.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-rax43_firmwarerax43Netgear RAX43
CWE ID-CWE-798
Use of Hard-coded Credentials
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 21
  • 22
  • Next
Details not found