CVE-2021-45613

Summary

CVE	CVE-2021-45613
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2021-12-26 01:15:00 UTC
Updated	2022-01-07 19:55:00 UTC
Description	Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR40 before 2.5.0.24, CBR750 before 4.6.3.6, D7000v2 before 1.0.0.74, LAX20 before 1.1.6.28, MK62 before 1.0.6.116, MR60 before 1.0.6.116, MS60 before 1.0.6.116, MR80 before 1.1.2.20, MS80 before 1.1.2.20, RAX15 before 1.0.3.96, RAX20 before 1.0.3.96, RAX200 before 1.0.4.120, RAX45 before 1.0.3.96, RAX50 before 1.0.3.96, RAX43 before 1.0.3.96, RAX40v2 before 1.0.3.96, RAX35v2 before 1.0.3.96, RAX75 before 1.0.4.120, RAX80 before 1.0.4.120, RBK752 before 3.2.17.12, RBR750 before 3.2.17.12, RBS750 before 3.2.17.12, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, RBS850 before 3.2.17.12, and XR1000 before 1.0.0.58.

Risk And Classification

Problem Types: CWE-77

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Hardware	Netgear	Cbr40	-	All	All	All
Operating System	Netgear	Cbr40 Firmware	All	All	All	All
Hardware	Netgear	Cbr750	-	All	All	All
Operating System	Netgear	Cbr750 Firmware	All	All	All	All
Hardware	Netgear	D7000v2	-	All	All	All
Operating System	Netgear	D7000v2 Firmware	All	All	All	All
Hardware	Netgear	Lax20	-	All	All	All
Operating System	Netgear	Lax20 Firmware	All	All	All	All
Hardware	Netgear	Mk62	-	All	All	All
Operating System	Netgear	Mk62 Firmware	All	All	All	All
Hardware	Netgear	Mr60	-	All	All	All
Operating System	Netgear	Mr60 Firmware	All	All	All	All
Hardware	Netgear	Mr80	-	All	All	All
Operating System	Netgear	Mr80 Firmware	All	All	All	All
Hardware	Netgear	Ms60	-	All	All	All
Operating System	Netgear	Ms60 Firmware	All	All	All	All
Hardware	Netgear	Ms80	-	All	All	All
Operating System	Netgear	Ms80 Firmware	All	All	All	All
Hardware	Netgear	Rax15	-	All	All	All
Operating System	Netgear	Rax15 Firmware	All	All	All	All
Hardware	Netgear	Rax20	-	All	All	All
Hardware	Netgear	Rax200	-	All	All	All
Operating System	Netgear	Rax200 Firmware	All	All	All	All
Operating System	Netgear	Rax20 Firmware	All	All	All	All
Hardware	Netgear	Rax35v2	-	All	All	All
Operating System	Netgear	Rax35v2 Firmware	All	All	All	All
Hardware	Netgear	Rax40v2	-	All	All	All
Operating System	Netgear	Rax40v2 Firmware	All	All	All	All
Hardware	Netgear	Rax43	-	All	All	All
Operating System	Netgear	Rax43 Firmware	All	All	All	All
Hardware	Netgear	Rax45	-	All	All	All
Operating System	Netgear	Rax45 Firmware	All	All	All	All
Hardware	Netgear	Rax50	-	All	All	All
Operating System	Netgear	Rax50 Firmware	All	All	All	All
Hardware	Netgear	Rax75	-	All	All	All
Operating System	Netgear	Rax75 Firmware	All	All	All	All
Hardware	Netgear	Rax80	-	All	All	All
Operating System	Netgear	Rax80 Firmware	All	All	All	All
Hardware	Netgear	Rbk752	-	All	All	All
Operating System	Netgear	Rbk752 Firmware	All	All	All	All
Hardware	Netgear	Rbk852	-	All	All	All
Operating System	Netgear	Rbk852 Firmware	All	All	All	All
Hardware	Netgear	Rbr750	-	All	All	All
Operating System	Netgear	Rbr750 Firmware	All	All	All	All
Hardware	Netgear	Rbr850	-	All	All	All
Operating System	Netgear	Rbr850 Firmware	All	All	All	All
Hardware	Netgear	Rbs750	-	All	All	All
Operating System	Netgear	Rbs750 Firmware	All	All	All	All
Hardware	Netgear	Rbs850	-	All	All	All
Operating System	Netgear	Rbs850 Firmware	All	All	All	All
Hardware	Netgear	Xr1000	-	All	All	All
Operating System	Netgear	Xr1000 Firmware	All	All	All	All

References

Reference	Source	Link	Tags
Security Advisory for Pre-Authentication Command Injection on Some Routers and WiFi Systems, PSV-2020-0508 \| Answer \| NETGEAR Support	MISC	kb.netgear.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.