CyberSec.Space Logo
Back to CVE Browser

CVE-2021-45630

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0020%
EPSS Percentile22.46th
PublishedDec 26, 2021
Last ModifiedNov 21, 2024

Vulnerability Description

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR40 before 2.5.0.24, CBR750 before 4.6.3.6, RBK752 before 3.2.17.12, RBR750 before 3.2.17.12, RBS750 before 3.2.17.12, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12.

Affected Platforms (CPE)

πŸ’»
Netgear

Cbr40 Firmware

< 2.5.0.24
πŸ’»
Netgear

Cbr750 Firmware

< 4.6.3.6
πŸ’»
Netgear

Rbk752 Firmware

< 3.2.17.12
πŸ’»
Netgear

Rbr750 Firmware

< 3.2.17.12
πŸ’»
Netgear

Rbs750 Firmware

< 3.2.17.12
πŸ’»
Netgear

Rbk852 Firmware

< 3.2.17.12
πŸ’»
Netgear

Rbr850 Firmware

< 3.2.17.12
πŸ’»
Netgear

Rbs850 Firmware

< 3.2.17.12

References & Advisories

πŸ”— https://kb.netgear.com/000064135/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-WiFi-Systems-PSV-2020-0498
πŸ”— https://kb.netgear.com/000064135/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-WiFi-Systems-PSV-2020-0498

Related Vulnerabilities

CVE-2021-2744710.0

Mesa Labs AmegaView version 3.0 is vulnerable to a command injection, which may allow an attacker to remotely execute arbitrary co...

CVE-2021-4445310.0

mySCADA myPRO: Versions 8.20.0 and prior has a vulnerable debug interface which includes a ping utility, which may allow an attack...

CVE-2021-4085010.0

TCMAN GIM is vulnerable to a SQL injection vulnerability inside several available webservice methods in /PC/WebService.asmx.

CVE-2021-2265710.0

mySCADA myPRO: Versions 8.20.0 and prior has a feature where the API password can be specified, which may allow an attacker to inj...