CVE-2021-38528
Summary
| CVE | CVE-2021-38528 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2021-08-11 00:16:00 UTC |
| Updated | 2021-08-18 20:39:00 UTC |
| Description | Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects D8500 before 1.0.3.58, R6900P before 1.3.2.132, R7000P before 1.3.2.132, R7100LG before 1.0.0.64, WNDR3400v3 before 1.0.1.38, and XR300 before 1.0.3.56. |
Risk And Classification
Problem Types: CWE-77
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Hardware | Netgear | D8500 | - | All | All | All |
| Operating System | Netgear | D8500 Firmware | All | All | All | All |
| Hardware | Netgear | R6900p | - | All | All | All |
| Operating System | Netgear | R6900p Firmware | All | All | All | All |
| Hardware | Netgear | R7000p | - | All | All | All |
| Operating System | Netgear | R7000p Firmware | All | All | All | All |
| Hardware | Netgear | R7100lg | - | All | All | All |
| Operating System | Netgear | R7100lg Firmware | All | All | All | All |
| Hardware | Netgear | Wndr3400 | v3 | All | All | All |
| Operating System | Netgear | Wndr3400 Firmware | All | All | All | All |
| Hardware | Netgear | Xr300 | - | All | All | All |
| Operating System | Netgear | Xr300 Firmware | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Security Advisory for Pre-Authentication Command Injection on Some Gateways and Routers, PSV-2020-0297 | Answer | NETGEAR Support | MISC | kb.netgear.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.