Vulnerabilites related to netgear - rax43_firmware
Vulnerability from fkie_nvd
Published
2021-12-26 01:15
Modified
2024-11-21 06:32
Severity ?
9.6 (Critical) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR40 before 2.5.0.24, CBR750 before 4.6.3.6, EAX20 before 1.0.0.58, EAX80 before 1.0.1.68, EX7500 before 1.0.0.74, LAX20 before 1.1.6.28, MK62 before 1.0.6.116, MR60 before 1.0.6.116, MS60 before 1.0.6.116, R6400v2 before 1.0.4.118, R6700v3 before 1.0.4.118, R6900P before 1.3.3.140, R7000 before 1.0.11.126, R7000P before 1.3.3.140, R7850 before 1.0.5.74, R7900 before 1.0.4.46, R7900P before 1.4.2.84, R7960P before 1.4.2.84, R8000 before 1.0.4.74, R8000P before 1.4.2.84, RAX15 before 1.0.3.96, RAX20 before 1.0.3.96, RAX200 before 1.0.4.120, RAX35v2 before 1.0.3.96, RAX40v2 before 1.0.3.96, RAX43 before 1.0.3.96, RAX45 before 1.0.3.96, RAX50 before 1.0.3.96, RAX75 before 1.0.4.120, RAX80 before 1.0.4.120, RBK752 before 3.2.17.12, RBK852 before 3.2.17.12, RBR750 before 3.2.17.12, RBR850 before 3.2.17.12, RBS750 before 3.2.17.12, RBS850 before 3.2.17.12, RS400 before 1.5.1.80, XR1000 before 1.0.0.58, and XR300 before 1.0.3.68.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:cbr40_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7483E92A-5858-49B5-9499-E132941F5ACD",
"versionEndExcluding": "2.5.0.24",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:cbr40:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AE0F7E9E-196C-4106-B1C9-C16FA5910A0F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:cbr750_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A87D3ACB-B5A3-4F1F-BF46-73C0AD690D8C",
"versionEndExcluding": "4.6.3.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:cbr750:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CBD14EFC-C6EF-485B-A594-73B8525704A5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:eax20_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FCA48F47-FC18-4953-BA90-1F4F3695A2BE",
"versionEndExcluding": "1.0.0.58",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:eax20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A9D3B54B-33C0-4E50-AD2B-2097C612F288",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:eax80_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AC9EE9DE-DD58-46A9-87FB-D284EBE0ACC1",
"versionEndExcluding": "1.0.1.68",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:eax80:-:*:*:*:*:*:*:*",
"matchCriteriaId": "97740F5D-063E-424F-A0FE-09EBE1100975",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:ex7500_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0EB8CD19-4963-42A8-B9E6-63ED5EC35119",
"versionEndExcluding": "1.0.0.74",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:ex7500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "44336289-F9DA-4779-8C1A-0221E29E2E2F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:lax20_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "48709EA4-81F3-4CF1-B9A8-5379309914B0",
"versionEndExcluding": "1.1.6.28",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:lax20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "491CEB8D-22F3-4F86-96F0-03C5C58BA295",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:mk62_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AE40C2D0-0863-4E0F-B3E7-6FD043B46467",
"versionEndExcluding": "1.0.6.116",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:mk62:-:*:*:*:*:*:*:*",
"matchCriteriaId": "69A79475-37BE-47BD-A629-DCEF22500B0B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:mr60_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EA438541-75AE-4D6B-AB56-02760D08D465",
"versionEndExcluding": "1.0.6.116",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:mr60:-:*:*:*:*:*:*:*",
"matchCriteriaId": "65BB3ECD-2F0B-4625-A1DB-F6CEFC46E277",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:ms60_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2234C485-F411-48CC-9A0B-AA49B6961E38",
"versionEndExcluding": "1.0.6.116",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:ms60:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F003F064-591C-4D7C-9EC4-D0E553BC6683",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6400v2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0095B9D4-E161-4050-B283-2166CB86CB24",
"versionEndExcluding": "1.0.4.118",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6400v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AFE6B3A8-0601-44EA-AD9B-3BDDE6654FDF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6700v3_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0702F9B6-2DAC-4308-8737-9F85AD28E847",
"versionEndExcluding": "1.0.4.118",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6700v3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C88DA385-5FAE-49EC-80D6-78F81E7EEC16",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6900p_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "94795476-184B-4E7D-9D8B-ECB45609108E",
"versionEndExcluding": "1.3.3.140",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6900p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C41908FF-AE64-4949-80E3-BEE061B2DA8A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r7000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A0E06EFF-9D71-43DB-A304-9A41998FD68A",
"versionEndExcluding": "1.0.11.126",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r7000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C9F86FF6-AB32-4E51-856A-DDE790C0A9A6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r7000p_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C3A7E8BF-8CC3-4806-89F5-FBE01A36A1FD",
"versionEndExcluding": "1.3.3.140",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r7000p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DFE55F4D-E98B-46D3-B870-041141934CD1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r7850_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8491F80C-E57A-4862-B969-F43799A47D06",
"versionEndExcluding": "1.0.5.74",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r7850:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DAF94D73-B6D0-4334-9A41-83AA92B7C6DF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r7900_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4195BC65-A849-4C3A-B726-E013CEB57F32",
"versionEndExcluding": "1.0.4.46",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r7900:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C484840F-AF30-4B5C-821A-4DB9BE407BDB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r7900p_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EA344C08-94F1-47F8-9607-3D854B890E19",
"versionEndExcluding": "1.4.2.84",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r7900p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F3D6A70D-66AF-4064-9F1B-4358D4B1F016",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r7960p_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "33B2293C-09AD-4B5A-B2A0-923E2B9923AA",
"versionEndExcluding": "1.4.2.84",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r7960p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "091CEDB5-0069-4253-86D8-B9FE17CB9F24",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r8000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A662FDCF-DC41-4DC9-B77E-BE1D636AC0B3",
"versionEndExcluding": "1.0.4.74",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r8000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5B39F095-8FE8-43FD-A866-7B613B495984",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r8000p_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4905D866-2326-487F-AAA5-96ABA0DBD56E",
"versionEndExcluding": "1.4.2.84",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r8000p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F7EF872D-2537-4FEB-8799-499FC9D44339",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rax15_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2268D5EF-E7FA-4112-A468-507417E18FFF",
"versionEndExcluding": "1.0.3.96",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rax15:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B624B4D3-BCF4-4F95-B401-A88BEC3145A5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rax20_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "31289572-2197-4A38-8353-CA4AAD491160",
"versionEndExcluding": "1.0.3.96",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rax20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7038703C-C79D-4DD4-8B16-E1A5FC6694C0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rax200_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6334DE4D-E78B-4582-9C6F-6123DA5192C7",
"versionEndExcluding": "1.0.4.120",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rax200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "58EB0F2F-FB5C-47D9-9AE6-087AE517B3F9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rax35v2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "841D857C-3387-43E0-A3AF-0E81CBEE3E40",
"versionEndExcluding": "1.0.3.96",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rax35v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9358B2F2-D24E-434D-AEE5-6CE093598793",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rax40v2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4FF0E5B9-8D2D-4A3F-881E-2E3122B3577C",
"versionEndExcluding": "1.0.3.96",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rax40v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3CEAD12D-6D90-4CFB-9E59-2CEBD400C567",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rax43_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8AC89EAA-344C-438E-A5A5-2C34CF699743",
"versionEndExcluding": "1.0.3.96",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rax43:-:*:*:*:*:*:*:*",
"matchCriteriaId": "178BB386-F66C-4CE8-9283-37D22B304691",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rax45_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0706367A-3F60-4564-8689-E0A46DDC31C2",
"versionEndExcluding": "1.0.3.96",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rax45:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4B08BD69-CDCC-4CEB-B887-4E47D2B45D26",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rax50_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "679C4EC5-D17E-469B-A28F-BF5E231CED3D",
"versionEndExcluding": "1.0.3.96",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rax50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C430976E-24C0-4EA7-BF54-F9C188AB9C01",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rax75_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BDF9F3BA-4239-4F4D-A65E-A6752A5420F6",
"versionEndExcluding": "1.0.4.120",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rax75:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1BAA74D7-36A1-4494-96A2-BD0D2D6BF22F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rax80_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "334BB384-5C29-4D24-9F82-B8EE8D0CA8BF",
"versionEndExcluding": "1.0.4.120",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rax80:-:*:*:*:*:*:*:*",
"matchCriteriaId": "06B5A85C-3588-4263-B9AD-4E56D3F6CB16",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rbk752_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D8D90FF3-F5CE-43DF-ACF7-C64DBDCCA185",
"versionEndExcluding": "3.2.17.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rbk752:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A45832BD-114D-42F1-B9F1-7532496D30A6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rbk852_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "845C1FCC-F54B-452A-B121-1CD1A7867027",
"versionEndExcluding": "3.2.17.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rbk852:-:*:*:*:*:*:*:*",
"matchCriteriaId": "14F257FE-31CE-4F74-829D-29407D74ADF7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rbr750_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B6AE1767-9D9A-4E9E-B088-6727FACFDE5C",
"versionEndExcluding": "3.2.17.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rbr750:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C13F5C69-FA9B-472A-9036-0C2967BDCDE9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rbr850_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "01E0EF50-145F-407A-8915-4EFFCD833505",
"versionEndExcluding": "3.2.17.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rbr850:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D92E4C8E-222A-476C-8273-F7171FC61F0B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rbs750_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F614A1AB-F0C0-45D7-8D91-ECA3C1AA9165",
"versionEndExcluding": "3.2.17.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rbs750:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B529194C-C440-4BC3-850F-0613FC548F86",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rbs850_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0DC5A075-0619-409C-B057-41015B8C54B3",
"versionEndExcluding": "3.2.17.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rbs850:-:*:*:*:*:*:*:*",
"matchCriteriaId": "221CA950-E984-44CD-9E1B-3AADE3CEBE52",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rs400_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "95AF0FA9-F2C5-4D84-BF37-AA8CB6EC3C4A",
"versionEndExcluding": "1.5.1.80",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rs400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2700644E-0940-4D05-B3CA-904D91739E58",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:xr1000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F615F516-29EF-4C15-9E18-C5D4F6291A38",
"versionEndExcluding": "1.0.0.58",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:xr1000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4FD4ED11-4130-47DA-8A9D-55B8F6E3E213",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:xr300_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3AE70236-D1C6-4B58-8385-1FA5F71916AF",
"versionEndExcluding": "1.0.3.68",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:xr300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5590CF28-B88A-4755-904B-1BC1778FBEDD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR40 before 2.5.0.24, CBR750 before 4.6.3.6, EAX20 before 1.0.0.58, EAX80 before 1.0.1.68, EX7500 before 1.0.0.74, LAX20 before 1.1.6.28, MK62 before 1.0.6.116, MR60 before 1.0.6.116, MS60 before 1.0.6.116, R6400v2 before 1.0.4.118, R6700v3 before 1.0.4.118, R6900P before 1.3.3.140, R7000 before 1.0.11.126, R7000P before 1.3.3.140, R7850 before 1.0.5.74, R7900 before 1.0.4.46, R7900P before 1.4.2.84, R7960P before 1.4.2.84, R8000 before 1.0.4.74, R8000P before 1.4.2.84, RAX15 before 1.0.3.96, RAX20 before 1.0.3.96, RAX200 before 1.0.4.120, RAX35v2 before 1.0.3.96, RAX40v2 before 1.0.3.96, RAX43 before 1.0.3.96, RAX45 before 1.0.3.96, RAX50 before 1.0.3.96, RAX75 before 1.0.4.120, RAX80 before 1.0.4.120, RBK752 before 3.2.17.12, RBK852 before 3.2.17.12, RBR750 before 3.2.17.12, RBR850 before 3.2.17.12, RBS750 before 3.2.17.12, RBS850 before 3.2.17.12, RS400 before 1.5.1.80, XR1000 before 1.0.0.58, and XR300 before 1.0.3.68."
},
{
"lang": "es",
"value": "Determinados dispositivos NETGEAR est\u00e1n afectados por una inyecci\u00f3n de comandos por parte de un atacante no autenticado. Esto afecta a CBR40 versiones anteriores a 2.5.0.24, CBR750 versiones anteriores a 4.6.3.6, EAX20 versiones anteriores a 1.0.0.58, EAX80 versiones anteriores a 1.0.1.68, EX7500 versiones anteriores a 1.0.0.74, LAX20 versiones anteriores a 1.1.6.28, MK62 versiones anteriores a 1.0.6.116, MR60 versiones anteriores a 1.0.6.116, MS60 versiones anteriores a 1.0.6.116, R6400v2 versiones anteriores a 1.0. 4.118, R6700v3 versiones anteriores a 1.0.4.118, R6900P versiones anteriores a 1.3.3.140, R7000 versiones anteriores a 1.0.11.126, R7000P versiones anteriores a 1.3.3.140, R7850 versiones anteriores a 1.0.5.74, R7900 versiones anteriores a 1.0.4.46, R7900P versiones anteriores a 1.4.2.84, R7960P versiones anteriores a 1.4.2.84, R8000 versiones anteriores a 1.0.4.74, R8000P versiones anteriores a 1. 4.2.84, RAX15 versiones anteriores a 1.0.3.96, RAX20 versiones anteriores a 1.0.3.96, RAX200 versiones anteriores a 1.0.4.120, RAX35v2 versiones anteriores a 1.0.3.96, RAX40v2 versiones anteriores a 1.0.3.96, RAX43 versiones anteriores a 1.0.3.96, RAX45 versiones anteriores a 1.0.3.96, RAX50 versiones anteriores a 1.0.3.96, RAX75 versiones anteriores a 1.0.4.120, RAX80 versiones anteriores a 1. 0.4.120, RBK752 versiones anteriores a 3.2.17.12, RBK852 versiones anteriores a 3.2.17.12, RBR750 versiones anteriores a 3.2.17.12, RBR850 versiones anteriores a 3.2.17.12, RBS750 versiones anteriores a 3.2.17.12, RBS850 versiones anteriores a 3.2.17.12, RS400 versiones anteriores a 1.5.1.80, XR1000 versiones anteriores a 1.0.0.58 y XR300 versiones anteriores a 1.0.3.68"
}
],
"id": "CVE-2021-45612",
"lastModified": "2024-11-21T06:32:40.110",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 6.0,
"source": "cve@mitre.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-12-26T01:15:18.337",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.netgear.com/000064515/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-Router-Extenders-and-WiFi-Systems-PSV-2020-0524"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.netgear.com/000064515/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-Router-Extenders-and-WiFi-Systems-PSV-2020-0524"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-12-30 22:15
Modified
2024-11-21 05:46
Severity ?
Summary
Netgear RAX43 version 1.0.3.96 does not utilize secure communications to the web interface. By default, all communication to/from the device is sent via HTTP, which causes potentially sensitive information (such as usernames and passwords) to be transmitted in cleartext.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| vulnreport@tenable.com | https://www.tenable.com/security/research/tra-2021-55 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.tenable.com/security/research/tra-2021-55 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netgear | rax43_firmware | 1.0.3.96 | |
| netgear | rax43 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rax43_firmware:1.0.3.96:*:*:*:*:*:*:*",
"matchCriteriaId": "411B548E-2E7F-4791-A75C-694AD7614E39",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rax43:-:*:*:*:*:*:*:*",
"matchCriteriaId": "178BB386-F66C-4CE8-9283-37D22B304691",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Netgear RAX43 version 1.0.3.96 does not utilize secure communications to the web interface. By default, all communication to/from the device is sent via HTTP, which causes potentially sensitive information (such as usernames and passwords) to be transmitted in cleartext."
},
{
"lang": "es",
"value": "Netgear RAX43 versi\u00f3n 1.0.3.96, no usa comunicaciones seguras con la interfaz web. Por defecto, toda la comunicaci\u00f3n hacia/desde el dispositivo se env\u00eda por medio de HTTP, lo que causa que informaci\u00f3n potencialmente confidencial (como nombres de usuario y contrase\u00f1as) se transmita en texto sin cifrar.\n"
}
],
"id": "CVE-2021-20169",
"lastModified": "2024-11-21T05:46:03.423",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-12-30T22:15:09.557",
"references": [
{
"source": "vulnreport@tenable.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/research/tra-2021-55"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/research/tra-2021-55"
}
],
"sourceIdentifier": "vulnreport@tenable.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-319"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-12-30 22:15
Modified
2024-11-21 05:46
Severity ?
Summary
Netgear RAX43 version 1.0.3.96 contains a command injection vulnerability. The readycloud cgi application is vulnerable to command injection in the name parameter.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| vulnreport@tenable.com | https://www.tenable.com/security/research/tra-2021-55 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.tenable.com/security/research/tra-2021-55 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netgear | rax43_firmware | 1.0.3.96 | |
| netgear | rax43 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rax43_firmware:1.0.3.96:*:*:*:*:*:*:*",
"matchCriteriaId": "411B548E-2E7F-4791-A75C-694AD7614E39",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rax43:-:*:*:*:*:*:*:*",
"matchCriteriaId": "178BB386-F66C-4CE8-9283-37D22B304691",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Netgear RAX43 version 1.0.3.96 contains a command injection vulnerability. The readycloud cgi application is vulnerable to command injection in the name parameter."
},
{
"lang": "es",
"value": "Netgear RAX43 versi\u00f3n 1.0.3.96, contiene una vulnerabilidad de inyecci\u00f3n de comandos. La aplicaci\u00f3n readycloud cgi es vulnerable a la inyecci\u00f3n de comandos en el par\u00e1metro name."
}
],
"id": "CVE-2021-20167",
"lastModified": "2024-11-21T05:46:03.177",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.7,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:A/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 5.1,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-12-30T22:15:09.457",
"references": [
{
"source": "vulnreport@tenable.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/research/tra-2021-55"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/research/tra-2021-55"
}
],
"sourceIdentifier": "vulnreport@tenable.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-12-26 01:15
Modified
2024-11-21 06:32
Severity ?
4.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
4.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
4.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Summary
Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects CBR750 before 3.2.18.2, D6220 before 1.0.0.68, D6400 before 1.0.0.102, D8500 before 1.0.3.60, LAX20 before 1.1.6.28, MK62 before 1.0.6.116, MR60 before 1.0.6.116, MS60 before 1.0.6.116, R6300v2 before 1.0.4.50, R6400 before 1.0.1.68, R6400v2 before 1.0.4.118, R6700v3 before 1.0.4.118, R6900P before 1.3.3.140, R7000 before 1.0.11.116, R7000P before 1.3.3.140, R7850 before 1.0.5.68, R7900 before 1.0.4.38, R7900P before 1.4.2.84, R7960P before 1.4.2.84, R8000 before 1.0.4.68, R8000P before 1.4.2.84, RAX15 before 1.0.3.96, RAX20 before 1.0.3.96, RAX200 before 1.0.4.120, RAX35v2 before 1.0.3.96, RAX40v2 before 1.0.3.96, RAX43 before 1.0.3.96, RAX45 before 1.0.3.96, RAX50 before 1.0.3.96, RAX75 before 1.0.4.120, RAX80 before 1.0.4.120, RBK752 before 3.2.17.12, RBK852 before 3.2.17.12, RBR750 before 3.2.17.12, RBR850 before 3.2.17.12, RBS750 before 3.2.17.12, RBS850 before 3.2.17.12, RS400 before 1.5.1.80, and XR1000 before 1.0.0.58.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:cbr750_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DCDDC785-6FEC-4D94-86D1-8E55FB0CA6C1",
"versionEndExcluding": "3.2.18.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:cbr750:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CBD14EFC-C6EF-485B-A594-73B8525704A5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:d6220_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ADF65DC4-51D5-4C38-B28D-7EA93B1734A3",
"versionEndExcluding": "1.0.0.68",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:d6220:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F3EEA190-2E9C-4586-BF81-B115532FBA23",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:d6400_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "888A8E0F-93DD-436D-B00C-F469C3BD6E5B",
"versionEndExcluding": "1.0.0.102",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:d6400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7D30939B-86E3-4C78-9B05-686B4994C8B9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:d8500_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "160F53B0-8430-4D85-8ABC-0A64B27DDFBD",
"versionEndExcluding": "1.0.3.60",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:d8500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "814A0114-9A1D-4EA0-9AF4-6968514E4F01",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:lax20_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "48709EA4-81F3-4CF1-B9A8-5379309914B0",
"versionEndExcluding": "1.1.6.28",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:lax20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "491CEB8D-22F3-4F86-96F0-03C5C58BA295",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:mk62_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AE40C2D0-0863-4E0F-B3E7-6FD043B46467",
"versionEndExcluding": "1.0.6.116",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:mk62:-:*:*:*:*:*:*:*",
"matchCriteriaId": "69A79475-37BE-47BD-A629-DCEF22500B0B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:mr60_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EA438541-75AE-4D6B-AB56-02760D08D465",
"versionEndExcluding": "1.0.6.116",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:mr60:-:*:*:*:*:*:*:*",
"matchCriteriaId": "65BB3ECD-2F0B-4625-A1DB-F6CEFC46E277",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:ms60_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2234C485-F411-48CC-9A0B-AA49B6961E38",
"versionEndExcluding": "1.0.6.116",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:ms60:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F003F064-591C-4D7C-9EC4-D0E553BC6683",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6300_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "685E2CA4-AA89-4574-8DB1-7C06D9F0FF2D",
"versionEndExcluding": "1.0.4.50",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6300:v2:*:*:*:*:*:*:*",
"matchCriteriaId": "10938043-F7DF-42C3-8C16-F92CAF8E5576",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6400_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "930E739E-EFDC-49AB-9155-A71C2B25FCD6",
"versionEndExcluding": "1.0.1.68",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3E4CDF6B-3829-44D0-9675-71D7BE83CAA2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6400_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "87F3EAAB-C4C2-47BA-B87A-3CFF0C52EF21",
"versionEndExcluding": "1.0.4.118",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6400:v2:*:*:*:*:*:*:*",
"matchCriteriaId": "52AE9AD2-BC8D-477D-A3D3-891AE52FA5F3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6700_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "57A029C8-4DE3-4393-BD61-E9562C4E17D8",
"versionEndExcluding": "1.0.4.118",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6700:v3:*:*:*:*:*:*:*",
"matchCriteriaId": "5A09A9E8-8C77-4EDB-9483-B3C540EF083A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6900p_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "94795476-184B-4E7D-9D8B-ECB45609108E",
"versionEndExcluding": "1.3.3.140",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6900p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C41908FF-AE64-4949-80E3-BEE061B2DA8A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r7000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D9F1DAD0-F8B8-48D5-B571-C55636B274C3",
"versionEndExcluding": "1.0.11.116",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r7000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C9F86FF6-AB32-4E51-856A-DDE790C0A9A6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r7000p_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C3A7E8BF-8CC3-4806-89F5-FBE01A36A1FD",
"versionEndExcluding": "1.3.3.140",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r7000p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DFE55F4D-E98B-46D3-B870-041141934CD1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r7850_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EF7A1DF8-E9A0-4312-AC37-DEB46E37EE50",
"versionEndExcluding": "1.0.5.68",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r7850:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DAF94D73-B6D0-4334-9A41-83AA92B7C6DF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r7900_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "96390A31-03B8-477B-8710-F797CB44E741",
"versionEndExcluding": "1.0.4.38",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r7900:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C484840F-AF30-4B5C-821A-4DB9BE407BDB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r7900p_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EA344C08-94F1-47F8-9607-3D854B890E19",
"versionEndExcluding": "1.4.2.84",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r7900p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F3D6A70D-66AF-4064-9F1B-4358D4B1F016",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r7960p_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "33B2293C-09AD-4B5A-B2A0-923E2B9923AA",
"versionEndExcluding": "1.4.2.84",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r7960p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "091CEDB5-0069-4253-86D8-B9FE17CB9F24",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r8000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D10E41DC-982F-444A-9A4D-82EC2BA64199",
"versionEndExcluding": "1.0.4.68",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r8000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5B39F095-8FE8-43FD-A866-7B613B495984",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r8000p_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4905D866-2326-487F-AAA5-96ABA0DBD56E",
"versionEndExcluding": "1.4.2.84",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r8000p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F7EF872D-2537-4FEB-8799-499FC9D44339",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rax15_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2268D5EF-E7FA-4112-A468-507417E18FFF",
"versionEndExcluding": "1.0.3.96",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rax15:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B624B4D3-BCF4-4F95-B401-A88BEC3145A5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rax20_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "31289572-2197-4A38-8353-CA4AAD491160",
"versionEndExcluding": "1.0.3.96",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rax20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7038703C-C79D-4DD4-8B16-E1A5FC6694C0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rax200_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6334DE4D-E78B-4582-9C6F-6123DA5192C7",
"versionEndExcluding": "1.0.4.120",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rax200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "58EB0F2F-FB5C-47D9-9AE6-087AE517B3F9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rax35_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "255508E6-628A-4C83-BA39-90C9D05197B7",
"versionEndExcluding": "1.0.3.96",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rax35:v2:*:*:*:*:*:*:*",
"matchCriteriaId": "972BB714-8869-42C6-95F6-2C15AFA65716",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rax40_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "68163CF2-4781-4B87-8E39-62B4DF82A44A",
"versionEndExcluding": "1.0.3.96",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rax40:v2:*:*:*:*:*:*:*",
"matchCriteriaId": "DD5F8B3F-C0D0-496C-A235-A467EA578C28",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rax43_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8AC89EAA-344C-438E-A5A5-2C34CF699743",
"versionEndExcluding": "1.0.3.96",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rax43:-:*:*:*:*:*:*:*",
"matchCriteriaId": "178BB386-F66C-4CE8-9283-37D22B304691",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rax45_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0706367A-3F60-4564-8689-E0A46DDC31C2",
"versionEndExcluding": "1.0.3.96",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rax45:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4B08BD69-CDCC-4CEB-B887-4E47D2B45D26",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rax50_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "679C4EC5-D17E-469B-A28F-BF5E231CED3D",
"versionEndExcluding": "1.0.3.96",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rax50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C430976E-24C0-4EA7-BF54-F9C188AB9C01",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rax75_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BDF9F3BA-4239-4F4D-A65E-A6752A5420F6",
"versionEndExcluding": "1.0.4.120",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rax75:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1BAA74D7-36A1-4494-96A2-BD0D2D6BF22F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rax80_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "334BB384-5C29-4D24-9F82-B8EE8D0CA8BF",
"versionEndExcluding": "1.0.4.120",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rax80:-:*:*:*:*:*:*:*",
"matchCriteriaId": "06B5A85C-3588-4263-B9AD-4E56D3F6CB16",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rbk752_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D8D90FF3-F5CE-43DF-ACF7-C64DBDCCA185",
"versionEndExcluding": "3.2.17.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rbk752:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A45832BD-114D-42F1-B9F1-7532496D30A6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rbk852_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "845C1FCC-F54B-452A-B121-1CD1A7867027",
"versionEndExcluding": "3.2.17.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rbk852:-:*:*:*:*:*:*:*",
"matchCriteriaId": "14F257FE-31CE-4F74-829D-29407D74ADF7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rbr750_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B6AE1767-9D9A-4E9E-B088-6727FACFDE5C",
"versionEndExcluding": "3.2.17.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rbr750:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C13F5C69-FA9B-472A-9036-0C2967BDCDE9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rbr850_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "01E0EF50-145F-407A-8915-4EFFCD833505",
"versionEndExcluding": "3.2.17.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rbr850:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D92E4C8E-222A-476C-8273-F7171FC61F0B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rbs750_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F614A1AB-F0C0-45D7-8D91-ECA3C1AA9165",
"versionEndExcluding": "3.2.17.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rbs750:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B529194C-C440-4BC3-850F-0613FC548F86",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rbs850_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0DC5A075-0619-409C-B057-41015B8C54B3",
"versionEndExcluding": "3.2.17.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rbs850:-:*:*:*:*:*:*:*",
"matchCriteriaId": "221CA950-E984-44CD-9E1B-3AADE3CEBE52",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rs400_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "95AF0FA9-F2C5-4D84-BF37-AA8CB6EC3C4A",
"versionEndExcluding": "1.5.1.80",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rs400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2700644E-0940-4D05-B3CA-904D91739E58",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:xr1000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F615F516-29EF-4C15-9E18-C5D4F6291A38",
"versionEndExcluding": "1.0.0.58",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:xr1000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4FD4ED11-4130-47DA-8A9D-55B8F6E3E213",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects CBR750 before 3.2.18.2, D6220 before 1.0.0.68, D6400 before 1.0.0.102, D8500 before 1.0.3.60, LAX20 before 1.1.6.28, MK62 before 1.0.6.116, MR60 before 1.0.6.116, MS60 before 1.0.6.116, R6300v2 before 1.0.4.50, R6400 before 1.0.1.68, R6400v2 before 1.0.4.118, R6700v3 before 1.0.4.118, R6900P before 1.3.3.140, R7000 before 1.0.11.116, R7000P before 1.3.3.140, R7850 before 1.0.5.68, R7900 before 1.0.4.38, R7900P before 1.4.2.84, R7960P before 1.4.2.84, R8000 before 1.0.4.68, R8000P before 1.4.2.84, RAX15 before 1.0.3.96, RAX20 before 1.0.3.96, RAX200 before 1.0.4.120, RAX35v2 before 1.0.3.96, RAX40v2 before 1.0.3.96, RAX43 before 1.0.3.96, RAX45 before 1.0.3.96, RAX50 before 1.0.3.96, RAX75 before 1.0.4.120, RAX80 before 1.0.4.120, RBK752 before 3.2.17.12, RBK852 before 3.2.17.12, RBR750 before 3.2.17.12, RBR850 before 3.2.17.12, RBS750 before 3.2.17.12, RBS850 before 3.2.17.12, RS400 before 1.5.1.80, and XR1000 before 1.0.0.58."
},
{
"lang": "es",
"value": "Determinados dispositivos NETGEAR est\u00e1n afectados por un desbordamiento del b\u00fafer en la regi\u00f3n stack de la memoria por parte de un usuario autenticado. Esto afecta a CBR750 versiones anteriores a 3.2.18.2, D6220 versiones anteriores a 1.0.0.68, D6400 versiones anteriores a 1.0.0.102, D8500 versiones anteriores a 1.0.3.60, LAX20 versiones anteriores a 1.1.6.28, MK62 versiones anteriores a 1.0.6.116, MR60 versiones anteriores a 1.0.6.116, MS60 versiones anteriores a 1.0.6.116, R6300v2 versiones anteriores a 1.0.4.50, R6400 versiones anteriores a 1.0. 1.68, R6400v2 versiones anteriores a 1.0.4.118, R6700v3 versiones anteriores a 1.0.4.118, R6900P versiones anteriores a 1.3.3.140, R7000 versiones anteriores a 1.0.11.116, R7000P versiones anteriores a 1.3.3.140, R7850 versiones anteriores a 1.0.5.68, R7900 versiones anteriores a 1.0.4.38, R7900P versiones anteriores a 1.4.2.84, R7960P versiones anteriores a 1.4.2.84, R8000 versiones anteriores a 1. 0.4.68, R8000P versiones anteriores a 1.4.2.84, RAX15 versiones anteriores a 1.0.3.96, RAX20 versiones anteriores a 1.0.3.96, RAX200 versiones anteriores a 1.0.4.120, RAX35v2 versiones anteriores a 1.0.3.96, RAX40v2 versiones anteriores a 1.0.3.96, RAX43 versiones anteriores a 1.0.3.96, RAX45 versiones anteriores a 1.0.3.96, RAX50 versiones anteriores a 1.0.3.96, RAX75 versiones anteriores a 1. 0.4.120, RAX80 versiones anteriores a 1.0.4.120, RBK752 versiones anteriores a 3.2.17.12, RBK852 versiones anteriores a 3.2.17.12, RBR750 versiones anteriores a 3.2.17.12, RBR850 versiones anteriores a 3.2.17.12, RBS750 versiones anteriores a 3.2.17.12, RBS850 versiones anteriores a 3.2.17.12, RS400 versiones anteriores a 1.5.1.80 y XR1000 versiones anteriores a 1.0.0.58"
}
],
"id": "CVE-2021-45604",
"lastModified": "2024-11-21T06:32:38.723",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 2.7,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:A/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 5.1,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 3.6,
"source": "cve@mitre.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-12-26T01:15:17.900",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://kb.netgear.com/000064526/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-WiFi-Systems-PSV-2020-0572"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://kb.netgear.com/000064526/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-WiFi-Systems-PSV-2020-0572"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-12-26 01:15
Modified
2024-11-21 06:32
Severity ?
8.4 (High) - CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
6.8 (Medium) - CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.8 (Medium) - CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects LAX20 before 1.1.6.28, MK62 before 1.1.6.122, MR60 before 1.1.6.122, MS60 before 1.1.6.122, R6400v2 before 1.0.4.118, R6700v3 before 1.0.4.118, R6900P before 1.3.3.140, R7000 before 1.0.11.116, R7000P before 1.3.3.140, R7850 before 1.0.5.68, R7900 before 1.0.4.38, R7900P before 1.4.2.84, R7960P before 1.4.2.84, R8000 before 1.0.4.68, R8000P before 1.4.2.84, RAX15 before 1.0.3.96, RAX20 before 1.0.3.96, RAX200 before 1.0.4.120, RAX35v2 before 1.0.3.96, RAX40v2 before 1.0.3.96, RAX43 before 1.0.3.96, RAX45 before 1.0.3.96, RAX50 before 1.0.3.96, RAX75 before 1.0.4.120, RAX80 before 1.0.4.120, RS400 before 1.5.1.80, and XR1000 before 1.0.0.58.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:lax20_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "48709EA4-81F3-4CF1-B9A8-5379309914B0",
"versionEndExcluding": "1.1.6.28",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:lax20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "491CEB8D-22F3-4F86-96F0-03C5C58BA295",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:mk62_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0A6768BE-C869-4CC5-B683-08B8E4DDD683",
"versionEndExcluding": "1.1.6.122",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:mk62:-:*:*:*:*:*:*:*",
"matchCriteriaId": "69A79475-37BE-47BD-A629-DCEF22500B0B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:mr60_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4F6E7187-B191-473D-9E9D-0990447AB8C6",
"versionEndExcluding": "1.1.6.122",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:mr60:-:*:*:*:*:*:*:*",
"matchCriteriaId": "65BB3ECD-2F0B-4625-A1DB-F6CEFC46E277",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:ms60_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "476B2ED6-D7C9-4B84-BCD0-9C98B80A5F53",
"versionEndExcluding": "1.1.6.122",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:ms60:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F003F064-591C-4D7C-9EC4-D0E553BC6683",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6400_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "87F3EAAB-C4C2-47BA-B87A-3CFF0C52EF21",
"versionEndExcluding": "1.0.4.118",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3E4CDF6B-3829-44D0-9675-71D7BE83CAA2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6700_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "57A029C8-4DE3-4393-BD61-E9562C4E17D8",
"versionEndExcluding": "1.0.4.118",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6700:v3:*:*:*:*:*:*:*",
"matchCriteriaId": "5A09A9E8-8C77-4EDB-9483-B3C540EF083A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6900p_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "94795476-184B-4E7D-9D8B-ECB45609108E",
"versionEndExcluding": "1.3.3.140",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6900p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C41908FF-AE64-4949-80E3-BEE061B2DA8A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r7000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D9F1DAD0-F8B8-48D5-B571-C55636B274C3",
"versionEndExcluding": "1.0.11.116",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r7000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C9F86FF6-AB32-4E51-856A-DDE790C0A9A6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r7000p_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C3A7E8BF-8CC3-4806-89F5-FBE01A36A1FD",
"versionEndExcluding": "1.3.3.140",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r7000p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DFE55F4D-E98B-46D3-B870-041141934CD1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r7850_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EF7A1DF8-E9A0-4312-AC37-DEB46E37EE50",
"versionEndExcluding": "1.0.5.68",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r7850:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DAF94D73-B6D0-4334-9A41-83AA92B7C6DF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r7900_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "96390A31-03B8-477B-8710-F797CB44E741",
"versionEndExcluding": "1.0.4.38",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r7900:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C484840F-AF30-4B5C-821A-4DB9BE407BDB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r7900p_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EA344C08-94F1-47F8-9607-3D854B890E19",
"versionEndExcluding": "1.4.2.84",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r7900p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F3D6A70D-66AF-4064-9F1B-4358D4B1F016",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r7960p_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "33B2293C-09AD-4B5A-B2A0-923E2B9923AA",
"versionEndExcluding": "1.4.2.84",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r7960p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "091CEDB5-0069-4253-86D8-B9FE17CB9F24",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r8000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D10E41DC-982F-444A-9A4D-82EC2BA64199",
"versionEndExcluding": "1.0.4.68",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r8000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5B39F095-8FE8-43FD-A866-7B613B495984",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r8000p_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4905D866-2326-487F-AAA5-96ABA0DBD56E",
"versionEndExcluding": "1.4.2.84",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r8000p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F7EF872D-2537-4FEB-8799-499FC9D44339",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rax15_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2268D5EF-E7FA-4112-A468-507417E18FFF",
"versionEndExcluding": "1.0.3.96",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rax15:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B624B4D3-BCF4-4F95-B401-A88BEC3145A5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rax20_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "31289572-2197-4A38-8353-CA4AAD491160",
"versionEndExcluding": "1.0.3.96",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rax20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7038703C-C79D-4DD4-8B16-E1A5FC6694C0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rax200_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6334DE4D-E78B-4582-9C6F-6123DA5192C7",
"versionEndExcluding": "1.0.4.120",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rax200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "58EB0F2F-FB5C-47D9-9AE6-087AE517B3F9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rax35_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "255508E6-628A-4C83-BA39-90C9D05197B7",
"versionEndExcluding": "1.0.3.96",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rax35:v2:*:*:*:*:*:*:*",
"matchCriteriaId": "972BB714-8869-42C6-95F6-2C15AFA65716",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rax40_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "68163CF2-4781-4B87-8E39-62B4DF82A44A",
"versionEndExcluding": "1.0.3.96",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rax40:-:*:*:*:*:*:*:*",
"matchCriteriaId": "13D54346-4B03-4296-B050-04EB8CFCA732",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rax43_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8AC89EAA-344C-438E-A5A5-2C34CF699743",
"versionEndExcluding": "1.0.3.96",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rax43:-:*:*:*:*:*:*:*",
"matchCriteriaId": "178BB386-F66C-4CE8-9283-37D22B304691",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rax45_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0706367A-3F60-4564-8689-E0A46DDC31C2",
"versionEndExcluding": "1.0.3.96",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rax45:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4B08BD69-CDCC-4CEB-B887-4E47D2B45D26",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rax50_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "679C4EC5-D17E-469B-A28F-BF5E231CED3D",
"versionEndExcluding": "1.0.3.96",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rax50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C430976E-24C0-4EA7-BF54-F9C188AB9C01",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rax75_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BDF9F3BA-4239-4F4D-A65E-A6752A5420F6",
"versionEndExcluding": "1.0.4.120",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rax75:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1BAA74D7-36A1-4494-96A2-BD0D2D6BF22F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rax80_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "334BB384-5C29-4D24-9F82-B8EE8D0CA8BF",
"versionEndExcluding": "1.0.4.120",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rax80:-:*:*:*:*:*:*:*",
"matchCriteriaId": "06B5A85C-3588-4263-B9AD-4E56D3F6CB16",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rs400_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "95AF0FA9-F2C5-4D84-BF37-AA8CB6EC3C4A",
"versionEndExcluding": "1.5.1.80",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rs400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2700644E-0940-4D05-B3CA-904D91739E58",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:xr1000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F615F516-29EF-4C15-9E18-C5D4F6291A38",
"versionEndExcluding": "1.0.0.58",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:xr1000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4FD4ED11-4130-47DA-8A9D-55B8F6E3E213",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Certain NETGEAR devices are affected by command injection by an authenticated user. This affects LAX20 before 1.1.6.28, MK62 before 1.1.6.122, MR60 before 1.1.6.122, MS60 before 1.1.6.122, R6400v2 before 1.0.4.118, R6700v3 before 1.0.4.118, R6900P before 1.3.3.140, R7000 before 1.0.11.116, R7000P before 1.3.3.140, R7850 before 1.0.5.68, R7900 before 1.0.4.38, R7900P before 1.4.2.84, R7960P before 1.4.2.84, R8000 before 1.0.4.68, R8000P before 1.4.2.84, RAX15 before 1.0.3.96, RAX20 before 1.0.3.96, RAX200 before 1.0.4.120, RAX35v2 before 1.0.3.96, RAX40v2 before 1.0.3.96, RAX43 before 1.0.3.96, RAX45 before 1.0.3.96, RAX50 before 1.0.3.96, RAX75 before 1.0.4.120, RAX80 before 1.0.4.120, RS400 before 1.5.1.80, and XR1000 before 1.0.0.58."
},
{
"lang": "es",
"value": "Determinados dispositivos NETGEAR est\u00e1n afectados por una inyecci\u00f3n de comandos por parte de un usuario autenticado. Esto afecta a LAX20 versiones anteriores a 1.1.6.28, MK62 versiones anteriores a 1.1.6.122, MR60 versiones anteriores a 1.1.6.122, MS60 versiones anteriores a 1.1.6.122, R6400v2 versiones anteriores a 1.0.4.118, R6700v3 versiones anteriores a 1.0.4. 118, R6900P versiones anteriores a 1.3.3.140, R7000 versiones anteriores a 1.0.11.116, R7000P versiones anteriores a 1.3.3.140, R7850 versiones anteriores a 1.0.5.68, R7900 versiones anteriores a 1.0.4.38, R7900P versiones anteriores a 1.4.2.84, R7960P versiones anteriores a 1.4.2. 84, R8000 versiones anteriores a 1.0.4.68, R8000P versiones anteriores a 1.4.2.84, RAX15 versiones anteriores a 1.0.3.96, RAX20 versiones anteriores a 1.0.3.96, RAX200 versiones anteriores a 1.0.4.120, RAX35v2 versiones anteriores a 1.0.3.96, RAX40v2 versiones anteriores a 1.0.3. 96, RAX43 versiones anteriores a 1.0.3.96, RAX45 versiones anteriores a 1.0.3.96, RAX50 versiones anteriores a 1.0.3.96, RAX75 versiones anteriores a 1.0.4.120, RAX80 versiones anteriores a 1.0.4.120, RS400 versiones anteriores a 1.5.1.80 y XR1000 versiones anteriores a 1.0.0.58"
}
],
"id": "CVE-2021-45549",
"lastModified": "2024-11-21T06:32:29.353",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.2,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 5.1,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.7,
"impactScore": 6.0,
"source": "cve@mitre.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-12-26T01:15:15.320",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.netgear.com/000064513/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Routers-Extenders-and-WiFi-Systems-PSV-2020-0517"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.netgear.com/000064513/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Routers-Extenders-and-WiFi-Systems-PSV-2020-0517"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-03-29 19:15
Modified
2024-11-21 06:56
Severity ?
Summary
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of the name or email field provided to libreadycloud.so. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15874.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:cax80_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6A7BD19F-A89B-4941-9422-E4FFBD76DBD2",
"versionEndExcluding": "2.1.3.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:cax80:-:*:*:*:*:*:*:*",
"matchCriteriaId": "673A83EA-E359-4629-8B20-5382C15260B2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:lax20_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BF0F2B55-DBD3-4762-92EA-A01D57277A9D",
"versionEndExcluding": "1.1.6.34",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:lax20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "491CEB8D-22F3-4F86-96F0-03C5C58BA295",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:mr60_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A72582A2-5A44-4ED5-8497-FCAB59A125BE",
"versionEndExcluding": "1.1.6.124",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:mr60:-:*:*:*:*:*:*:*",
"matchCriteriaId": "65BB3ECD-2F0B-4625-A1DB-F6CEFC46E277",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:mr80_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6DC64FD2-5D52-4BA2-8A5B-8AC11BE06243",
"versionEndExcluding": "1.1.6.14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:mr80:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2A086E76-3F23-4C21-AC96-F11372A8A186",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:ms60_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3F50C923-68DC-48EB-A41B-0D3F99B16E1F",
"versionEndExcluding": "1.1.6.124",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:ms60:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F003F064-591C-4D7C-9EC4-D0E553BC6683",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:ms80_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "95E44445-7F76-4CD6-91AC-CEBC46DFA587",
"versionEndExcluding": "1.1.6.14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:ms80:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DE1A0669-790A-4EE7-A0DC-6E1023D6B4F9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6400_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A41218DC-3A06-4582-A8B8-0320F76F3DFC",
"versionEndExcluding": "1.0.1.78",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3E4CDF6B-3829-44D0-9675-71D7BE83CAA2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6400_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AFC79CFE-9036-472C-AB28-FF293BBE1780",
"versionEndExcluding": "1.0.4.126",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6400:v2:*:*:*:*:*:*:*",
"matchCriteriaId": "52AE9AD2-BC8D-477D-A3D3-891AE52FA5F3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6700_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "169E2D0D-7D18-4AF1-8683-346BD1069DC1",
"versionEndExcluding": "1.0.4.126",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6700:v3:*:*:*:*:*:*:*",
"matchCriteriaId": "5A09A9E8-8C77-4EDB-9483-B3C540EF083A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6900p_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E52E9373-C896-405F-9CEC-2E8707B249F5",
"versionEndExcluding": "1.3.3.148",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6900p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C41908FF-AE64-4949-80E3-BEE061B2DA8A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r7000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5376DD03-0DDD-4B0C-A185-EC226515B32A",
"versionEndExcluding": "1.0.11.134",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r7000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C9F86FF6-AB32-4E51-856A-DDE790C0A9A6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r7000p_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5D67D8C3-98DA-4B7D-BA7D-AB5F13E627F9",
"versionEndExcluding": "1.3.3.148",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r7000p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DFE55F4D-E98B-46D3-B870-041141934CD1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r7850_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8EA99A24-E836-40F4-BF61-C4489E3713F0",
"versionEndExcluding": "1.0.5.84",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r7850:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DAF94D73-B6D0-4334-9A41-83AA92B7C6DF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r7900p_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CBD3DCC5-342C-4E66-8BFB-545C2D375A81",
"versionEndExcluding": "1.4.3.88",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r7900p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F3D6A70D-66AF-4064-9F1B-4358D4B1F016",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r7960p_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "150CF98F-A933-4CF2-A4FF-5AF15A9E1E18",
"versionEndExcluding": "1.4.3.88",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r7960p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "091CEDB5-0069-4253-86D8-B9FE17CB9F24",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r8000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "72325BC2-C9AC-4B24-865E-662BDF05BD99",
"versionEndExcluding": "1.0.4.84",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r8000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5B39F095-8FE8-43FD-A866-7B613B495984",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r8000p_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "994D00CD-350B-4059-9C51-BF843C72B45E",
"versionEndExcluding": "1.4.3.88",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r8000p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F7EF872D-2537-4FEB-8799-499FC9D44339",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r8500_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8EE6DCC3-C225-45A3-A6D0-52BA730EC285",
"versionEndExcluding": "1.0.2.158",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r8500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "63500DE4-BDBD-4F86-AB99-7DB084D0B912",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rax15_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2D60F61B-2487-46D7-8B93-4035147AA0AB",
"versionEndExcluding": "1.0.10.110",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rax15:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B624B4D3-BCF4-4F95-B401-A88BEC3145A5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rax20_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "35AE4A8C-19CF-44B0-83F1-F3386305B3E3",
"versionEndExcluding": "1.0.10.110",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rax20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7038703C-C79D-4DD4-8B16-E1A5FC6694C0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rax200_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C706F152-6163-4276-B608-C4AF196E070F",
"versionEndExcluding": "1.0.6.138",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rax200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "58EB0F2F-FB5C-47D9-9AE6-087AE517B3F9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rax35_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CF8ED09D-C874-45EB-AD84-1DB0129C55EC",
"versionEndExcluding": "1.0.10.110",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rax35:v2:*:*:*:*:*:*:*",
"matchCriteriaId": "972BB714-8869-42C6-95F6-2C15AFA65716",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rax38_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "59C7B1AC-0329-48A9-87AD-596C0EC7B3C6",
"versionEndExcluding": "1.0.10.110",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rax38:v2:*:*:*:*:*:*:*",
"matchCriteriaId": "8306FEBE-ED60-47F0-AB49-E629018D7C33",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rax40_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "04DAEBC1-A1A3-4329-AD32-D41E6576A9DA",
"versionEndExcluding": "1.0.10.110",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rax40:v2:*:*:*:*:*:*:*",
"matchCriteriaId": "DD5F8B3F-C0D0-496C-A235-A467EA578C28",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rax42_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "756EAEA3-3DC5-4F2F-8C92-29C12FCEAE2C",
"versionEndExcluding": "1.0.10.110",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rax42:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D83182AB-E726-4371-B092-FA1920408FED",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rax43_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "28B1B071-C0AD-46AA-8B3D-AF32D71E088C",
"versionEndExcluding": "1.0.10.110",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rax43:-:*:*:*:*:*:*:*",
"matchCriteriaId": "178BB386-F66C-4CE8-9283-37D22B304691",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rax45_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "97147D06-DBE4-420F-AF06-604C74710080",
"versionEndExcluding": "1.0.10.110",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rax45:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4B08BD69-CDCC-4CEB-B887-4E47D2B45D26",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rax48_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6F540D5F-F4F5-47B1-B76F-C18004395596",
"versionEndExcluding": "1.0.10.110",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rax48:-:*:*:*:*:*:*:*",
"matchCriteriaId": "09E50F2A-C46C-4875-84AB-04AA00BFA53F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rax50_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3E1737CE-683A-4A8D-9DDC-9BCF1822ABCF",
"versionEndExcluding": "1.0.10.110",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rax50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C430976E-24C0-4EA7-BF54-F9C188AB9C01",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rax50s_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F282A9F3-E07C-44EB-A21A-462A3DEDAB39",
"versionEndExcluding": "1.0.10.110",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rax50s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DBB69710-DA7E-4011-A61A-BA40462A041F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rax75_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E301ACAC-E217-4329-8A32-83946E61999E",
"versionEndExcluding": "1.0.6.138",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rax75:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1BAA74D7-36A1-4494-96A2-BD0D2D6BF22F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rax80_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F8028906-D5AB-4CE6-8431-844E6F98B9AD",
"versionEndExcluding": "1.0.6.138",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rax80:-:*:*:*:*:*:*:*",
"matchCriteriaId": "06B5A85C-3588-4263-B9AD-4E56D3F6CB16",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rs400_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3BC7E8C9-62BD-45E2-8A7A-D29A6150622A",
"versionEndExcluding": "1.5.1.86",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rs400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2700644E-0940-4D05-B3CA-904D91739E58",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r7100lg_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B98293B5-C804-4ED5-8344-12AA02E933CB",
"versionEndExcluding": "1.0.0.76",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r7100lg:-:*:*:*:*:*:*:*",
"matchCriteriaId": "366FA778-3C2A-42AF-9141-DAD7043B406C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of the name or email field provided to libreadycloud.so. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15874."
}
],
"id": "CVE-2022-27647",
"lastModified": "2024-11-21T06:56:05.650",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.1,
"impactScore": 5.9,
"source": "zdi-disclosures@trendmicro.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-03-29T19:15:08.773",
"references": [
{
"source": "zdi-disclosures@trendmicro.com",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.netgear.com/000064723/Security-Advisory-for-Multiple-Vulnerabilities-on-Multiple-Products-PSV-2021-0327"
},
{
"source": "zdi-disclosures@trendmicro.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-524/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.netgear.com/000064723/Security-Advisory-for-Multiple-Vulnerabilities-on-Multiple-Products-PSV-2021-0327"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-524/"
}
],
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "zdi-disclosures@trendmicro.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-12-26 01:15
Modified
2024-11-21 06:32
Severity ?
9.6 (Critical) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR40 before 2.5.0.24, CBR750 before 4.6.3.6, EAX20 before 1.0.0.58, EAX80 before 1.0.1.68, LAX20 before 1.1.6.28, MR60 before 1.0.6.116, MR80 before 1.1.2.20, MS60 before 1.0.6.116, MS80 before 1.1.2.20, MK62 before 1.0.6.116, MK83 before 1.1.2.20, R6400 before 1.0.1.70, R6400v2 before 1.0.4.106, R6700v3 before 1.0.4.106, R6900P before 1.3.3.140, R7000 before 1.0.11.126, R7000P before 1.3.3.140, R7850 before 1.0.5.74, R7900 before 1.0.4.46, R7900P before 1.4.2.84, R7960P before 1.4.2.84, R8000 before 1.0.4.74, R8000P before 1.4.2.84, RAX15 before 1.0.3.96, RAX20 before 1.0.3.96, RAX200 before 1.0.4.120, RAX35v2 before 1.0.3.96, RAX40v2 before 1.0.3.96, RAX43 before 1.0.3.96, RAX45 before 1.0.3.96, RAX50 before 1.0.3.96, RAX75 before 1.0.4.120, RAX80 before 1.0.4.120, RBK752 before 3.2.17.12, RBK852 before 3.2.17.12, RBR750 before 3.2.17.12, RBR850 before 3.2.17.12, RBS750 before 3.2.17.12, RBS850 before 3.2.17.12, RS400 before 1.5.1.80, XR1000 before 1.0.0.58, and XR300 before 1.0.3.68.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:cbr40_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7483E92A-5858-49B5-9499-E132941F5ACD",
"versionEndExcluding": "2.5.0.24",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:cbr40:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AE0F7E9E-196C-4106-B1C9-C16FA5910A0F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:cbr750_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A87D3ACB-B5A3-4F1F-BF46-73C0AD690D8C",
"versionEndExcluding": "4.6.3.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:cbr750:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CBD14EFC-C6EF-485B-A594-73B8525704A5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:eax20_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FCA48F47-FC18-4953-BA90-1F4F3695A2BE",
"versionEndExcluding": "1.0.0.58",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:eax20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A9D3B54B-33C0-4E50-AD2B-2097C612F288",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:eax80_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AC9EE9DE-DD58-46A9-87FB-D284EBE0ACC1",
"versionEndExcluding": "1.0.1.68",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:eax80:-:*:*:*:*:*:*:*",
"matchCriteriaId": "97740F5D-063E-424F-A0FE-09EBE1100975",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:lax20_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "48709EA4-81F3-4CF1-B9A8-5379309914B0",
"versionEndExcluding": "1.1.6.28",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:lax20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "491CEB8D-22F3-4F86-96F0-03C5C58BA295",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:mr60_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EA438541-75AE-4D6B-AB56-02760D08D465",
"versionEndExcluding": "1.0.6.116",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:mr60:-:*:*:*:*:*:*:*",
"matchCriteriaId": "65BB3ECD-2F0B-4625-A1DB-F6CEFC46E277",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:ms60_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2234C485-F411-48CC-9A0B-AA49B6961E38",
"versionEndExcluding": "1.0.6.116",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:ms60:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F003F064-591C-4D7C-9EC4-D0E553BC6683",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6400v2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0095B9D4-E161-4050-B283-2166CB86CB24",
"versionEndExcluding": "1.0.4.118",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6400v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AFE6B3A8-0601-44EA-AD9B-3BDDE6654FDF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6700v3_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0702F9B6-2DAC-4308-8737-9F85AD28E847",
"versionEndExcluding": "1.0.4.118",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6700v3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C88DA385-5FAE-49EC-80D6-78F81E7EEC16",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6900p_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "94795476-184B-4E7D-9D8B-ECB45609108E",
"versionEndExcluding": "1.3.3.140",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6900p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C41908FF-AE64-4949-80E3-BEE061B2DA8A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r7000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A0E06EFF-9D71-43DB-A304-9A41998FD68A",
"versionEndExcluding": "1.0.11.126",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r7000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C9F86FF6-AB32-4E51-856A-DDE790C0A9A6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r7000p_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C3A7E8BF-8CC3-4806-89F5-FBE01A36A1FD",
"versionEndExcluding": "1.3.3.140",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r7000p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DFE55F4D-E98B-46D3-B870-041141934CD1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r7850_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8491F80C-E57A-4862-B969-F43799A47D06",
"versionEndExcluding": "1.0.5.74",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r7850:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DAF94D73-B6D0-4334-9A41-83AA92B7C6DF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r7900_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4195BC65-A849-4C3A-B726-E013CEB57F32",
"versionEndExcluding": "1.0.4.46",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r7900:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C484840F-AF30-4B5C-821A-4DB9BE407BDB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r7900p_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EA344C08-94F1-47F8-9607-3D854B890E19",
"versionEndExcluding": "1.4.2.84",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r7900p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F3D6A70D-66AF-4064-9F1B-4358D4B1F016",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r7960p_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "33B2293C-09AD-4B5A-B2A0-923E2B9923AA",
"versionEndExcluding": "1.4.2.84",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r7960p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "091CEDB5-0069-4253-86D8-B9FE17CB9F24",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r8000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A662FDCF-DC41-4DC9-B77E-BE1D636AC0B3",
"versionEndExcluding": "1.0.4.74",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r8000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5B39F095-8FE8-43FD-A866-7B613B495984",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r8000p_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4905D866-2326-487F-AAA5-96ABA0DBD56E",
"versionEndExcluding": "1.4.2.84",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r8000p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F7EF872D-2537-4FEB-8799-499FC9D44339",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rax15_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2268D5EF-E7FA-4112-A468-507417E18FFF",
"versionEndExcluding": "1.0.3.96",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rax15:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B624B4D3-BCF4-4F95-B401-A88BEC3145A5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rax20_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "31289572-2197-4A38-8353-CA4AAD491160",
"versionEndExcluding": "1.0.3.96",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rax20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7038703C-C79D-4DD4-8B16-E1A5FC6694C0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rax200_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6334DE4D-E78B-4582-9C6F-6123DA5192C7",
"versionEndExcluding": "1.0.4.120",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rax200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "58EB0F2F-FB5C-47D9-9AE6-087AE517B3F9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rax35v2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "841D857C-3387-43E0-A3AF-0E81CBEE3E40",
"versionEndExcluding": "1.0.3.96",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rax35v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9358B2F2-D24E-434D-AEE5-6CE093598793",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rax40v2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4FF0E5B9-8D2D-4A3F-881E-2E3122B3577C",
"versionEndExcluding": "1.0.3.96",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rax40v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3CEAD12D-6D90-4CFB-9E59-2CEBD400C567",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rax43_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8AC89EAA-344C-438E-A5A5-2C34CF699743",
"versionEndExcluding": "1.0.3.96",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rax43:-:*:*:*:*:*:*:*",
"matchCriteriaId": "178BB386-F66C-4CE8-9283-37D22B304691",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rax45_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0706367A-3F60-4564-8689-E0A46DDC31C2",
"versionEndExcluding": "1.0.3.96",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rax45:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4B08BD69-CDCC-4CEB-B887-4E47D2B45D26",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rax50_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "679C4EC5-D17E-469B-A28F-BF5E231CED3D",
"versionEndExcluding": "1.0.3.96",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rax50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C430976E-24C0-4EA7-BF54-F9C188AB9C01",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rax75_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BDF9F3BA-4239-4F4D-A65E-A6752A5420F6",
"versionEndExcluding": "1.0.4.120",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rax75:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1BAA74D7-36A1-4494-96A2-BD0D2D6BF22F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rax80_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "334BB384-5C29-4D24-9F82-B8EE8D0CA8BF",
"versionEndExcluding": "1.0.4.120",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rax80:-:*:*:*:*:*:*:*",
"matchCriteriaId": "06B5A85C-3588-4263-B9AD-4E56D3F6CB16",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rbk752_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D8D90FF3-F5CE-43DF-ACF7-C64DBDCCA185",
"versionEndExcluding": "3.2.17.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rbk752:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A45832BD-114D-42F1-B9F1-7532496D30A6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rbk852_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "845C1FCC-F54B-452A-B121-1CD1A7867027",
"versionEndExcluding": "3.2.17.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rbk852:-:*:*:*:*:*:*:*",
"matchCriteriaId": "14F257FE-31CE-4F74-829D-29407D74ADF7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rbr750_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B6AE1767-9D9A-4E9E-B088-6727FACFDE5C",
"versionEndExcluding": "3.2.17.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rbr750:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C13F5C69-FA9B-472A-9036-0C2967BDCDE9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rbr850_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "01E0EF50-145F-407A-8915-4EFFCD833505",
"versionEndExcluding": "3.2.17.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rbr850:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D92E4C8E-222A-476C-8273-F7171FC61F0B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rbs750_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F614A1AB-F0C0-45D7-8D91-ECA3C1AA9165",
"versionEndExcluding": "3.2.17.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rbs750:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B529194C-C440-4BC3-850F-0613FC548F86",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rbs850_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0DC5A075-0619-409C-B057-41015B8C54B3",
"versionEndExcluding": "3.2.17.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rbs850:-:*:*:*:*:*:*:*",
"matchCriteriaId": "221CA950-E984-44CD-9E1B-3AADE3CEBE52",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rs400_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "95AF0FA9-F2C5-4D84-BF37-AA8CB6EC3C4A",
"versionEndExcluding": "1.5.1.80",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rs400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2700644E-0940-4D05-B3CA-904D91739E58",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:xr1000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F615F516-29EF-4C15-9E18-C5D4F6291A38",
"versionEndExcluding": "1.0.0.58",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:xr1000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4FD4ED11-4130-47DA-8A9D-55B8F6E3E213",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:xr300_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3AE70236-D1C6-4B58-8385-1FA5F71916AF",
"versionEndExcluding": "1.0.3.68",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:xr300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5590CF28-B88A-4755-904B-1BC1778FBEDD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6400_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CA1BB56F-20B5-4A79-AE9D-429A011EAA4C",
"versionEndExcluding": "1.0.1.70",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3E4CDF6B-3829-44D0-9675-71D7BE83CAA2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:mk62_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AE40C2D0-0863-4E0F-B3E7-6FD043B46467",
"versionEndExcluding": "1.0.6.116",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:mk62:-:*:*:*:*:*:*:*",
"matchCriteriaId": "69A79475-37BE-47BD-A629-DCEF22500B0B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:mr80_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "29757651-068E-4646-AAD8-2CF8FD08B34C",
"versionEndExcluding": "1.1.2.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:mr80:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2A086E76-3F23-4C21-AC96-F11372A8A186",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:ms80_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1582E16D-ACEE-4E33-9D52-9DD25C035EA8",
"versionEndExcluding": "1.1.2.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:ms80:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DE1A0669-790A-4EE7-A0DC-6E1023D6B4F9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:mk83_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F6934383-3E7A-46A5-8147-16C595604ADA",
"versionEndExcluding": "1.1.2.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:mk83:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7C6C7ABC-87BF-4F20-8DAF-D9B9ACA4A273",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR40 before 2.5.0.24, CBR750 before 4.6.3.6, EAX20 before 1.0.0.58, EAX80 before 1.0.1.68, LAX20 before 1.1.6.28, MR60 before 1.0.6.116, MR80 before 1.1.2.20, MS60 before 1.0.6.116, MS80 before 1.1.2.20, MK62 before 1.0.6.116, MK83 before 1.1.2.20, R6400 before 1.0.1.70, R6400v2 before 1.0.4.106, R6700v3 before 1.0.4.106, R6900P before 1.3.3.140, R7000 before 1.0.11.126, R7000P before 1.3.3.140, R7850 before 1.0.5.74, R7900 before 1.0.4.46, R7900P before 1.4.2.84, R7960P before 1.4.2.84, R8000 before 1.0.4.74, R8000P before 1.4.2.84, RAX15 before 1.0.3.96, RAX20 before 1.0.3.96, RAX200 before 1.0.4.120, RAX35v2 before 1.0.3.96, RAX40v2 before 1.0.3.96, RAX43 before 1.0.3.96, RAX45 before 1.0.3.96, RAX50 before 1.0.3.96, RAX75 before 1.0.4.120, RAX80 before 1.0.4.120, RBK752 before 3.2.17.12, RBK852 before 3.2.17.12, RBR750 before 3.2.17.12, RBR850 before 3.2.17.12, RBS750 before 3.2.17.12, RBS850 before 3.2.17.12, RS400 before 1.5.1.80, XR1000 before 1.0.0.58, and XR300 before 1.0.3.68."
},
{
"lang": "es",
"value": "Determinados dispositivos NETGEAR est\u00e1n afectados por una inyecci\u00f3n de comandos por parte de un atacante no autenticado. Esto afecta a CBR40 versiones anteriores a 2.5.0.24, CBR750 versiones anteriores a 4.6.3.6, EAX20 versiones anteriores a 1.0.0.58, EAX80 versiones anteriores a 1.0.1.68, LAX20 versiones anteriores a 1.1.6.28, MR60 versiones anteriores a 1.0.6.116, MR80 versiones anteriores a 1.1.2.20, MS60 versiones anteriores a 1.0.6.116, MS80 versiones anteriores a 1.1.2.20, MK62 versiones anteriores a 1.0.6.116, MK83 versiones anteriores a 1. 1.2.20, R6400 versiones anteriores a 1.0.1.70, R6400v2 versiones anteriores a 1.0.4.106, R6700v3 versiones anteriores a 1.0.4.106, R6900P versiones anteriores a 1.3.3.140, R7000 versiones anteriores a 1. 0.11.126, R7000P versiones anteriores a 1.3.3.140, R7850 versiones anteriores a 1.0.5.74, R7900 versiones anteriores a 1.0.4.46, R7900P versiones anteriores a 1.4.2.84, R7960P versiones anteriores a 1.4.2. 84, R8000 versiones anteriores a 1.0.4.74, R8000P versiones anteriores a 1.4.2.84, RAX15 versiones anteriores a 1.0.3.96, RAX20 versiones anteriores a 1.0.3.96, RAX200 versiones anteriores a 1.0.4. 120, RAX35v2 versiones anteriores a 1.0.3.96, RAX40v2 versiones anteriores a 1.0.3.96, RAX43 versiones anteriores a 1.0.3.96, RAX45 versiones anteriores a 1.0.3.96, RAX50 versiones anteriores a 1.0.3.96, RAX75 versiones anteriores a 1. 0.4.120, RAX80 versiones anteriores a 1.0.4.120, RBK752 versiones anteriores a 3.2.17.12, RBK852 versiones anteriores a 3.2.17.12, RBR750 versiones anteriores a 3.2.17.12, RBR850 versiones anteriores a 3.2.17. 12, RBS750 versiones anteriores a 3.2.17.12, RBS850 versiones anteriores a 3.2.17.12, RS400 versiones anteriores a 1.5.1.80, XR1000 versiones anteriores a 1.0.0.58 y XR300 versiones anteriores a 1.0.3.68"
}
],
"id": "CVE-2021-45620",
"lastModified": "2024-11-21T06:32:41.723",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 6.0,
"source": "cve@mitre.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-12-26T01:15:18.703",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.netgear.com/000064510/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-Routers-Extenders-and-WiFi-Systems-PSV-2020-0509"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.netgear.com/000064510/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-Routers-Extenders-and-WiFi-Systems-PSV-2020-0509"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-12-30 22:15
Modified
2024-11-21 05:46
Severity ?
Summary
Netgear RAX43 version 1.0.3.96 makes use of hardcoded credentials. It does not appear that normal users are intended to be able to manipulate configuration backups due to the fact that they are encrypted. This encryption is accomplished via a password-protected zip file with a hardcoded password (RAX50w!a4udk). By unzipping the configuration using this password, a user can reconfigure settings not intended to be manipulated, re-zip the configuration, and restore a backup causing these settings to be changed.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| vulnreport@tenable.com | https://www.tenable.com/security/research/tra-2021-55 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.tenable.com/security/research/tra-2021-55 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netgear | rax43_firmware | 1.0.3.96 | |
| netgear | rax43 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rax43_firmware:1.0.3.96:*:*:*:*:*:*:*",
"matchCriteriaId": "411B548E-2E7F-4791-A75C-694AD7614E39",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rax43:-:*:*:*:*:*:*:*",
"matchCriteriaId": "178BB386-F66C-4CE8-9283-37D22B304691",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Netgear RAX43 version 1.0.3.96 makes use of hardcoded credentials. It does not appear that normal users are intended to be able to manipulate configuration backups due to the fact that they are encrypted. This encryption is accomplished via a password-protected zip file with a hardcoded password (RAX50w!a4udk). By unzipping the configuration using this password, a user can reconfigure settings not intended to be manipulated, re-zip the configuration, and restore a backup causing these settings to be changed."
},
{
"lang": "es",
"value": "Netgear RAX43 versi\u00f3n 1.0.3.96, usa credenciales embebidas. No parece que usuarios normales puedan manipular las copias de seguridad de la configuraci\u00f3n debido a que est\u00e1n cifradas. Este cifrado se realiza por medio de un archivo zip protegido por contrase\u00f1a (RAX50w! a4udk). Al descomprimir la configuraci\u00f3n usando esta contrase\u00f1a, un usuario puede reconfigurar los ajustes que no estaban destinados a ser manipulados, volver a comprimir la configuraci\u00f3n y restaurar una copia de seguridad causando que estos ajustes sean cambiados.\n"
}
],
"id": "CVE-2021-20170",
"lastModified": "2024-11-21T05:46:03.537",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-12-30T22:15:09.607",
"references": [
{
"source": "vulnreport@tenable.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/research/tra-2021-55"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/research/tra-2021-55"
}
],
"sourceIdentifier": "vulnreport@tenable.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-798"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-12-26 01:15
Modified
2024-11-21 06:32
Severity ?
9.6 (Critical) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR40 before 2.5.0.24, CBR750 before 4.6.3.6, D7000v2 before 1.0.0.74, LAX20 before 1.1.6.28, MK62 before 1.0.6.116, MR60 before 1.0.6.116, MS60 before 1.0.6.116, MR80 before 1.1.2.20, MS80 before 1.1.2.20, RAX15 before 1.0.3.96, RAX20 before 1.0.3.96, RAX200 before 1.0.4.120, RAX45 before 1.0.3.96, RAX50 before 1.0.3.96, RAX43 before 1.0.3.96, RAX40v2 before 1.0.3.96, RAX35v2 before 1.0.3.96, RAX75 before 1.0.4.120, RAX80 before 1.0.4.120, RBK752 before 3.2.17.12, RBR750 before 3.2.17.12, RBS750 before 3.2.17.12, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, RBS850 before 3.2.17.12, and XR1000 before 1.0.0.58.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:cbr40_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7483E92A-5858-49B5-9499-E132941F5ACD",
"versionEndExcluding": "2.5.0.24",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:cbr40:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AE0F7E9E-196C-4106-B1C9-C16FA5910A0F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:cbr750_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A87D3ACB-B5A3-4F1F-BF46-73C0AD690D8C",
"versionEndExcluding": "4.6.3.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:cbr750:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CBD14EFC-C6EF-485B-A594-73B8525704A5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:d7000v2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C2D1C234-22F1-4837-9D04-059170A97072",
"versionEndExcluding": "1.0.0.74",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:d7000v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6DC6BD34-1A2C-4247-A20C-0B44C0F56E0F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:lax20_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "48709EA4-81F3-4CF1-B9A8-5379309914B0",
"versionEndExcluding": "1.1.6.28",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:lax20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "491CEB8D-22F3-4F86-96F0-03C5C58BA295",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:mk62_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AE40C2D0-0863-4E0F-B3E7-6FD043B46467",
"versionEndExcluding": "1.0.6.116",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:mk62:-:*:*:*:*:*:*:*",
"matchCriteriaId": "69A79475-37BE-47BD-A629-DCEF22500B0B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:mr60_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EA438541-75AE-4D6B-AB56-02760D08D465",
"versionEndExcluding": "1.0.6.116",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:mr60:-:*:*:*:*:*:*:*",
"matchCriteriaId": "65BB3ECD-2F0B-4625-A1DB-F6CEFC46E277",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:ms60_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2234C485-F411-48CC-9A0B-AA49B6961E38",
"versionEndExcluding": "1.0.6.116",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:ms60:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F003F064-591C-4D7C-9EC4-D0E553BC6683",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rax15_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2268D5EF-E7FA-4112-A468-507417E18FFF",
"versionEndExcluding": "1.0.3.96",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rax15:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B624B4D3-BCF4-4F95-B401-A88BEC3145A5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rax20_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "31289572-2197-4A38-8353-CA4AAD491160",
"versionEndExcluding": "1.0.3.96",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rax20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7038703C-C79D-4DD4-8B16-E1A5FC6694C0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rax200_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6334DE4D-E78B-4582-9C6F-6123DA5192C7",
"versionEndExcluding": "1.0.4.120",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rax200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "58EB0F2F-FB5C-47D9-9AE6-087AE517B3F9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rax35v2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "841D857C-3387-43E0-A3AF-0E81CBEE3E40",
"versionEndExcluding": "1.0.3.96",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rax35v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9358B2F2-D24E-434D-AEE5-6CE093598793",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rax40v2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4FF0E5B9-8D2D-4A3F-881E-2E3122B3577C",
"versionEndExcluding": "1.0.3.96",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rax40v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3CEAD12D-6D90-4CFB-9E59-2CEBD400C567",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rax43_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8AC89EAA-344C-438E-A5A5-2C34CF699743",
"versionEndExcluding": "1.0.3.96",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rax43:-:*:*:*:*:*:*:*",
"matchCriteriaId": "178BB386-F66C-4CE8-9283-37D22B304691",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rax45_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0706367A-3F60-4564-8689-E0A46DDC31C2",
"versionEndExcluding": "1.0.3.96",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rax45:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4B08BD69-CDCC-4CEB-B887-4E47D2B45D26",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rax50_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "679C4EC5-D17E-469B-A28F-BF5E231CED3D",
"versionEndExcluding": "1.0.3.96",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rax50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C430976E-24C0-4EA7-BF54-F9C188AB9C01",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rax75_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BDF9F3BA-4239-4F4D-A65E-A6752A5420F6",
"versionEndExcluding": "1.0.4.120",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rax75:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1BAA74D7-36A1-4494-96A2-BD0D2D6BF22F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rax80_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "334BB384-5C29-4D24-9F82-B8EE8D0CA8BF",
"versionEndExcluding": "1.0.4.120",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rax80:-:*:*:*:*:*:*:*",
"matchCriteriaId": "06B5A85C-3588-4263-B9AD-4E56D3F6CB16",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rbk752_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D8D90FF3-F5CE-43DF-ACF7-C64DBDCCA185",
"versionEndExcluding": "3.2.17.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rbk752:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A45832BD-114D-42F1-B9F1-7532496D30A6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rbk852_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "845C1FCC-F54B-452A-B121-1CD1A7867027",
"versionEndExcluding": "3.2.17.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rbk852:-:*:*:*:*:*:*:*",
"matchCriteriaId": "14F257FE-31CE-4F74-829D-29407D74ADF7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rbr750_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B6AE1767-9D9A-4E9E-B088-6727FACFDE5C",
"versionEndExcluding": "3.2.17.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rbr750:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C13F5C69-FA9B-472A-9036-0C2967BDCDE9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rbr850_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "01E0EF50-145F-407A-8915-4EFFCD833505",
"versionEndExcluding": "3.2.17.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rbr850:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D92E4C8E-222A-476C-8273-F7171FC61F0B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rbs750_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F614A1AB-F0C0-45D7-8D91-ECA3C1AA9165",
"versionEndExcluding": "3.2.17.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rbs750:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B529194C-C440-4BC3-850F-0613FC548F86",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rbs850_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0DC5A075-0619-409C-B057-41015B8C54B3",
"versionEndExcluding": "3.2.17.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rbs850:-:*:*:*:*:*:*:*",
"matchCriteriaId": "221CA950-E984-44CD-9E1B-3AADE3CEBE52",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:xr1000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F615F516-29EF-4C15-9E18-C5D4F6291A38",
"versionEndExcluding": "1.0.0.58",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:xr1000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4FD4ED11-4130-47DA-8A9D-55B8F6E3E213",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:mr80_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "29757651-068E-4646-AAD8-2CF8FD08B34C",
"versionEndExcluding": "1.1.2.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:mr80:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2A086E76-3F23-4C21-AC96-F11372A8A186",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:ms80_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1582E16D-ACEE-4E33-9D52-9DD25C035EA8",
"versionEndExcluding": "1.1.2.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:ms80:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DE1A0669-790A-4EE7-A0DC-6E1023D6B4F9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR40 before 2.5.0.24, CBR750 before 4.6.3.6, D7000v2 before 1.0.0.74, LAX20 before 1.1.6.28, MK62 before 1.0.6.116, MR60 before 1.0.6.116, MS60 before 1.0.6.116, MR80 before 1.1.2.20, MS80 before 1.1.2.20, RAX15 before 1.0.3.96, RAX20 before 1.0.3.96, RAX200 before 1.0.4.120, RAX45 before 1.0.3.96, RAX50 before 1.0.3.96, RAX43 before 1.0.3.96, RAX40v2 before 1.0.3.96, RAX35v2 before 1.0.3.96, RAX75 before 1.0.4.120, RAX80 before 1.0.4.120, RBK752 before 3.2.17.12, RBR750 before 3.2.17.12, RBS750 before 3.2.17.12, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, RBS850 before 3.2.17.12, and XR1000 before 1.0.0.58."
},
{
"lang": "es",
"value": "Determinados dispositivos NETGEAR est\u00e1n afectados por una inyecci\u00f3n de comandos por parte de un atacante no autenticado. Esto afecta a CBR40 versiones anteriores a 2.5.0.24, CBR750 versiones anteriores a 4.6.3.6, D7000v2 versiones anteriores a 1.0.0.74, LAX20 versiones anteriores a 1.1.6.28, MK62 versiones anteriores a 1.0.6.116, MR60 versiones anteriores a 1.0.6. 116, MS60 versiones anteriores a 1.0.6.116, MR80 versiones anteriores a 1.1.2.20, MS80 versiones anteriores a 1.1.2.20, RAX15 versiones anteriores a 1.0.3.96, RAX20 versiones anteriores a 1.0.3.96, RAX200 versiones anteriores a 1.0.4.120, RAX45 versiones anteriores a 1.0.3. 96, RAX50 versiones anteriores a 1.0.3.96, RAX43 versiones anteriores a 1.0.3.96, RAX40v2 versiones anteriores a 1.0.3.96, RAX35v2 versiones anteriores a 1.0.3.96, RAX75 versiones anteriores a 1.0.4.120, RAX80 versiones anteriores a 1.0.4.120, RBK752 versiones anteriores a 3. 2.17.12, RBR750 versiones anteriores a 3.2.17.12, RBS750 versiones anteriores a 3.2.17.12, RBK852 versiones anteriores a 3.2.17.12, RBR850 versiones anteriores a 3.2.17.12, RBS850 versiones anteriores a 3.2.17.12, y XR1000 versiones anteriores a 1.0.0.58"
}
],
"id": "CVE-2021-45613",
"lastModified": "2024-11-21T06:32:40.303",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 6.0,
"source": "cve@mitre.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-12-26T01:15:18.383",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.netgear.com/000064138/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-Routers-and-WiFi-Systems-PSV-2020-0508"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.netgear.com/000064138/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-Routers-and-WiFi-Systems-PSV-2020-0508"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-03-29 19:15
Modified
2024-11-21 06:56
Severity ?
Summary
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700v3 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within readycloud_control.cgi. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15762.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netgear | lax20_firmware | * | |
| netgear | lax20 | - | |
| netgear | r6400_firmware | * | |
| netgear | r6400 | v2 | |
| netgear | r6700_firmware | * | |
| netgear | r6700 | v3 | |
| netgear | r7000_firmware | * | |
| netgear | r7000 | - | |
| netgear | r7850_firmware | * | |
| netgear | r7850 | - | |
| netgear | r7900p_firmware | * | |
| netgear | r7900p | - | |
| netgear | r7960p_firmware | * | |
| netgear | r7960p | - | |
| netgear | r8000_firmware | * | |
| netgear | r8000 | - | |
| netgear | r8000p_firmware | * | |
| netgear | r8000p | - | |
| netgear | r8500_firmware | * | |
| netgear | r8500 | - | |
| netgear | rax15_firmware | * | |
| netgear | rax15 | - | |
| netgear | rax20_firmware | * | |
| netgear | rax20 | - | |
| netgear | rax200_firmware | * | |
| netgear | rax200 | - | |
| netgear | rax35_firmware | * | |
| netgear | rax35 | v2 | |
| netgear | rax38_firmware | * | |
| netgear | rax38 | v2 | |
| netgear | rax40_firmware | * | |
| netgear | rax40 | v2 | |
| netgear | rax42_firmware | * | |
| netgear | rax42 | - | |
| netgear | rax43_firmware | * | |
| netgear | rax43 | - | |
| netgear | rax45_firmware | * | |
| netgear | rax45 | - | |
| netgear | rax48_firmware | * | |
| netgear | rax48 | - | |
| netgear | rax50_firmware | * | |
| netgear | rax50 | - | |
| netgear | rax50s_firmware | * | |
| netgear | rax50s | - | |
| netgear | rax75_firmware | * | |
| netgear | rax75 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:lax20_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BF0F2B55-DBD3-4762-92EA-A01D57277A9D",
"versionEndExcluding": "1.1.6.34",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:lax20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "491CEB8D-22F3-4F86-96F0-03C5C58BA295",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6400_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AFC79CFE-9036-472C-AB28-FF293BBE1780",
"versionEndExcluding": "1.0.4.126",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6400:v2:*:*:*:*:*:*:*",
"matchCriteriaId": "52AE9AD2-BC8D-477D-A3D3-891AE52FA5F3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6700_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "169E2D0D-7D18-4AF1-8683-346BD1069DC1",
"versionEndExcluding": "1.0.4.126",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6700:v3:*:*:*:*:*:*:*",
"matchCriteriaId": "5A09A9E8-8C77-4EDB-9483-B3C540EF083A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r7000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5376DD03-0DDD-4B0C-A185-EC226515B32A",
"versionEndExcluding": "1.0.11.134",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r7000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C9F86FF6-AB32-4E51-856A-DDE790C0A9A6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r7850_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8EA99A24-E836-40F4-BF61-C4489E3713F0",
"versionEndExcluding": "1.0.5.84",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r7850:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DAF94D73-B6D0-4334-9A41-83AA92B7C6DF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r7900p_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CBD3DCC5-342C-4E66-8BFB-545C2D375A81",
"versionEndExcluding": "1.4.3.88",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r7900p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F3D6A70D-66AF-4064-9F1B-4358D4B1F016",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r7960p_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "150CF98F-A933-4CF2-A4FF-5AF15A9E1E18",
"versionEndExcluding": "1.4.3.88",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r7960p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "091CEDB5-0069-4253-86D8-B9FE17CB9F24",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r8000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "72325BC2-C9AC-4B24-865E-662BDF05BD99",
"versionEndExcluding": "1.0.4.84",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r8000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5B39F095-8FE8-43FD-A866-7B613B495984",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r8000p_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "994D00CD-350B-4059-9C51-BF843C72B45E",
"versionEndExcluding": "1.4.3.88",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r8000p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F7EF872D-2537-4FEB-8799-499FC9D44339",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r8500_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8EE6DCC3-C225-45A3-A6D0-52BA730EC285",
"versionEndExcluding": "1.0.2.158",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r8500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "63500DE4-BDBD-4F86-AB99-7DB084D0B912",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rax15_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2D60F61B-2487-46D7-8B93-4035147AA0AB",
"versionEndExcluding": "1.0.10.110",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rax15:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B624B4D3-BCF4-4F95-B401-A88BEC3145A5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rax20_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "35AE4A8C-19CF-44B0-83F1-F3386305B3E3",
"versionEndExcluding": "1.0.10.110",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rax20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7038703C-C79D-4DD4-8B16-E1A5FC6694C0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rax200_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C706F152-6163-4276-B608-C4AF196E070F",
"versionEndExcluding": "1.0.6.138",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rax200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "58EB0F2F-FB5C-47D9-9AE6-087AE517B3F9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rax35_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CF8ED09D-C874-45EB-AD84-1DB0129C55EC",
"versionEndExcluding": "1.0.10.110",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rax35:v2:*:*:*:*:*:*:*",
"matchCriteriaId": "972BB714-8869-42C6-95F6-2C15AFA65716",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rax38_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "59C7B1AC-0329-48A9-87AD-596C0EC7B3C6",
"versionEndExcluding": "1.0.10.110",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rax38:v2:*:*:*:*:*:*:*",
"matchCriteriaId": "8306FEBE-ED60-47F0-AB49-E629018D7C33",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rax40_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "04DAEBC1-A1A3-4329-AD32-D41E6576A9DA",
"versionEndExcluding": "1.0.10.110",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rax40:v2:*:*:*:*:*:*:*",
"matchCriteriaId": "DD5F8B3F-C0D0-496C-A235-A467EA578C28",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rax42_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "756EAEA3-3DC5-4F2F-8C92-29C12FCEAE2C",
"versionEndExcluding": "1.0.10.110",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rax42:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D83182AB-E726-4371-B092-FA1920408FED",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rax43_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "28B1B071-C0AD-46AA-8B3D-AF32D71E088C",
"versionEndExcluding": "1.0.10.110",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rax43:-:*:*:*:*:*:*:*",
"matchCriteriaId": "178BB386-F66C-4CE8-9283-37D22B304691",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rax45_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "97147D06-DBE4-420F-AF06-604C74710080",
"versionEndExcluding": "1.0.10.110",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rax45:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4B08BD69-CDCC-4CEB-B887-4E47D2B45D26",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rax48_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6F540D5F-F4F5-47B1-B76F-C18004395596",
"versionEndExcluding": "1.0.10.110",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rax48:-:*:*:*:*:*:*:*",
"matchCriteriaId": "09E50F2A-C46C-4875-84AB-04AA00BFA53F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rax50_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3E1737CE-683A-4A8D-9DDC-9BCF1822ABCF",
"versionEndExcluding": "1.0.10.110",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rax50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C430976E-24C0-4EA7-BF54-F9C188AB9C01",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rax50s_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F282A9F3-E07C-44EB-A21A-462A3DEDAB39",
"versionEndExcluding": "1.0.10.110",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rax50s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DBB69710-DA7E-4011-A61A-BA40462A041F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rax75_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E301ACAC-E217-4329-8A32-83946E61999E",
"versionEndExcluding": "1.0.6.138",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rax75:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1BAA74D7-36A1-4494-96A2-BD0D2D6BF22F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700v3 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within readycloud_control.cgi. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15762."
}
],
"id": "CVE-2022-27645",
"lastModified": "2024-11-21T06:56:05.333",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "zdi-disclosures@trendmicro.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-03-29T19:15:08.637",
"references": [
{
"source": "zdi-disclosures@trendmicro.com",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.netgear.com/000064722/Security-Advisory-for-Sensitive-Information-Disclosure-on-Some-Routers-and-Fixed-Wireless-Products-PSV-2021-0325"
},
{
"source": "zdi-disclosures@trendmicro.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-522/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.netgear.com/000064722/Security-Advisory-for-Sensitive-Information-Disclosure-on-Some-Routers-and-Fixed-Wireless-Products-PSV-2021-0325"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-522/"
}
],
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-306"
}
],
"source": "zdi-disclosures@trendmicro.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-697"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-03-29 19:15
Modified
2024-11-21 06:56
Severity ?
Summary
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service. The issue results from incorrect string matching logic when accessing protected pages. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-15854.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:cax80_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6A7BD19F-A89B-4941-9422-E4FFBD76DBD2",
"versionEndExcluding": "2.1.3.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:cax80:-:*:*:*:*:*:*:*",
"matchCriteriaId": "673A83EA-E359-4629-8B20-5382C15260B2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:lax20_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BF0F2B55-DBD3-4762-92EA-A01D57277A9D",
"versionEndExcluding": "1.1.6.34",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:lax20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "491CEB8D-22F3-4F86-96F0-03C5C58BA295",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:mr60_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A72582A2-5A44-4ED5-8497-FCAB59A125BE",
"versionEndExcluding": "1.1.6.124",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:mr60:-:*:*:*:*:*:*:*",
"matchCriteriaId": "65BB3ECD-2F0B-4625-A1DB-F6CEFC46E277",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:mr80_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6DC64FD2-5D52-4BA2-8A5B-8AC11BE06243",
"versionEndExcluding": "1.1.6.14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:mr80:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2A086E76-3F23-4C21-AC96-F11372A8A186",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:ms60_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3F50C923-68DC-48EB-A41B-0D3F99B16E1F",
"versionEndExcluding": "1.1.6.124",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:ms60:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F003F064-591C-4D7C-9EC4-D0E553BC6683",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:ms80_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "95E44445-7F76-4CD6-91AC-CEBC46DFA587",
"versionEndExcluding": "1.1.6.14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:ms80:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DE1A0669-790A-4EE7-A0DC-6E1023D6B4F9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6400_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A41218DC-3A06-4582-A8B8-0320F76F3DFC",
"versionEndExcluding": "1.0.1.78",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3E4CDF6B-3829-44D0-9675-71D7BE83CAA2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6400_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AFC79CFE-9036-472C-AB28-FF293BBE1780",
"versionEndExcluding": "1.0.4.126",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6400:v2:*:*:*:*:*:*:*",
"matchCriteriaId": "52AE9AD2-BC8D-477D-A3D3-891AE52FA5F3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6700_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "169E2D0D-7D18-4AF1-8683-346BD1069DC1",
"versionEndExcluding": "1.0.4.126",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6700:v3:*:*:*:*:*:*:*",
"matchCriteriaId": "5A09A9E8-8C77-4EDB-9483-B3C540EF083A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6900p_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E52E9373-C896-405F-9CEC-2E8707B249F5",
"versionEndExcluding": "1.3.3.148",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6900p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C41908FF-AE64-4949-80E3-BEE061B2DA8A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r7000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5376DD03-0DDD-4B0C-A185-EC226515B32A",
"versionEndExcluding": "1.0.11.134",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r7000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C9F86FF6-AB32-4E51-856A-DDE790C0A9A6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r7000p_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5D67D8C3-98DA-4B7D-BA7D-AB5F13E627F9",
"versionEndExcluding": "1.3.3.148",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r7000p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DFE55F4D-E98B-46D3-B870-041141934CD1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r7850_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8EA99A24-E836-40F4-BF61-C4489E3713F0",
"versionEndExcluding": "1.0.5.84",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r7850:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DAF94D73-B6D0-4334-9A41-83AA92B7C6DF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r7900p_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CBD3DCC5-342C-4E66-8BFB-545C2D375A81",
"versionEndExcluding": "1.4.3.88",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r7900p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F3D6A70D-66AF-4064-9F1B-4358D4B1F016",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r7960p_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "150CF98F-A933-4CF2-A4FF-5AF15A9E1E18",
"versionEndExcluding": "1.4.3.88",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r7960p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "091CEDB5-0069-4253-86D8-B9FE17CB9F24",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r8000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "72325BC2-C9AC-4B24-865E-662BDF05BD99",
"versionEndExcluding": "1.0.4.84",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r8000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5B39F095-8FE8-43FD-A866-7B613B495984",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r8000p_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "994D00CD-350B-4059-9C51-BF843C72B45E",
"versionEndExcluding": "1.4.3.88",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r8000p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F7EF872D-2537-4FEB-8799-499FC9D44339",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r8500_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8EE6DCC3-C225-45A3-A6D0-52BA730EC285",
"versionEndExcluding": "1.0.2.158",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r8500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "63500DE4-BDBD-4F86-AB99-7DB084D0B912",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rax15_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2D60F61B-2487-46D7-8B93-4035147AA0AB",
"versionEndExcluding": "1.0.10.110",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rax15:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B624B4D3-BCF4-4F95-B401-A88BEC3145A5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rax20_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "35AE4A8C-19CF-44B0-83F1-F3386305B3E3",
"versionEndExcluding": "1.0.10.110",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rax20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7038703C-C79D-4DD4-8B16-E1A5FC6694C0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rax200_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C706F152-6163-4276-B608-C4AF196E070F",
"versionEndExcluding": "1.0.6.138",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rax200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "58EB0F2F-FB5C-47D9-9AE6-087AE517B3F9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rax35_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CF8ED09D-C874-45EB-AD84-1DB0129C55EC",
"versionEndExcluding": "1.0.10.110",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rax35:v2:*:*:*:*:*:*:*",
"matchCriteriaId": "972BB714-8869-42C6-95F6-2C15AFA65716",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rax38_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "59C7B1AC-0329-48A9-87AD-596C0EC7B3C6",
"versionEndExcluding": "1.0.10.110",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rax38:v2:*:*:*:*:*:*:*",
"matchCriteriaId": "8306FEBE-ED60-47F0-AB49-E629018D7C33",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rax40_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "04DAEBC1-A1A3-4329-AD32-D41E6576A9DA",
"versionEndExcluding": "1.0.10.110",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rax40:v2:*:*:*:*:*:*:*",
"matchCriteriaId": "DD5F8B3F-C0D0-496C-A235-A467EA578C28",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rax42_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "756EAEA3-3DC5-4F2F-8C92-29C12FCEAE2C",
"versionEndExcluding": "1.0.10.110",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rax42:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D83182AB-E726-4371-B092-FA1920408FED",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rax43_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "28B1B071-C0AD-46AA-8B3D-AF32D71E088C",
"versionEndExcluding": "1.0.10.110",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rax43:-:*:*:*:*:*:*:*",
"matchCriteriaId": "178BB386-F66C-4CE8-9283-37D22B304691",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rax45_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "97147D06-DBE4-420F-AF06-604C74710080",
"versionEndExcluding": "1.0.10.110",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rax45:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4B08BD69-CDCC-4CEB-B887-4E47D2B45D26",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rax48_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6F540D5F-F4F5-47B1-B76F-C18004395596",
"versionEndExcluding": "1.0.10.110",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rax48:-:*:*:*:*:*:*:*",
"matchCriteriaId": "09E50F2A-C46C-4875-84AB-04AA00BFA53F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rax50_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3E1737CE-683A-4A8D-9DDC-9BCF1822ABCF",
"versionEndExcluding": "1.0.10.110",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rax50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C430976E-24C0-4EA7-BF54-F9C188AB9C01",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rax50s_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F282A9F3-E07C-44EB-A21A-462A3DEDAB39",
"versionEndExcluding": "1.0.10.110",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rax50s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DBB69710-DA7E-4011-A61A-BA40462A041F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rax75_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E301ACAC-E217-4329-8A32-83946E61999E",
"versionEndExcluding": "1.0.6.138",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rax75:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1BAA74D7-36A1-4494-96A2-BD0D2D6BF22F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rax80_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F8028906-D5AB-4CE6-8431-844E6F98B9AD",
"versionEndExcluding": "1.0.6.138",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rax80:-:*:*:*:*:*:*:*",
"matchCriteriaId": "06B5A85C-3588-4263-B9AD-4E56D3F6CB16",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rs400_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3BC7E8C9-62BD-45E2-8A7A-D29A6150622A",
"versionEndExcluding": "1.5.1.86",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rs400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2700644E-0940-4D05-B3CA-904D91739E58",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r7100lg_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B98293B5-C804-4ED5-8344-12AA02E933CB",
"versionEndExcluding": "1.0.0.76",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r7100lg:-:*:*:*:*:*:*:*",
"matchCriteriaId": "366FA778-3C2A-42AF-9141-DAD7043B406C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service. The issue results from incorrect string matching logic when accessing protected pages. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-15854."
}
],
"id": "CVE-2022-27642",
"lastModified": "2024-11-21T06:56:04.887",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4,
"source": "zdi-disclosures@trendmicro.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-03-29T19:15:08.407",
"references": [
{
"source": "zdi-disclosures@trendmicro.com",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.netgear.com/000064723/Security-Advisory-for-Multiple-Vulnerabilities-on-Multiple-Products-PSV-2021-0327"
},
{
"source": "zdi-disclosures@trendmicro.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-518/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.netgear.com/000064723/Security-Advisory-for-Multiple-Vulnerabilities-on-Multiple-Products-PSV-2021-0327"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-518/"
}
],
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-863"
}
],
"source": "zdi-disclosures@trendmicro.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-12-26 01:15
Modified
2024-11-21 06:32
Severity ?
9.6 (Critical) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR750 before 3.2.18.2, LAX20 before 1.1.6.28, MK62 before 1.0.6.116, MR60 before 1.0.6.116, MS60 before 1.0.6.116, R6900P before 1.3.3.140, R7000 before 1.0.11.126, R7000P before 1.3.3.140, R7850 before 1.0.5.68, R7900 before 1.0.4.46, R7900P before 1.4.2.84, R7960P before 1.4.2.84, R8000 before 1.0.4.68, R8000P before 1.4.2.84, RAX15 before 1.0.3.96, RAX20 before 1.0.3.96, RAX200 before 1.0.4.120, RAX35v2 before 1.0.3.96, RAX40v2 before 1.0.3.96, RAX43 before 1.0.3.96, RAX45 before 1.0.3.96, RAX50 before 1.0.3.96, RAX75 before 1.0.4.120, RAX80 before 1.0.4.120, RBK752 before 3.2.17.12, RBK852 before 3.2.17.12, RBR750 before 3.2.17.12, RBR850 before 3.2.17.12, RBS750 before 3.2.17.12, RBS850 before 3.2.17.12, RS400 before 1.5.1.80, and XR1000 before 1.0.0.58.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:cbr750_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DCDDC785-6FEC-4D94-86D1-8E55FB0CA6C1",
"versionEndExcluding": "3.2.18.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:cbr750:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CBD14EFC-C6EF-485B-A594-73B8525704A5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:lax20_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "48709EA4-81F3-4CF1-B9A8-5379309914B0",
"versionEndExcluding": "1.1.6.28",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:lax20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "491CEB8D-22F3-4F86-96F0-03C5C58BA295",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:mk62_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AE40C2D0-0863-4E0F-B3E7-6FD043B46467",
"versionEndExcluding": "1.0.6.116",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:mk62:-:*:*:*:*:*:*:*",
"matchCriteriaId": "69A79475-37BE-47BD-A629-DCEF22500B0B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:mr60_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EA438541-75AE-4D6B-AB56-02760D08D465",
"versionEndExcluding": "1.0.6.116",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:mr60:-:*:*:*:*:*:*:*",
"matchCriteriaId": "65BB3ECD-2F0B-4625-A1DB-F6CEFC46E277",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:ms60_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2234C485-F411-48CC-9A0B-AA49B6961E38",
"versionEndExcluding": "1.0.6.116",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:ms60:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F003F064-591C-4D7C-9EC4-D0E553BC6683",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6900p_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "94795476-184B-4E7D-9D8B-ECB45609108E",
"versionEndExcluding": "1.3.3.140",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6900p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C41908FF-AE64-4949-80E3-BEE061B2DA8A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r7000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A0E06EFF-9D71-43DB-A304-9A41998FD68A",
"versionEndExcluding": "1.0.11.126",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r7000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C9F86FF6-AB32-4E51-856A-DDE790C0A9A6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r7000p_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C3A7E8BF-8CC3-4806-89F5-FBE01A36A1FD",
"versionEndExcluding": "1.3.3.140",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r7000p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DFE55F4D-E98B-46D3-B870-041141934CD1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r7850_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EF7A1DF8-E9A0-4312-AC37-DEB46E37EE50",
"versionEndExcluding": "1.0.5.68",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r7850:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DAF94D73-B6D0-4334-9A41-83AA92B7C6DF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r7900_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4195BC65-A849-4C3A-B726-E013CEB57F32",
"versionEndExcluding": "1.0.4.46",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r7900:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C484840F-AF30-4B5C-821A-4DB9BE407BDB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r7900p_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EA344C08-94F1-47F8-9607-3D854B890E19",
"versionEndExcluding": "1.4.2.84",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r7900p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F3D6A70D-66AF-4064-9F1B-4358D4B1F016",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r7960p_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "33B2293C-09AD-4B5A-B2A0-923E2B9923AA",
"versionEndExcluding": "1.4.2.84",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r7960p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "091CEDB5-0069-4253-86D8-B9FE17CB9F24",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r8000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D10E41DC-982F-444A-9A4D-82EC2BA64199",
"versionEndExcluding": "1.0.4.68",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r8000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5B39F095-8FE8-43FD-A866-7B613B495984",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r8000p_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4905D866-2326-487F-AAA5-96ABA0DBD56E",
"versionEndExcluding": "1.4.2.84",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r8000p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F7EF872D-2537-4FEB-8799-499FC9D44339",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rax15_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2268D5EF-E7FA-4112-A468-507417E18FFF",
"versionEndExcluding": "1.0.3.96",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rax15:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B624B4D3-BCF4-4F95-B401-A88BEC3145A5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rax20_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "31289572-2197-4A38-8353-CA4AAD491160",
"versionEndExcluding": "1.0.3.96",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rax20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7038703C-C79D-4DD4-8B16-E1A5FC6694C0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rax200_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6334DE4D-E78B-4582-9C6F-6123DA5192C7",
"versionEndExcluding": "1.0.4.120",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rax200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "58EB0F2F-FB5C-47D9-9AE6-087AE517B3F9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rax35v2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "841D857C-3387-43E0-A3AF-0E81CBEE3E40",
"versionEndExcluding": "1.0.3.96",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rax35v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9358B2F2-D24E-434D-AEE5-6CE093598793",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rax40v2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4FF0E5B9-8D2D-4A3F-881E-2E3122B3577C",
"versionEndExcluding": "1.0.3.96",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rax40v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3CEAD12D-6D90-4CFB-9E59-2CEBD400C567",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rax43_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8AC89EAA-344C-438E-A5A5-2C34CF699743",
"versionEndExcluding": "1.0.3.96",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rax43:-:*:*:*:*:*:*:*",
"matchCriteriaId": "178BB386-F66C-4CE8-9283-37D22B304691",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rax45_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0706367A-3F60-4564-8689-E0A46DDC31C2",
"versionEndExcluding": "1.0.3.96",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rax45:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4B08BD69-CDCC-4CEB-B887-4E47D2B45D26",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rax50_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "679C4EC5-D17E-469B-A28F-BF5E231CED3D",
"versionEndExcluding": "1.0.3.96",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rax50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C430976E-24C0-4EA7-BF54-F9C188AB9C01",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rax75_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BDF9F3BA-4239-4F4D-A65E-A6752A5420F6",
"versionEndExcluding": "1.0.4.120",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rax75:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1BAA74D7-36A1-4494-96A2-BD0D2D6BF22F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rax80_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "334BB384-5C29-4D24-9F82-B8EE8D0CA8BF",
"versionEndExcluding": "1.0.4.120",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rax80:-:*:*:*:*:*:*:*",
"matchCriteriaId": "06B5A85C-3588-4263-B9AD-4E56D3F6CB16",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rbk752_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D8D90FF3-F5CE-43DF-ACF7-C64DBDCCA185",
"versionEndExcluding": "3.2.17.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rbk752:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A45832BD-114D-42F1-B9F1-7532496D30A6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rbk852_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "845C1FCC-F54B-452A-B121-1CD1A7867027",
"versionEndExcluding": "3.2.17.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rbk852:-:*:*:*:*:*:*:*",
"matchCriteriaId": "14F257FE-31CE-4F74-829D-29407D74ADF7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rbr750_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B6AE1767-9D9A-4E9E-B088-6727FACFDE5C",
"versionEndExcluding": "3.2.17.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rbr750:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C13F5C69-FA9B-472A-9036-0C2967BDCDE9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rbr850_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "01E0EF50-145F-407A-8915-4EFFCD833505",
"versionEndExcluding": "3.2.17.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rbr850:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D92E4C8E-222A-476C-8273-F7171FC61F0B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rbs750_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F614A1AB-F0C0-45D7-8D91-ECA3C1AA9165",
"versionEndExcluding": "3.2.17.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rbs750:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B529194C-C440-4BC3-850F-0613FC548F86",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rbs850_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0DC5A075-0619-409C-B057-41015B8C54B3",
"versionEndExcluding": "3.2.17.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rbs850:-:*:*:*:*:*:*:*",
"matchCriteriaId": "221CA950-E984-44CD-9E1B-3AADE3CEBE52",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rs400_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "95AF0FA9-F2C5-4D84-BF37-AA8CB6EC3C4A",
"versionEndExcluding": "1.5.1.80",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rs400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2700644E-0940-4D05-B3CA-904D91739E58",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:xr1000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F615F516-29EF-4C15-9E18-C5D4F6291A38",
"versionEndExcluding": "1.0.0.58",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:xr1000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4FD4ED11-4130-47DA-8A9D-55B8F6E3E213",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR750 before 3.2.18.2, LAX20 before 1.1.6.28, MK62 before 1.0.6.116, MR60 before 1.0.6.116, MS60 before 1.0.6.116, R6900P before 1.3.3.140, R7000 before 1.0.11.126, R7000P before 1.3.3.140, R7850 before 1.0.5.68, R7900 before 1.0.4.46, R7900P before 1.4.2.84, R7960P before 1.4.2.84, R8000 before 1.0.4.68, R8000P before 1.4.2.84, RAX15 before 1.0.3.96, RAX20 before 1.0.3.96, RAX200 before 1.0.4.120, RAX35v2 before 1.0.3.96, RAX40v2 before 1.0.3.96, RAX43 before 1.0.3.96, RAX45 before 1.0.3.96, RAX50 before 1.0.3.96, RAX75 before 1.0.4.120, RAX80 before 1.0.4.120, RBK752 before 3.2.17.12, RBK852 before 3.2.17.12, RBR750 before 3.2.17.12, RBR850 before 3.2.17.12, RBS750 before 3.2.17.12, RBS850 before 3.2.17.12, RS400 before 1.5.1.80, and XR1000 before 1.0.0.58."
},
{
"lang": "es",
"value": "Determinados dispositivos NETGEAR est\u00e1n afectados por una inyecci\u00f3n de comandos por parte de un atacante no autenticado. Esto afecta a CBR750 versiones anteriores a 3.2.18.2, LAX20 versiones anteriores a 1.1.6.28, MK62 versiones anteriores a 1.0.6.116, MR60 versiones anteriores a 1.0.6.116, MS60 versiones anteriores a 1.0.6.116, R6900P versiones anteriores a 1.3.3.140, R7000 versiones anteriores a 1.0.11.126, R7000P versiones anteriores a 1. 3.3.140, R7850 versiones anteriores a 1.0.5.68, R7900 versiones anteriores a 1.0.4.46, R7900P versiones anteriores a 1.4.2.84, R7960P versiones anteriores a 1.4.2.84, R8000 versiones anteriores a 1.0.4.68, R8000P versiones anteriores a 1.4.2.84, RAX15 versiones anteriores a 1.0.3.96, RAX20 versiones anteriores a 1.0.3. 96, RAX200 versiones anteriores a 1.0.4.120, RAX35v2 versiones anteriores a 1.0.3.96, RAX40v2 versiones anteriores a 1.0.3.96, RAX43 versiones anteriores a 1.0.3.96, RAX45 versiones anteriores a 1.0.3.96, RAX50 versiones anteriores a 1.0.3.96, RAX75 versiones anteriores a 1.0.4.120, RAX80 versiones anteriores a 1.0.4. 120, RBK752 versiones anteriores a 3.2.17.12, RBK852 versiones anteriores a 3.2.17.12, RBR750 versiones anteriores a 3.2.17.12, RBR850 versiones anteriores a 3.2.17.12, RBS750 versiones anteriores a 3.2.17.12, RBS850 versiones anteriores a 3.2.17.12, RS400 versiones anteriores a 1.5.1.80 y XR1000 versiones anteriores a 1.0.0.58"
}
],
"id": "CVE-2021-45616",
"lastModified": "2024-11-21T06:32:40.943",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 6.0,
"source": "cve@mitre.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-12-26T01:15:18.520",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.netgear.com/000064527/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-Routers-and-WiFi-Systems-PSV-2020-0576"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.netgear.com/000064527/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-Routers-and-WiFi-Systems-PSV-2020-0576"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-12-26 01:15
Modified
2024-11-21 06:32
Severity ?
9.6 (Critical) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR40 before 2.5.0.24, CBR750 before 4.6.3.6, EAX20 before 1.0.0.58, EAX80 before 1.0.1.68, EX7500 before 1.0.0.74, LAX20 before 1.1.6.28, MK62 before 1.0.6.116, MR60 before 1.0.6.116, MS60 before 1.0.6.116, R6400 before 1.0.1.70, R6400v2 before 1.0.4.118, R6700v3 before 1.0.4.118, R6900P before 1.3.3.140, R7000 before 1.0.11.116, R7000P before 1.3.3.140, R7850 before 1.0.5.68, R7900 before 1.0.4.38, R7900P before 1.4.2.84, R7960P before 1.4.2.84, R8000 before 1.0.4.68, R8000P before 1.4.2.84, RAX15 before 1.0.3.96, RAX20 before 1.0.3.96, RAX200 before 1.0.4.120, RAX35v2 before 1.0.3.96, RAX40v2 before 1.0.3.96, RAX43 before 1.0.3.96, RAX45 before 1.0.3.96, RAX50 before 1.0.3.96, RAX75 before 1.0.4.120, RAX80 before 1.0.4.120, RBK752 before 3.2.17.12, RBK852 before 3.2.17.12, RBR750 before 3.2.17.12, RBR850 before 3.2.17.12, RBS750 before 3.2.17.12, RBS850 before 3.2.17.12, RS400 before 1.5.1.80, XR1000 before 1.0.0.58, and XR300 before 1.0.3.68.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:cbr40_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7483E92A-5858-49B5-9499-E132941F5ACD",
"versionEndExcluding": "2.5.0.24",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:cbr40:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AE0F7E9E-196C-4106-B1C9-C16FA5910A0F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:cbr750_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A87D3ACB-B5A3-4F1F-BF46-73C0AD690D8C",
"versionEndExcluding": "4.6.3.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:cbr750:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CBD14EFC-C6EF-485B-A594-73B8525704A5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:eax20_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FCA48F47-FC18-4953-BA90-1F4F3695A2BE",
"versionEndExcluding": "1.0.0.58",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:eax20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A9D3B54B-33C0-4E50-AD2B-2097C612F288",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:eax80_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AC9EE9DE-DD58-46A9-87FB-D284EBE0ACC1",
"versionEndExcluding": "1.0.1.68",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:eax80:-:*:*:*:*:*:*:*",
"matchCriteriaId": "97740F5D-063E-424F-A0FE-09EBE1100975",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:ex7500_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0EB8CD19-4963-42A8-B9E6-63ED5EC35119",
"versionEndExcluding": "1.0.0.74",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:ex7500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "44336289-F9DA-4779-8C1A-0221E29E2E2F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:lax20_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "48709EA4-81F3-4CF1-B9A8-5379309914B0",
"versionEndExcluding": "1.1.6.28",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:lax20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "491CEB8D-22F3-4F86-96F0-03C5C58BA295",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:mk62_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AE40C2D0-0863-4E0F-B3E7-6FD043B46467",
"versionEndExcluding": "1.0.6.116",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:mk62:-:*:*:*:*:*:*:*",
"matchCriteriaId": "69A79475-37BE-47BD-A629-DCEF22500B0B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:mr60_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EA438541-75AE-4D6B-AB56-02760D08D465",
"versionEndExcluding": "1.0.6.116",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:mr60:-:*:*:*:*:*:*:*",
"matchCriteriaId": "65BB3ECD-2F0B-4625-A1DB-F6CEFC46E277",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:ms60_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2234C485-F411-48CC-9A0B-AA49B6961E38",
"versionEndExcluding": "1.0.6.116",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:ms60:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F003F064-591C-4D7C-9EC4-D0E553BC6683",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6400v2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0095B9D4-E161-4050-B283-2166CB86CB24",
"versionEndExcluding": "1.0.4.118",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6400v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AFE6B3A8-0601-44EA-AD9B-3BDDE6654FDF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6700v3_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0702F9B6-2DAC-4308-8737-9F85AD28E847",
"versionEndExcluding": "1.0.4.118",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6700v3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C88DA385-5FAE-49EC-80D6-78F81E7EEC16",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6900p_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "94795476-184B-4E7D-9D8B-ECB45609108E",
"versionEndExcluding": "1.3.3.140",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6900p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C41908FF-AE64-4949-80E3-BEE061B2DA8A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r7000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D9F1DAD0-F8B8-48D5-B571-C55636B274C3",
"versionEndExcluding": "1.0.11.116",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r7000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C9F86FF6-AB32-4E51-856A-DDE790C0A9A6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r7000p_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C3A7E8BF-8CC3-4806-89F5-FBE01A36A1FD",
"versionEndExcluding": "1.3.3.140",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r7000p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DFE55F4D-E98B-46D3-B870-041141934CD1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r7850_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EF7A1DF8-E9A0-4312-AC37-DEB46E37EE50",
"versionEndExcluding": "1.0.5.68",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r7850:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DAF94D73-B6D0-4334-9A41-83AA92B7C6DF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r7900_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "96390A31-03B8-477B-8710-F797CB44E741",
"versionEndExcluding": "1.0.4.38",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r7900:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C484840F-AF30-4B5C-821A-4DB9BE407BDB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r7900p_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EA344C08-94F1-47F8-9607-3D854B890E19",
"versionEndExcluding": "1.4.2.84",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r7900p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F3D6A70D-66AF-4064-9F1B-4358D4B1F016",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r7960p_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "33B2293C-09AD-4B5A-B2A0-923E2B9923AA",
"versionEndExcluding": "1.4.2.84",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r7960p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "091CEDB5-0069-4253-86D8-B9FE17CB9F24",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r8000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D10E41DC-982F-444A-9A4D-82EC2BA64199",
"versionEndExcluding": "1.0.4.68",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r8000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5B39F095-8FE8-43FD-A866-7B613B495984",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r8000p_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4905D866-2326-487F-AAA5-96ABA0DBD56E",
"versionEndExcluding": "1.4.2.84",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r8000p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F7EF872D-2537-4FEB-8799-499FC9D44339",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rax15_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2268D5EF-E7FA-4112-A468-507417E18FFF",
"versionEndExcluding": "1.0.3.96",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rax15:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B624B4D3-BCF4-4F95-B401-A88BEC3145A5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rax20_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "31289572-2197-4A38-8353-CA4AAD491160",
"versionEndExcluding": "1.0.3.96",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rax20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7038703C-C79D-4DD4-8B16-E1A5FC6694C0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rax200_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6334DE4D-E78B-4582-9C6F-6123DA5192C7",
"versionEndExcluding": "1.0.4.120",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rax200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "58EB0F2F-FB5C-47D9-9AE6-087AE517B3F9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rax35v2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "841D857C-3387-43E0-A3AF-0E81CBEE3E40",
"versionEndExcluding": "1.0.3.96",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rax35v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9358B2F2-D24E-434D-AEE5-6CE093598793",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rax40v2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4FF0E5B9-8D2D-4A3F-881E-2E3122B3577C",
"versionEndExcluding": "1.0.3.96",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rax40v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3CEAD12D-6D90-4CFB-9E59-2CEBD400C567",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rax43_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8AC89EAA-344C-438E-A5A5-2C34CF699743",
"versionEndExcluding": "1.0.3.96",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rax43:-:*:*:*:*:*:*:*",
"matchCriteriaId": "178BB386-F66C-4CE8-9283-37D22B304691",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rax45_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0706367A-3F60-4564-8689-E0A46DDC31C2",
"versionEndExcluding": "1.0.3.96",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rax45:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4B08BD69-CDCC-4CEB-B887-4E47D2B45D26",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rax50_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "679C4EC5-D17E-469B-A28F-BF5E231CED3D",
"versionEndExcluding": "1.0.3.96",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rax50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C430976E-24C0-4EA7-BF54-F9C188AB9C01",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rax75_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BDF9F3BA-4239-4F4D-A65E-A6752A5420F6",
"versionEndExcluding": "1.0.4.120",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rax75:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1BAA74D7-36A1-4494-96A2-BD0D2D6BF22F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rax80_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "334BB384-5C29-4D24-9F82-B8EE8D0CA8BF",
"versionEndExcluding": "1.0.4.120",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rax80:-:*:*:*:*:*:*:*",
"matchCriteriaId": "06B5A85C-3588-4263-B9AD-4E56D3F6CB16",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rbk752_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D8D90FF3-F5CE-43DF-ACF7-C64DBDCCA185",
"versionEndExcluding": "3.2.17.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rbk752:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A45832BD-114D-42F1-B9F1-7532496D30A6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rbk852_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "845C1FCC-F54B-452A-B121-1CD1A7867027",
"versionEndExcluding": "3.2.17.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rbk852:-:*:*:*:*:*:*:*",
"matchCriteriaId": "14F257FE-31CE-4F74-829D-29407D74ADF7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rbr750_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B6AE1767-9D9A-4E9E-B088-6727FACFDE5C",
"versionEndExcluding": "3.2.17.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rbr750:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C13F5C69-FA9B-472A-9036-0C2967BDCDE9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rbr850_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "01E0EF50-145F-407A-8915-4EFFCD833505",
"versionEndExcluding": "3.2.17.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rbr850:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D92E4C8E-222A-476C-8273-F7171FC61F0B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rbs750_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F614A1AB-F0C0-45D7-8D91-ECA3C1AA9165",
"versionEndExcluding": "3.2.17.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rbs750:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B529194C-C440-4BC3-850F-0613FC548F86",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rbs850_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0DC5A075-0619-409C-B057-41015B8C54B3",
"versionEndExcluding": "3.2.17.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rbs850:-:*:*:*:*:*:*:*",
"matchCriteriaId": "221CA950-E984-44CD-9E1B-3AADE3CEBE52",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rs400_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "95AF0FA9-F2C5-4D84-BF37-AA8CB6EC3C4A",
"versionEndExcluding": "1.5.1.80",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rs400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2700644E-0940-4D05-B3CA-904D91739E58",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:xr1000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F615F516-29EF-4C15-9E18-C5D4F6291A38",
"versionEndExcluding": "1.0.0.58",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:xr1000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4FD4ED11-4130-47DA-8A9D-55B8F6E3E213",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:xr300_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3AE70236-D1C6-4B58-8385-1FA5F71916AF",
"versionEndExcluding": "1.0.3.68",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:xr300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5590CF28-B88A-4755-904B-1BC1778FBEDD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6400_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CA1BB56F-20B5-4A79-AE9D-429A011EAA4C",
"versionEndExcluding": "1.0.1.70",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3E4CDF6B-3829-44D0-9675-71D7BE83CAA2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR40 before 2.5.0.24, CBR750 before 4.6.3.6, EAX20 before 1.0.0.58, EAX80 before 1.0.1.68, EX7500 before 1.0.0.74, LAX20 before 1.1.6.28, MK62 before 1.0.6.116, MR60 before 1.0.6.116, MS60 before 1.0.6.116, R6400 before 1.0.1.70, R6400v2 before 1.0.4.118, R6700v3 before 1.0.4.118, R6900P before 1.3.3.140, R7000 before 1.0.11.116, R7000P before 1.3.3.140, R7850 before 1.0.5.68, R7900 before 1.0.4.38, R7900P before 1.4.2.84, R7960P before 1.4.2.84, R8000 before 1.0.4.68, R8000P before 1.4.2.84, RAX15 before 1.0.3.96, RAX20 before 1.0.3.96, RAX200 before 1.0.4.120, RAX35v2 before 1.0.3.96, RAX40v2 before 1.0.3.96, RAX43 before 1.0.3.96, RAX45 before 1.0.3.96, RAX50 before 1.0.3.96, RAX75 before 1.0.4.120, RAX80 before 1.0.4.120, RBK752 before 3.2.17.12, RBK852 before 3.2.17.12, RBR750 before 3.2.17.12, RBR850 before 3.2.17.12, RBS750 before 3.2.17.12, RBS850 before 3.2.17.12, RS400 before 1.5.1.80, XR1000 before 1.0.0.58, and XR300 before 1.0.3.68."
},
{
"lang": "es",
"value": "Determinados dispositivos NETGEAR est\u00e1n afectados por una inyecci\u00f3n de comandos por parte de un atacante no autenticado. Esto afecta a CBR40 versiones anteriores a 2.5.0.24, CBR750 versiones anteriores a 4.6.3.6, EAX20 versiones anteriores a 1.0.0.58, EAX80 versiones anteriores a 1.0.1.68, EX7500 versiones anteriores a 1.0.0.74, LAX20 versiones anteriores a 1.1.6.28, MK62 versiones anteriores a 1.0.6.116, MR60 versiones anteriores a 1.0.6.116, MS60 versiones anteriores a 1.0.6.116, R6400 versiones anteriores a 1.0.1. 70, R6400v2 versiones anteriores a 1.0.4.118, R6700v3 versiones anteriores a 1.0.4.118, R6900P versiones anteriores a 1.3.3.140, R7000 versiones anteriores a 1.0.11.116, R7000P versiones anteriores a 1.3.3.140, R7850 versiones anteriores a 1.0.5.68, R7900 versiones anteriores a 1.0.4.38, R7900P versiones anteriores a 1.4.2.84, R7960P versiones anteriores a 1.4.2.84, R8000 versiones anteriores a 1.0.4. 68, R8000P versiones anteriores a 1.4.2.84, RAX15 versiones anteriores a 1.0.3.96, RAX20 versiones anteriores a 1.0.3.96, RAX200 versiones anteriores a 1.0.4.120, RAX35v2 versiones anteriores a 1.0.3.96, RAX40v2 versiones anteriores a 1.0.3.96, RAX43 versiones anteriores a 1.0.3.96, RAX45 versiones anteriores a 1.0.3.96, RAX50 versiones anteriores a 1.0.3.96, RAX75 versiones anteriores a 1.0.4. 120, RAX80 versiones anteriores a 1.0.4.120, RBK752 versiones anteriores a 3.2.17.12, RBK852 versiones anteriores a 3.2.17.12, RBR750 versiones anteriores a 3.2.17.12, RBR850 versiones anteriores a 3.2.17.12, RBS750 versiones anteriores a 3.2.17.12, RBS850 versiones anteriores a 3.2.17.12, RS400 versiones anteriores a 1.5.1.80, XR1000 versiones anteriores a 1.0.0.58 y XR300 versiones anteriores a 1.0.3.68"
}
],
"id": "CVE-2021-45622",
"lastModified": "2024-11-21T06:32:42.160",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 6.0,
"source": "cve@mitre.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-12-26T01:15:18.810",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "https://kb.netgear.com/000064509/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-Routers-Extender-WiFi-Systems-PSV-2020-0506"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://kb.netgear.com/000064509/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-Routers-Extender-WiFi-Systems-PSV-2020-0506"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-11-15 16:15
Modified
2024-11-21 06:11
Severity ?
Summary
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6400v2 1.0.4.106_10.0.80 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UPnP service, which listens on TCP port 5000 by default. When parsing the uuid request header, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-14110.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:ex3700_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A65EE9FC-A015-4D92-8DA3-40C8594D843D",
"versionEndExcluding": "1.0.0.94",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:ex3700:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CDAA5899-B73C-4690-853E-B5400F034BE1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:ex3800_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ED72FFCA-F5A8-480D-8A29-C14FFC490B33",
"versionEndExcluding": "1.0.0.94",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:ex3800:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CC5488D9-651C-4BAB-A141-06B816690D42",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:ex6120_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8ECBE89E-3C81-470A-80C0-F742D7ABC66D",
"versionEndExcluding": "1.0.0.66",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:ex6120:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8C6DFDB6-1D7A-459A-8D30-FD4900ED718B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:ex6130_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "18CD63F9-F5F6-4EE0-89B5-0EBA58E25245",
"versionEndExcluding": "1.0.0.66",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:ex6130:-:*:*:*:*:*:*:*",
"matchCriteriaId": "305E295C-9C73-4798-A0BE-7973E1EE5EAB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6400_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7C7F4455-0A09-49B7-A117-1834F20B9FD1",
"versionEndExcluding": "1.0.1.76",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3E4CDF6B-3829-44D0-9675-71D7BE83CAA2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6400v2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "58DA0D12-4A91-4063-94C1-5154669BE6D5",
"versionEndExcluding": "1.0.4.120",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6400v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AFE6B3A8-0601-44EA-AD9B-3BDDE6654FDF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6700v3_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6EEB4D53-DD21-4145-B802-3ECC00998CC4",
"versionEndExcluding": "1.0.4.120",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6700v3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C88DA385-5FAE-49EC-80D6-78F81E7EEC16",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6900p_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "16A433A7-58F9-43F2-A2B1-A9FBEB518328",
"versionEndExcluding": "1.3.3.142",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6900p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C41908FF-AE64-4949-80E3-BEE061B2DA8A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r7000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "047F5F65-909C-4151-A8DF-B3DD7CDEEDEF",
"versionEndExcluding": "1.0.11.128",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r7000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C9F86FF6-AB32-4E51-856A-DDE790C0A9A6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r7000p_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "58DD8137-1332-4EAC-BFC2-1C457E92758C",
"versionEndExcluding": "1.3.3.142",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r7000p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DFE55F4D-E98B-46D3-B870-041141934CD1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r7100lg_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F445F83B-1CFC-41E9-9446-72E1FCE5A222",
"versionEndExcluding": "1.0.0.72",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r7100lg:-:*:*:*:*:*:*:*",
"matchCriteriaId": "366FA778-3C2A-42AF-9141-DAD7043B406C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r7850_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "17FF56D6-F2B4-406A-AFFE-B9502E22FFDE",
"versionEndExcluding": "1.0.5.76",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r7850:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DAF94D73-B6D0-4334-9A41-83AA92B7C6DF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r7900p_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EA344C08-94F1-47F8-9607-3D854B890E19",
"versionEndExcluding": "1.4.2.84",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r7900p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F3D6A70D-66AF-4064-9F1B-4358D4B1F016",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r7960p_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "33B2293C-09AD-4B5A-B2A0-923E2B9923AA",
"versionEndExcluding": "1.4.2.84",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r7960p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "091CEDB5-0069-4253-86D8-B9FE17CB9F24",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r8000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A83ECB19-F32A-4413-8B51-3B871F1C2610",
"versionEndExcluding": "1.0.4.76",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r8000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5B39F095-8FE8-43FD-A866-7B613B495984",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r8000p_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4905D866-2326-487F-AAA5-96ABA0DBD56E",
"versionEndExcluding": "1.4.2.84",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r8000p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F7EF872D-2537-4FEB-8799-499FC9D44339",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r8300_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CB34F838-B338-41CC-9EC8-4712C4CF84AE",
"versionEndExcluding": "1.0.2.156",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r8300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7A9B77E7-7439-48C6-989F-5E22CB4D3044",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r8500_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FA5D6D75-ADD4-4D61-A54A-4DA0FE9722B9",
"versionEndExcluding": "1.0.2.156",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r8500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "63500DE4-BDBD-4F86-AB99-7DB084D0B912",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rax15_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F8D5268F-C2DA-4323-A71A-784DAB080D64",
"versionEndExcluding": "1.0.4.100",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rax15:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B624B4D3-BCF4-4F95-B401-A88BEC3145A5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rax20_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4936DA57-0FEF-4BD1-8075-7DBB144D6C51",
"versionEndExcluding": "1.0.4.100",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rax20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7038703C-C79D-4DD4-8B16-E1A5FC6694C0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rax200_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1071E817-2865-4D9A-BAD6-36CDCC86A2D3",
"versionEndExcluding": "1.0.5.132",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rax200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "58EB0F2F-FB5C-47D9-9AE6-087AE517B3F9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rax35v2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6C8EBFE8-A19D-4095-902D-E3DE5FE9B152",
"versionEndExcluding": "1.0.4.100",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rax35v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9358B2F2-D24E-434D-AEE5-6CE093598793",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rax38v2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "622B679D-8F20-40A2-B8CB-054FCB13DC8E",
"versionEndExcluding": "1.0.4.100",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rax38v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DE59D8F1-1883-4C96-8099-AA6B362A8D2B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rax40v2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6E7252E5-A12A-49E7-BFF5-2974FBC876F0",
"versionEndExcluding": "1.0.4.100",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rax40v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3CEAD12D-6D90-4CFB-9E59-2CEBD400C567",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rax42_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6786B925-498E-458D-94F4-83F337DE469C",
"versionEndExcluding": "1.0.4.100",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rax42:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D83182AB-E726-4371-B092-FA1920408FED",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rax43_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3128D842-33C1-453A-B4BF-F383F7C7A924",
"versionEndExcluding": "1.0.4.100",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rax43:-:*:*:*:*:*:*:*",
"matchCriteriaId": "178BB386-F66C-4CE8-9283-37D22B304691",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rax45_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7EDFCA49-7EF9-413B-A7CA-7D51CA7D12CB",
"versionEndExcluding": "1.0.4.100",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rax45:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4B08BD69-CDCC-4CEB-B887-4E47D2B45D26",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rax48_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "78BF9561-75D1-4B7A-ABE3-871D6C647978",
"versionEndExcluding": "1.0.4.100",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rax48:-:*:*:*:*:*:*:*",
"matchCriteriaId": "09E50F2A-C46C-4875-84AB-04AA00BFA53F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rax50_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D36A7666-610A-4C67-AD7D-C4473CC35994",
"versionEndExcluding": "1.0.4.100",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rax50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C430976E-24C0-4EA7-BF54-F9C188AB9C01",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rax50s_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3F6B59EE-5B90-4139-8306-B50846BB1EC6",
"versionEndExcluding": "1.0.4.100",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rax50s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DBB69710-DA7E-4011-A61A-BA40462A041F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rax75_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6065375D-CB51-403B-B6CD-BBBA53685E08",
"versionEndExcluding": "1.0.5.132",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rax75:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1BAA74D7-36A1-4494-96A2-BD0D2D6BF22F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rax80_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "324447B4-A3B2-41C7-A003-F7A09C66ACD2",
"versionEndExcluding": "1.0.5.132",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rax80:-:*:*:*:*:*:*:*",
"matchCriteriaId": "06B5A85C-3588-4263-B9AD-4E56D3F6CB16",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:raxe450_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "24003AB5-CFB9-4A28-BDBE-2800B5222865",
"versionEndExcluding": "1.0.8.70",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:raxe450:-:*:*:*:*:*:*:*",
"matchCriteriaId": "67D7EC2C-E443-4749-854E-5BC057CA6B06",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:raxe500_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "018EFBF6-9AE3-4361-B8E2-A0A4B668295F",
"versionEndExcluding": "1.0.8.70",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:raxe500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6D23ADF0-05B4-4163-9666-3F470FB19E01",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rs400_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "95AF0FA9-F2C5-4D84-BF37-AA8CB6EC3C4A",
"versionEndExcluding": "1.5.1.80",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rs400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2700644E-0940-4D05-B3CA-904D91739E58",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:wndr3400v3_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "836591C8-6B93-4C41-808D-9FF4080A5F51",
"versionEndExcluding": "1.0.1.42",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:wndr3400v3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "37F227D8-332F-4D24-BAEA-AA5DB3E3EC95",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:wnr3500lv2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E3EC77D7-D5B5-48A4-ACF9-7919A7254A31",
"versionEndExcluding": "1.2.0.70",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:wnr3500lv2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FC3F6D58-D900-41B4-8626-58928866208A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:xr300_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3AE70236-D1C6-4B58-8385-1FA5F71916AF",
"versionEndExcluding": "1.0.3.68",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:xr300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5590CF28-B88A-4755-904B-1BC1778FBEDD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:d6220_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FD93F750-1D77-4E8F-86EB-581C0102474B",
"versionEndExcluding": "1.0.0.76",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:d6220:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F3EEA190-2E9C-4586-BF81-B115532FBA23",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:d6400_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "204E3FEE-153C-46A8-8651-8CF90A37F04D",
"versionEndExcluding": "1.0.0.108",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:d6400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7D30939B-86E3-4C78-9B05-686B4994C8B9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:d7000v2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9F21298B-8FEA-4E17-BF38-65F247D6271C",
"versionEndExcluding": "1.0.0.76",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:d7000v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6DC6BD34-1A2C-4247-A20C-0B44C0F56E0F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:dgn2200v4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9EDEBC41-D9AA-4822-AC01-CFA4B24A08A6",
"versionEndExcluding": "1.0.0.126",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:dgn2200v4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0BE59214-C8A1-4337-A54C-E4E8C149B241",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:dc112a_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3B4ECB05-E606-439C-9B67-DB5042FCD50E",
"versionEndExcluding": "1.0.0.62",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:dc112a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F87FFC46-137D-45B8-B437-F15565FB33D0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:cax80_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EE9AC94C-3222-4673-8147-7BD5CBB6FFA9",
"versionEndExcluding": "2.1.3.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:cax80:-:*:*:*:*:*:*:*",
"matchCriteriaId": "673A83EA-E359-4629-8B20-5382C15260B2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6400v2 1.0.4.106_10.0.80 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UPnP service, which listens on TCP port 5000 by default. When parsing the uuid request header, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-14110."
},
{
"lang": "es",
"value": "Esta vulnerabilidad permite a atacantes adyacentes a la red ejecutar c\u00f3digo arbitrario en las instalaciones afectadas de los routers NETGEAR versi\u00f3n R6400v2 1.0.4.106_10.0.80. No es requerida una autenticaci\u00f3n para explotar esta vulnerabilidad. El fallo espec\u00edfico es presentado en el servicio UPnP, que escucha en el puerto TCP 5000 por defecto. Cuando analiza el encabezado petici\u00f3n uuid, el proceso no comprueba correctamente la longitud de los datos suministrados por el usuario antes de copiarlos en un b\u00fafer de longitud fija en la regi\u00f3n stack de la memoria. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto de root. Fue ZDI-CAN-14110"
}
],
"id": "CVE-2021-34991",
"lastModified": "2024-11-21T06:11:39.183",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 6.5,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "zdi-disclosures@trendmicro.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-11-15T16:15:09.547",
"references": [
{
"source": "zdi-disclosures@trendmicro.com",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.netgear.com/000064361/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Multiple-Products-PSV-2021-0168"
},
{
"source": "zdi-disclosures@trendmicro.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1303/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.netgear.com/000064361/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Multiple-Products-PSV-2021-0168"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1303/"
}
],
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-121"
}
],
"source": "zdi-disclosures@trendmicro.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-12-26 01:15
Modified
2024-11-21 06:32
Severity ?
9.6 (Critical) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR40 before 2.5.0.24, CBR750 before 3.2.18.2, EAX20 before 1.0.0.58, EAX80 before 1.0.1.68, EX3700 before 1.0.0.94, EX3800 before 1.0.0.94, EX6120 before 1.0.0.64, EX6130 before 1.0.0.44, EX7000 before 1.0.1.104, EX7500 before 1.0.0.74, LAX20 before 1.1.6.28, MR60 before 1.0.6.116, MS60 before 1.0.6.116, R6300v2 before 1.0.4.52, R6400 before 1.0.1.70, R6400v2 before 1.0.4.106, R6700v3 before 1.0.4.106, R6900P before 1.3.3.140, R7000 before 1.0.11.126, R7000P before 1.3.3.140, R7100LG before 1.0.0.72, R7850 before 1.0.5.74, R7900 before 1.0.4.46, R7900P before 1.4.2.84, R7960P before 1.4.2.84, R8000 before 1.0.4.74, R8000P before 1.4.2.84, R8300 before 1.0.2.154, R8500 before 1.0.2.154, RAX15 before 1.0.3.96, RAX20 before 1.0.3.96, RAX200 before 1.0.4.120, RAX35v2 before 1.0.3.96, RAX40v2 before 1.0.3.96, RAX43 before 1.0.3.96, RAX45 before 1.0.3.96, RAX50 before 1.0.3.96, RAX75 before 1.0.4.120, RAX80 before 1.0.4.120, RBK752 before 3.2.17.12, RBK852 before 3.2.17.12, RBK852 before 3.2.17.12, RBR750 before 3.2.17.12, RBR850 before 3.2.17.12, RBR850 before 3.2.17.12, RBS750 before 3.2.17.12, RBS850 before 3.2.17.12, RBS850 before 3.2.17.12, RS400 before 1.5.1.80, XR1000 before 1.0.0.58, and XR300 before 1.0.3.68.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:cbr40_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7483E92A-5858-49B5-9499-E132941F5ACD",
"versionEndExcluding": "2.5.0.24",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:cbr40:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AE0F7E9E-196C-4106-B1C9-C16FA5910A0F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:cbr750_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DCDDC785-6FEC-4D94-86D1-8E55FB0CA6C1",
"versionEndExcluding": "3.2.18.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:cbr750:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CBD14EFC-C6EF-485B-A594-73B8525704A5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:eax20_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FCA48F47-FC18-4953-BA90-1F4F3695A2BE",
"versionEndExcluding": "1.0.0.58",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:eax20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A9D3B54B-33C0-4E50-AD2B-2097C612F288",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:eax80_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AC9EE9DE-DD58-46A9-87FB-D284EBE0ACC1",
"versionEndExcluding": "1.0.1.68",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:eax80:-:*:*:*:*:*:*:*",
"matchCriteriaId": "97740F5D-063E-424F-A0FE-09EBE1100975",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rax15_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2268D5EF-E7FA-4112-A468-507417E18FFF",
"versionEndExcluding": "1.0.3.96",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rax15:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B624B4D3-BCF4-4F95-B401-A88BEC3145A5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rax20_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "31289572-2197-4A38-8353-CA4AAD491160",
"versionEndExcluding": "1.0.3.96",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rax20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7038703C-C79D-4DD4-8B16-E1A5FC6694C0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rax200_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6334DE4D-E78B-4582-9C6F-6123DA5192C7",
"versionEndExcluding": "1.0.4.120",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rax200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "58EB0F2F-FB5C-47D9-9AE6-087AE517B3F9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rax35v2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "841D857C-3387-43E0-A3AF-0E81CBEE3E40",
"versionEndExcluding": "1.0.3.96",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rax35v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9358B2F2-D24E-434D-AEE5-6CE093598793",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rax40v2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4FF0E5B9-8D2D-4A3F-881E-2E3122B3577C",
"versionEndExcluding": "1.0.3.96",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rax40v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3CEAD12D-6D90-4CFB-9E59-2CEBD400C567",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rax43_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8AC89EAA-344C-438E-A5A5-2C34CF699743",
"versionEndExcluding": "1.0.3.96",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rax43:-:*:*:*:*:*:*:*",
"matchCriteriaId": "178BB386-F66C-4CE8-9283-37D22B304691",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rax45_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0706367A-3F60-4564-8689-E0A46DDC31C2",
"versionEndExcluding": "1.0.3.96",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rax45:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4B08BD69-CDCC-4CEB-B887-4E47D2B45D26",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rax50_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "679C4EC5-D17E-469B-A28F-BF5E231CED3D",
"versionEndExcluding": "1.0.3.96",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rax50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C430976E-24C0-4EA7-BF54-F9C188AB9C01",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rax75_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BDF9F3BA-4239-4F4D-A65E-A6752A5420F6",
"versionEndExcluding": "1.0.4.120",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rax75:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1BAA74D7-36A1-4494-96A2-BD0D2D6BF22F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rax80_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "334BB384-5C29-4D24-9F82-B8EE8D0CA8BF",
"versionEndExcluding": "1.0.4.120",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rax80:-:*:*:*:*:*:*:*",
"matchCriteriaId": "06B5A85C-3588-4263-B9AD-4E56D3F6CB16",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rbk752_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D8D90FF3-F5CE-43DF-ACF7-C64DBDCCA185",
"versionEndExcluding": "3.2.17.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rbk752:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A45832BD-114D-42F1-B9F1-7532496D30A6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rbk852_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "845C1FCC-F54B-452A-B121-1CD1A7867027",
"versionEndExcluding": "3.2.17.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rbk852:-:*:*:*:*:*:*:*",
"matchCriteriaId": "14F257FE-31CE-4F74-829D-29407D74ADF7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rbr750_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B6AE1767-9D9A-4E9E-B088-6727FACFDE5C",
"versionEndExcluding": "3.2.17.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rbr750:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C13F5C69-FA9B-472A-9036-0C2967BDCDE9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rbr850_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "01E0EF50-145F-407A-8915-4EFFCD833505",
"versionEndExcluding": "3.2.17.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rbr850:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D92E4C8E-222A-476C-8273-F7171FC61F0B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rbs750_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F614A1AB-F0C0-45D7-8D91-ECA3C1AA9165",
"versionEndExcluding": "3.2.17.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rbs750:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B529194C-C440-4BC3-850F-0613FC548F86",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rbs850_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0DC5A075-0619-409C-B057-41015B8C54B3",
"versionEndExcluding": "3.2.17.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rbs850:-:*:*:*:*:*:*:*",
"matchCriteriaId": "221CA950-E984-44CD-9E1B-3AADE3CEBE52",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rs400_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "95AF0FA9-F2C5-4D84-BF37-AA8CB6EC3C4A",
"versionEndExcluding": "1.5.1.80",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rs400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2700644E-0940-4D05-B3CA-904D91739E58",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:xr1000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F615F516-29EF-4C15-9E18-C5D4F6291A38",
"versionEndExcluding": "1.0.0.58",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:xr1000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4FD4ED11-4130-47DA-8A9D-55B8F6E3E213",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:xr300_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3AE70236-D1C6-4B58-8385-1FA5F71916AF",
"versionEndExcluding": "1.0.3.68",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:xr300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5590CF28-B88A-4755-904B-1BC1778FBEDD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:ex3700_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A65EE9FC-A015-4D92-8DA3-40C8594D843D",
"versionEndExcluding": "1.0.0.94",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:ex3700:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CDAA5899-B73C-4690-853E-B5400F034BE1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:ex3800_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ED72FFCA-F5A8-480D-8A29-C14FFC490B33",
"versionEndExcluding": "1.0.0.94",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:ex3800:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CC5488D9-651C-4BAB-A141-06B816690D42",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:ex6120_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9B9DB22D-0775-48CE-A97D-BA3B5873C9F8",
"versionEndExcluding": "1.0.0.64",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:ex6120:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8C6DFDB6-1D7A-459A-8D30-FD4900ED718B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:ex6130_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F747A14B-5331-428E-8B53-724090554E07",
"versionEndExcluding": "1.0.0.44",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:ex6130:-:*:*:*:*:*:*:*",
"matchCriteriaId": "305E295C-9C73-4798-A0BE-7973E1EE5EAB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:ex7000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A2826A7E-990D-455A-8B16-CBCCC4633B97",
"versionEndExcluding": "1.0.1.104",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:ex7000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9F45B620-60B8-40F3-A055-181ADD71EFFF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:ex7500_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0EB8CD19-4963-42A8-B9E6-63ED5EC35119",
"versionEndExcluding": "1.0.0.74",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:ex7500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "44336289-F9DA-4779-8C1A-0221E29E2E2F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:lax20_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "48709EA4-81F3-4CF1-B9A8-5379309914B0",
"versionEndExcluding": "1.1.6.28",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:lax20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "491CEB8D-22F3-4F86-96F0-03C5C58BA295",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:mr60_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EA438541-75AE-4D6B-AB56-02760D08D465",
"versionEndExcluding": "1.0.6.116",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:mr60:-:*:*:*:*:*:*:*",
"matchCriteriaId": "65BB3ECD-2F0B-4625-A1DB-F6CEFC46E277",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:ms60_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2234C485-F411-48CC-9A0B-AA49B6961E38",
"versionEndExcluding": "1.0.6.116",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:ms60:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F003F064-591C-4D7C-9EC4-D0E553BC6683",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6300v2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4E00ABB7-A3E9-4E41-82CB-3AADC276C3AC",
"versionEndExcluding": "1.0.4.52",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6300v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7909744D-FE9B-49D1-ADB3-029CCC432A47",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6400_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CA1BB56F-20B5-4A79-AE9D-429A011EAA4C",
"versionEndExcluding": "1.0.1.70",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3E4CDF6B-3829-44D0-9675-71D7BE83CAA2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6400v2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A95F7AFD-13E8-49B7-BA80-D8BC61C254FE",
"versionEndExcluding": "1.0.4.106",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6400v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AFE6B3A8-0601-44EA-AD9B-3BDDE6654FDF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6700v3_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7A33291E-18F7-452C-A5EF-7B3C2D087704",
"versionEndExcluding": "1.0.4.106",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6700v3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C88DA385-5FAE-49EC-80D6-78F81E7EEC16",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6900p_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "94795476-184B-4E7D-9D8B-ECB45609108E",
"versionEndExcluding": "1.3.3.140",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6900p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C41908FF-AE64-4949-80E3-BEE061B2DA8A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r7000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A0E06EFF-9D71-43DB-A304-9A41998FD68A",
"versionEndExcluding": "1.0.11.126",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r7000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C9F86FF6-AB32-4E51-856A-DDE790C0A9A6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r7000p_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C3A7E8BF-8CC3-4806-89F5-FBE01A36A1FD",
"versionEndExcluding": "1.3.3.140",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r7000p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DFE55F4D-E98B-46D3-B870-041141934CD1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r7100lg_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F445F83B-1CFC-41E9-9446-72E1FCE5A222",
"versionEndExcluding": "1.0.0.72",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r7100lg:-:*:*:*:*:*:*:*",
"matchCriteriaId": "366FA778-3C2A-42AF-9141-DAD7043B406C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r7850_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8491F80C-E57A-4862-B969-F43799A47D06",
"versionEndExcluding": "1.0.5.74",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r7850:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DAF94D73-B6D0-4334-9A41-83AA92B7C6DF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r7900_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4195BC65-A849-4C3A-B726-E013CEB57F32",
"versionEndExcluding": "1.0.4.46",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r7900:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C484840F-AF30-4B5C-821A-4DB9BE407BDB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r8000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A662FDCF-DC41-4DC9-B77E-BE1D636AC0B3",
"versionEndExcluding": "1.0.4.74",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r8000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5B39F095-8FE8-43FD-A866-7B613B495984",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r8000p_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4905D866-2326-487F-AAA5-96ABA0DBD56E",
"versionEndExcluding": "1.4.2.84",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r8000p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F7EF872D-2537-4FEB-8799-499FC9D44339",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r8300_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "68D7FF2D-210A-4B16-B871-394413F64F3A",
"versionEndExcluding": "1.0.2.154",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r8300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7A9B77E7-7439-48C6-989F-5E22CB4D3044",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r8500_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "45ADC486-2457-496D-B887-EAAB9833E160",
"versionEndExcluding": "1.0.2.154",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r8500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "63500DE4-BDBD-4F86-AB99-7DB084D0B912",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r7900p_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EA344C08-94F1-47F8-9607-3D854B890E19",
"versionEndExcluding": "1.4.2.84",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r7900p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F3D6A70D-66AF-4064-9F1B-4358D4B1F016",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r7960p_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "33B2293C-09AD-4B5A-B2A0-923E2B9923AA",
"versionEndExcluding": "1.4.2.84",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r7960p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "091CEDB5-0069-4253-86D8-B9FE17CB9F24",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR40 before 2.5.0.24, CBR750 before 3.2.18.2, EAX20 before 1.0.0.58, EAX80 before 1.0.1.68, EX3700 before 1.0.0.94, EX3800 before 1.0.0.94, EX6120 before 1.0.0.64, EX6130 before 1.0.0.44, EX7000 before 1.0.1.104, EX7500 before 1.0.0.74, LAX20 before 1.1.6.28, MR60 before 1.0.6.116, MS60 before 1.0.6.116, R6300v2 before 1.0.4.52, R6400 before 1.0.1.70, R6400v2 before 1.0.4.106, R6700v3 before 1.0.4.106, R6900P before 1.3.3.140, R7000 before 1.0.11.126, R7000P before 1.3.3.140, R7100LG before 1.0.0.72, R7850 before 1.0.5.74, R7900 before 1.0.4.46, R7900P before 1.4.2.84, R7960P before 1.4.2.84, R8000 before 1.0.4.74, R8000P before 1.4.2.84, R8300 before 1.0.2.154, R8500 before 1.0.2.154, RAX15 before 1.0.3.96, RAX20 before 1.0.3.96, RAX200 before 1.0.4.120, RAX35v2 before 1.0.3.96, RAX40v2 before 1.0.3.96, RAX43 before 1.0.3.96, RAX45 before 1.0.3.96, RAX50 before 1.0.3.96, RAX75 before 1.0.4.120, RAX80 before 1.0.4.120, RBK752 before 3.2.17.12, RBK852 before 3.2.17.12, RBK852 before 3.2.17.12, RBR750 before 3.2.17.12, RBR850 before 3.2.17.12, RBR850 before 3.2.17.12, RBS750 before 3.2.17.12, RBS850 before 3.2.17.12, RBS850 before 3.2.17.12, RS400 before 1.5.1.80, XR1000 before 1.0.0.58, and XR300 before 1.0.3.68."
},
{
"lang": "es",
"value": "Determinados dispositivos NETGEAR est\u00e1n afectados por una inyecci\u00f3n de comandos por parte de un atacante no autenticado. Esto afecta a CBR40 versiones anteriores a 2.5.0.24, CBR750 versiones anteriores a 3.2.18.2, EAX20 versiones anteriores a 1.0.0.58, EAX80 versiones anteriores a 1.0.1.68, EX3700 versiones anteriores a 1.0.0.94, EX3800 versiones anteriores a 1.0.0. 94, EX6120 versiones anteriores a 1.0.0.64, EX6130 versiones anteriores a 1.0.0.44, EX7000 versiones anteriores a 1.0.1.104, EX7500 versiones anteriores a 1.0.0.74, LAX20 versiones anteriores a 1.1.6.28, MR60 versiones anteriores a 1.0.6.116, MS60 versiones anteriores a 1.0. 6.116, R6300v2 versiones anteriores a 1.0.4.52, R6400 versiones anteriores a 1.0.1.70, R6400v2 versiones anteriores a 1.0.4.106, R6700v3 versiones anteriores a 1.0.4.106, R6900P versiones anteriores a 1.3.3.140, R7000 versiones anteriores a 1.0.11. 126, R7000P versiones anteriores a 1.3.3.140, R7100LG versiones anteriores a 1.0.0.72, R7850 versiones anteriores a 1.0.5.74, R7900 versiones anteriores a 1.0.4.46, R7900P versiones anteriores a 1.4.2.84, R7960P versiones anteriores a 1.4.2.84, R8000 versiones anteriores a 1. 0.4.74, R8000P versiones anteriores a 1.4.2.84, R8300 versiones anteriores a 1.0.2.154, R8500 versiones anteriores a 1.0.2.154, RAX15 versiones anteriores a 1.0.3.96, RAX20 versiones anteriores a 1.0.3.96, RAX200 versiones anteriores a 1.0.4. 120, RAX35v2 versiones anteriores a 1.0.3.96, RAX40v2 versiones anteriores a 1.0.3.96, RAX43 versiones anteriores a 1.0.3.96, RAX45 versiones anteriores a 1.0.3.96, RAX50 versiones anteriores a 1.0.3.96, RAX75 versiones anteriores a 1.0.4.120, RAX80 versiones anteriores a 1. 0.4.120, RBK752 versiones anteriores a 3.2.17.12, RBK852 versiones anteriores a 3.2.17.12, RBK852 versiones anteriores a 3.2.17.12, RBR750 versiones anteriores a 3.2.17.12, RBR850 versiones anteriores a 3.2.17.12, RBR850 versiones anteriores a 3.2. 17.12, RBS750 versiones anteriores a 3.2.17.12, RBS850 versiones anteriores a 3.2.17.12, RBS850 versiones anteriores a 3.2.17.12, RS400 versiones anteriores a 1.5.1.80, XR1000 versiones anteriores a 1.0.0.58 y XR300 versiones anteriores a 1.0.3.68"
}
],
"id": "CVE-2021-45621",
"lastModified": "2024-11-21T06:32:41.920",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 6.0,
"source": "cve@mitre.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-12-26T01:15:18.757",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.netgear.com/000064523/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-Routers-Extenders-and-WiFi-Systems-PSV-2020-0562"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.netgear.com/000064523/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-Routers-Extenders-and-WiFi-Systems-PSV-2020-0562"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-12-30 22:15
Modified
2024-11-21 05:46
Severity ?
Summary
Netgear RAX43 version 1.0.3.96 contains a buffer overrun vulnerability. The URL parsing functionality in the cgi-bin endpoint of the router containers a buffer overrun issue that can redirection control flow of the applicaiton.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| vulnreport@tenable.com | https://www.tenable.com/security/research/tra-2021-55 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.tenable.com/security/research/tra-2021-55 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netgear | rax43_firmware | 1.0.3.96 | |
| netgear | rax43 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rax43_firmware:1.0.3.96:*:*:*:*:*:*:*",
"matchCriteriaId": "411B548E-2E7F-4791-A75C-694AD7614E39",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rax43:-:*:*:*:*:*:*:*",
"matchCriteriaId": "178BB386-F66C-4CE8-9283-37D22B304691",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Netgear RAX43 version 1.0.3.96 contains a buffer overrun vulnerability. The URL parsing functionality in the cgi-bin endpoint of the router containers a buffer overrun issue that can redirection control flow of the applicaiton."
},
{
"lang": "es",
"value": "Netgear RAX43 versi\u00f3n 1.0.3.96, contiene una vulnerabilidad de desbordamiento de b\u00fafer. La funcionalidad URL parsing en el endpoint cgi-bin del enrutador contiene un problema de desbordamiento del b\u00fafer que puede redirigir el flujo de control de la aplicaci\u00f3n."
}
],
"id": "CVE-2021-20166",
"lastModified": "2024-11-21T05:46:03.047",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.5,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-12-30T22:15:09.410",
"references": [
{
"source": "vulnreport@tenable.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/research/tra-2021-55"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/research/tra-2021-55"
}
],
"sourceIdentifier": "vulnreport@tenable.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-12-30 22:15
Modified
2024-11-21 05:46
Severity ?
Summary
Netgear RAX43 version 1.0.3.96 does not have sufficient protections to the UART interface. A malicious actor with physical access to the device is able to connect to the UART port via a serial connection, login with default credentials, and execute commands as the root user. These default credentials are admin:admin.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| vulnreport@tenable.com | https://www.tenable.com/security/research/tra-2021-55 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.tenable.com/security/research/tra-2021-55 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netgear | rax43_firmware | 1.0.3.96 | |
| netgear | rax43 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rax43_firmware:1.0.3.96:*:*:*:*:*:*:*",
"matchCriteriaId": "411B548E-2E7F-4791-A75C-694AD7614E39",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rax43:-:*:*:*:*:*:*:*",
"matchCriteriaId": "178BB386-F66C-4CE8-9283-37D22B304691",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Netgear RAX43 version 1.0.3.96 does not have sufficient protections to the UART interface. A malicious actor with physical access to the device is able to connect to the UART port via a serial connection, login with default credentials, and execute commands as the root user. These default credentials are admin:admin."
},
{
"lang": "es",
"value": "Netgear RAX43 versi\u00f3n 1.0.3.96, no presenta suficientes protecciones para la interfaz UART. Un actor malicioso con acceso f\u00edsico al dispositivo es capaz de conectarse al puerto UART por medio de una conexi\u00f3n serie, iniciar sesi\u00f3n con credenciales por defecto y ejecutar comandos como usuario root. Estas credenciales por defecto son admin:admin."
}
],
"id": "CVE-2021-20168",
"lastModified": "2024-11-21T05:46:03.303",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-12-30T22:15:09.507",
"references": [
{
"source": "vulnreport@tenable.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/research/tra-2021-55"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/research/tra-2021-55"
}
],
"sourceIdentifier": "vulnreport@tenable.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-12-30 22:15
Modified
2024-11-21 05:46
Severity ?
Summary
Netgear RAX43 version 1.0.3.96 stores sensitive information in plaintext. All usernames and passwords for the device's associated services are stored in plaintext on the device. For example, the admin password is stored in plaintext in the primary configuration file on the device.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| vulnreport@tenable.com | https://www.tenable.com/security/research/tra-2021-55 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.tenable.com/security/research/tra-2021-55 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netgear | rax43_firmware | 1.0.3.96 | |
| netgear | rax43 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rax43_firmware:1.0.3.96:*:*:*:*:*:*:*",
"matchCriteriaId": "411B548E-2E7F-4791-A75C-694AD7614E39",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rax43:-:*:*:*:*:*:*:*",
"matchCriteriaId": "178BB386-F66C-4CE8-9283-37D22B304691",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Netgear RAX43 version 1.0.3.96 stores sensitive information in plaintext. All usernames and passwords for the device\u0027s associated services are stored in plaintext on the device. For example, the admin password is stored in plaintext in the primary configuration file on the device."
},
{
"lang": "es",
"value": "Netgear RAX43 versi\u00f3n 1.0.3.96, almacena informaci\u00f3n confidencial en texto plano. Todos los nombres de usuario y contrase\u00f1as de los servicios asociados al dispositivo se almacenan en texto plano en el dispositivo. Por ejemplo, la contrase\u00f1a de administrador se almacena en texto plano en el archivo de configuraci\u00f3n principal del dispositivo."
}
],
"id": "CVE-2021-20171",
"lastModified": "2024-11-21T05:46:03.647",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-12-30T22:15:09.657",
"references": [
{
"source": "vulnreport@tenable.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/research/tra-2021-55"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/research/tra-2021-55"
}
],
"sourceIdentifier": "vulnreport@tenable.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-312"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-12-26 01:15
Modified
2024-11-21 06:32
Severity ?
9.6 (Critical) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects D7000v2 before 1.0.0.74, LAX20 before 1.1.6.28, MK62 before 1.0.6.116, MR60 before 1.0.6.116, MS60 before 1.0.6.116, RAX15 before 1.0.3.96, RAX20 before 1.0.3.96, RAX200 before 1.0.4.120, RAX45 before 1.0.3.96, RAX50 before 1.0.3.96, RAX43 before 1.0.3.96, RAX40v2 before 1.0.3.96, RAX35v2 before 1.0.3.96, RAX75 before 1.0.4.120, RAX80 before 1.0.4.120, RBK752 before 3.2.17.12, RBR750 before 3.2.17.12, RBS750 before 3.2.17.12, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, RBS850 before 3.2.17.12, and XR1000 before 1.0.0.58.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netgear | d7000v2_firmware | * | |
| netgear | d7000v2 | - | |
| netgear | lax20_firmware | * | |
| netgear | lax20 | - | |
| netgear | mk62_firmware | * | |
| netgear | mk62 | - | |
| netgear | mr60_firmware | * | |
| netgear | mr60 | - | |
| netgear | ms60_firmware | * | |
| netgear | ms60 | - | |
| netgear | rax15_firmware | * | |
| netgear | rax15 | - | |
| netgear | rax20_firmware | * | |
| netgear | rax20 | - | |
| netgear | rax200_firmware | * | |
| netgear | rax200 | - | |
| netgear | rax45_firmware | * | |
| netgear | rax45 | - | |
| netgear | rax50_firmware | * | |
| netgear | rax50 | - | |
| netgear | rax43_firmware | * | |
| netgear | rax43 | - | |
| netgear | rax40v2_firmware | * | |
| netgear | rax40v2 | - | |
| netgear | rax35v2_firmware | * | |
| netgear | rax35v2 | - | |
| netgear | rax75_firmware | * | |
| netgear | rax75 | - | |
| netgear | rax80_firmware | * | |
| netgear | rax80 | - | |
| netgear | rbk752_firmware | * | |
| netgear | rbk752 | - | |
| netgear | rbr750_firmware | * | |
| netgear | rbr750 | - | |
| netgear | rbs750_firmware | * | |
| netgear | rbs750 | - | |
| netgear | rbk852_firmware | * | |
| netgear | rbk852 | - | |
| netgear | rbr850_firmware | * | |
| netgear | rbr850 | - | |
| netgear | rbs850_firmware | * | |
| netgear | rbs850 | - | |
| netgear | xr1000_firmware | * | |
| netgear | xr1000 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:d7000v2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C2D1C234-22F1-4837-9D04-059170A97072",
"versionEndExcluding": "1.0.0.74",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:d7000v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6DC6BD34-1A2C-4247-A20C-0B44C0F56E0F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:lax20_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "48709EA4-81F3-4CF1-B9A8-5379309914B0",
"versionEndExcluding": "1.1.6.28",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:lax20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "491CEB8D-22F3-4F86-96F0-03C5C58BA295",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:mk62_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AE40C2D0-0863-4E0F-B3E7-6FD043B46467",
"versionEndExcluding": "1.0.6.116",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:mk62:-:*:*:*:*:*:*:*",
"matchCriteriaId": "69A79475-37BE-47BD-A629-DCEF22500B0B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:mr60_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EA438541-75AE-4D6B-AB56-02760D08D465",
"versionEndExcluding": "1.0.6.116",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:mr60:-:*:*:*:*:*:*:*",
"matchCriteriaId": "65BB3ECD-2F0B-4625-A1DB-F6CEFC46E277",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:ms60_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2234C485-F411-48CC-9A0B-AA49B6961E38",
"versionEndExcluding": "1.0.6.116",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:ms60:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F003F064-591C-4D7C-9EC4-D0E553BC6683",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rax15_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2268D5EF-E7FA-4112-A468-507417E18FFF",
"versionEndExcluding": "1.0.3.96",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rax15:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B624B4D3-BCF4-4F95-B401-A88BEC3145A5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rax20_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "31289572-2197-4A38-8353-CA4AAD491160",
"versionEndExcluding": "1.0.3.96",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rax20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7038703C-C79D-4DD4-8B16-E1A5FC6694C0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rax200_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6334DE4D-E78B-4582-9C6F-6123DA5192C7",
"versionEndExcluding": "1.0.4.120",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rax200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "58EB0F2F-FB5C-47D9-9AE6-087AE517B3F9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rax45_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0706367A-3F60-4564-8689-E0A46DDC31C2",
"versionEndExcluding": "1.0.3.96",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rax45:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4B08BD69-CDCC-4CEB-B887-4E47D2B45D26",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rax50_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "679C4EC5-D17E-469B-A28F-BF5E231CED3D",
"versionEndExcluding": "1.0.3.96",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rax50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C430976E-24C0-4EA7-BF54-F9C188AB9C01",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rax43_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8AC89EAA-344C-438E-A5A5-2C34CF699743",
"versionEndExcluding": "1.0.3.96",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rax43:-:*:*:*:*:*:*:*",
"matchCriteriaId": "178BB386-F66C-4CE8-9283-37D22B304691",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rax40v2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4FF0E5B9-8D2D-4A3F-881E-2E3122B3577C",
"versionEndExcluding": "1.0.3.96",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rax40v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3CEAD12D-6D90-4CFB-9E59-2CEBD400C567",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rax35v2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "841D857C-3387-43E0-A3AF-0E81CBEE3E40",
"versionEndExcluding": "1.0.3.96",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rax35v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9358B2F2-D24E-434D-AEE5-6CE093598793",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rax75_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BDF9F3BA-4239-4F4D-A65E-A6752A5420F6",
"versionEndExcluding": "1.0.4.120",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rax75:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1BAA74D7-36A1-4494-96A2-BD0D2D6BF22F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rax80_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "334BB384-5C29-4D24-9F82-B8EE8D0CA8BF",
"versionEndExcluding": "1.0.4.120",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rax80:-:*:*:*:*:*:*:*",
"matchCriteriaId": "06B5A85C-3588-4263-B9AD-4E56D3F6CB16",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rbk752_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D8D90FF3-F5CE-43DF-ACF7-C64DBDCCA185",
"versionEndExcluding": "3.2.17.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rbk752:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A45832BD-114D-42F1-B9F1-7532496D30A6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rbr750_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B6AE1767-9D9A-4E9E-B088-6727FACFDE5C",
"versionEndExcluding": "3.2.17.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rbr750:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C13F5C69-FA9B-472A-9036-0C2967BDCDE9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rbs750_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F614A1AB-F0C0-45D7-8D91-ECA3C1AA9165",
"versionEndExcluding": "3.2.17.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rbs750:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B529194C-C440-4BC3-850F-0613FC548F86",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rbk852_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "845C1FCC-F54B-452A-B121-1CD1A7867027",
"versionEndExcluding": "3.2.17.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rbk852:-:*:*:*:*:*:*:*",
"matchCriteriaId": "14F257FE-31CE-4F74-829D-29407D74ADF7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rbr850_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "01E0EF50-145F-407A-8915-4EFFCD833505",
"versionEndExcluding": "3.2.17.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rbr850:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D92E4C8E-222A-476C-8273-F7171FC61F0B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rbs850_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0DC5A075-0619-409C-B057-41015B8C54B3",
"versionEndExcluding": "3.2.17.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rbs850:-:*:*:*:*:*:*:*",
"matchCriteriaId": "221CA950-E984-44CD-9E1B-3AADE3CEBE52",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:xr1000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F615F516-29EF-4C15-9E18-C5D4F6291A38",
"versionEndExcluding": "1.0.0.58",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:xr1000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4FD4ED11-4130-47DA-8A9D-55B8F6E3E213",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects D7000v2 before 1.0.0.74, LAX20 before 1.1.6.28, MK62 before 1.0.6.116, MR60 before 1.0.6.116, MS60 before 1.0.6.116, RAX15 before 1.0.3.96, RAX20 before 1.0.3.96, RAX200 before 1.0.4.120, RAX45 before 1.0.3.96, RAX50 before 1.0.3.96, RAX43 before 1.0.3.96, RAX40v2 before 1.0.3.96, RAX35v2 before 1.0.3.96, RAX75 before 1.0.4.120, RAX80 before 1.0.4.120, RBK752 before 3.2.17.12, RBR750 before 3.2.17.12, RBS750 before 3.2.17.12, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, RBS850 before 3.2.17.12, and XR1000 before 1.0.0.58."
},
{
"lang": "es",
"value": "Determinados dispositivos NETGEAR est\u00e1n afectados por una inyecci\u00f3n de comandos por parte de un atacante no autenticado. Esto afecta a D7000v2 versiones anteriores a 1.0.0.74, LAX20 versiones anteriores a 1.1.6.28, MK62 versiones anteriores a 1.0.6.116, MR60 versiones anteriores a 1.0.6.116, MS60 versiones anteriores a 1.0.6. 116, RAX15 versiones anteriores a 1.0.3.96, RAX20 versiones anteriores a 1.0.3.96, RAX200 versiones anteriores a 1.0.4.120, RAX45 versiones anteriores a 1.0.3.96, RAX50 versiones anteriores a 1.0.3.96, RAX43 versiones anteriores a 1.0.3. 96, RAX40v2 versiones anteriores a 1.0.3.96, RAX35v2 versiones anteriores a 1.0.3.96, RAX75 versiones anteriores a 1.0.4.120, RAX80 versiones anteriores a 1.0.4.120, RBK752 versiones anteriores a 3.2.17.12, RBR750 versiones anteriores a 3. 2.17.12, RBS750 versiones anteriores a 3.2.17.12, RBK852 versiones anteriores a 3.2.17.12, RBR850 versiones anteriores a 3.2.17.12, RBS850 versiones anteriores a 3.2.17.12 y XR1000 versiones anteriores a 1.0.0.58"
}
],
"id": "CVE-2021-45614",
"lastModified": "2024-11-21T06:32:40.533",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 6.0,
"source": "cve@mitre.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-12-26T01:15:18.427",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.netgear.com/000064141/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-Routers-and-WiFi-Systems-PSV-2020-0520"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.netgear.com/000064141/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-Routers-and-WiFi-Systems-PSV-2020-0520"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2021-45612
Vulnerability from cvelistv5
Published
2021-12-26 00:36
Modified
2024-08-04 04:47
Severity ?
EPSS score ?
Summary
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR40 before 2.5.0.24, CBR750 before 4.6.3.6, EAX20 before 1.0.0.58, EAX80 before 1.0.1.68, EX7500 before 1.0.0.74, LAX20 before 1.1.6.28, MK62 before 1.0.6.116, MR60 before 1.0.6.116, MS60 before 1.0.6.116, R6400v2 before 1.0.4.118, R6700v3 before 1.0.4.118, R6900P before 1.3.3.140, R7000 before 1.0.11.126, R7000P before 1.3.3.140, R7850 before 1.0.5.74, R7900 before 1.0.4.46, R7900P before 1.4.2.84, R7960P before 1.4.2.84, R8000 before 1.0.4.74, R8000P before 1.4.2.84, RAX15 before 1.0.3.96, RAX20 before 1.0.3.96, RAX200 before 1.0.4.120, RAX35v2 before 1.0.3.96, RAX40v2 before 1.0.3.96, RAX43 before 1.0.3.96, RAX45 before 1.0.3.96, RAX50 before 1.0.3.96, RAX75 before 1.0.4.120, RAX80 before 1.0.4.120, RBK752 before 3.2.17.12, RBK852 before 3.2.17.12, RBR750 before 3.2.17.12, RBR850 before 3.2.17.12, RBS750 before 3.2.17.12, RBS850 before 3.2.17.12, RS400 before 1.5.1.80, XR1000 before 1.0.0.58, and XR300 before 1.0.3.68.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:47:00.915Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.netgear.com/000064515/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-Router-Extenders-and-WiFi-Systems-PSV-2020-0524"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR40 before 2.5.0.24, CBR750 before 4.6.3.6, EAX20 before 1.0.0.58, EAX80 before 1.0.1.68, EX7500 before 1.0.0.74, LAX20 before 1.1.6.28, MK62 before 1.0.6.116, MR60 before 1.0.6.116, MS60 before 1.0.6.116, R6400v2 before 1.0.4.118, R6700v3 before 1.0.4.118, R6900P before 1.3.3.140, R7000 before 1.0.11.126, R7000P before 1.3.3.140, R7850 before 1.0.5.74, R7900 before 1.0.4.46, R7900P before 1.4.2.84, R7960P before 1.4.2.84, R8000 before 1.0.4.74, R8000P before 1.4.2.84, RAX15 before 1.0.3.96, RAX20 before 1.0.3.96, RAX200 before 1.0.4.120, RAX35v2 before 1.0.3.96, RAX40v2 before 1.0.3.96, RAX43 before 1.0.3.96, RAX45 before 1.0.3.96, RAX50 before 1.0.3.96, RAX75 before 1.0.4.120, RAX80 before 1.0.4.120, RBK752 before 3.2.17.12, RBK852 before 3.2.17.12, RBR750 before 3.2.17.12, RBR850 before 3.2.17.12, RBS750 before 3.2.17.12, RBS850 before 3.2.17.12, RS400 before 1.5.1.80, XR1000 before 1.0.0.58, and XR300 before 1.0.3.68."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:A/A:H/C:H/I:H/PR:N/S:C/UI:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-26T00:36:39",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.netgear.com/000064515/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-Router-Extenders-and-WiFi-Systems-PSV-2020-0524"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-45612",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR40 before 2.5.0.24, CBR750 before 4.6.3.6, EAX20 before 1.0.0.58, EAX80 before 1.0.1.68, EX7500 before 1.0.0.74, LAX20 before 1.1.6.28, MK62 before 1.0.6.116, MR60 before 1.0.6.116, MS60 before 1.0.6.116, R6400v2 before 1.0.4.118, R6700v3 before 1.0.4.118, R6900P before 1.3.3.140, R7000 before 1.0.11.126, R7000P before 1.3.3.140, R7850 before 1.0.5.74, R7900 before 1.0.4.46, R7900P before 1.4.2.84, R7960P before 1.4.2.84, R8000 before 1.0.4.74, R8000P before 1.4.2.84, RAX15 before 1.0.3.96, RAX20 before 1.0.3.96, RAX200 before 1.0.4.120, RAX35v2 before 1.0.3.96, RAX40v2 before 1.0.3.96, RAX43 before 1.0.3.96, RAX45 before 1.0.3.96, RAX50 before 1.0.3.96, RAX75 before 1.0.4.120, RAX80 before 1.0.4.120, RBK752 before 3.2.17.12, RBK852 before 3.2.17.12, RBR750 before 3.2.17.12, RBR850 before 3.2.17.12, RBS750 before 3.2.17.12, RBS850 before 3.2.17.12, RS400 before 1.5.1.80, XR1000 before 1.0.0.58, and XR300 before 1.0.3.68."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"availabilityImpact": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:A/A:H/C:H/I:H/PR:N/S:C/UI:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.netgear.com/000064515/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-Router-Extenders-and-WiFi-Systems-PSV-2020-0524",
"refsource": "MISC",
"url": "https://kb.netgear.com/000064515/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-Router-Extenders-and-WiFi-Systems-PSV-2020-0524"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-45612",
"datePublished": "2021-12-26T00:36:39",
"dateReserved": "2021-12-25T00:00:00",
"dateUpdated": "2024-08-04T04:47:00.915Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-45614
Vulnerability from cvelistv5
Published
2021-12-26 00:36
Modified
2024-08-04 04:47
Severity ?
EPSS score ?
Summary
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects D7000v2 before 1.0.0.74, LAX20 before 1.1.6.28, MK62 before 1.0.6.116, MR60 before 1.0.6.116, MS60 before 1.0.6.116, RAX15 before 1.0.3.96, RAX20 before 1.0.3.96, RAX200 before 1.0.4.120, RAX45 before 1.0.3.96, RAX50 before 1.0.3.96, RAX43 before 1.0.3.96, RAX40v2 before 1.0.3.96, RAX35v2 before 1.0.3.96, RAX75 before 1.0.4.120, RAX80 before 1.0.4.120, RBK752 before 3.2.17.12, RBR750 before 3.2.17.12, RBS750 before 3.2.17.12, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, RBS850 before 3.2.17.12, and XR1000 before 1.0.0.58.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:47:02.115Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.netgear.com/000064141/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-Routers-and-WiFi-Systems-PSV-2020-0520"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects D7000v2 before 1.0.0.74, LAX20 before 1.1.6.28, MK62 before 1.0.6.116, MR60 before 1.0.6.116, MS60 before 1.0.6.116, RAX15 before 1.0.3.96, RAX20 before 1.0.3.96, RAX200 before 1.0.4.120, RAX45 before 1.0.3.96, RAX50 before 1.0.3.96, RAX43 before 1.0.3.96, RAX40v2 before 1.0.3.96, RAX35v2 before 1.0.3.96, RAX75 before 1.0.4.120, RAX80 before 1.0.4.120, RBK752 before 3.2.17.12, RBR750 before 3.2.17.12, RBS750 before 3.2.17.12, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, RBS850 before 3.2.17.12, and XR1000 before 1.0.0.58."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:A/A:H/C:H/I:H/PR:N/S:C/UI:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-26T00:36:20",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.netgear.com/000064141/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-Routers-and-WiFi-Systems-PSV-2020-0520"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-45614",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects D7000v2 before 1.0.0.74, LAX20 before 1.1.6.28, MK62 before 1.0.6.116, MR60 before 1.0.6.116, MS60 before 1.0.6.116, RAX15 before 1.0.3.96, RAX20 before 1.0.3.96, RAX200 before 1.0.4.120, RAX45 before 1.0.3.96, RAX50 before 1.0.3.96, RAX43 before 1.0.3.96, RAX40v2 before 1.0.3.96, RAX35v2 before 1.0.3.96, RAX75 before 1.0.4.120, RAX80 before 1.0.4.120, RBK752 before 3.2.17.12, RBR750 before 3.2.17.12, RBS750 before 3.2.17.12, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, RBS850 before 3.2.17.12, and XR1000 before 1.0.0.58."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"availabilityImpact": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:A/A:H/C:H/I:H/PR:N/S:C/UI:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.netgear.com/000064141/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-Routers-and-WiFi-Systems-PSV-2020-0520",
"refsource": "MISC",
"url": "https://kb.netgear.com/000064141/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-Routers-and-WiFi-Systems-PSV-2020-0520"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-45614",
"datePublished": "2021-12-26T00:36:20",
"dateReserved": "2021-12-25T00:00:00",
"dateUpdated": "2024-08-04T04:47:02.115Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-45549
Vulnerability from cvelistv5
Published
2021-12-26 00:52
Modified
2024-08-04 04:47
Severity ?
EPSS score ?
Summary
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects LAX20 before 1.1.6.28, MK62 before 1.1.6.122, MR60 before 1.1.6.122, MS60 before 1.1.6.122, R6400v2 before 1.0.4.118, R6700v3 before 1.0.4.118, R6900P before 1.3.3.140, R7000 before 1.0.11.116, R7000P before 1.3.3.140, R7850 before 1.0.5.68, R7900 before 1.0.4.38, R7900P before 1.4.2.84, R7960P before 1.4.2.84, R8000 before 1.0.4.68, R8000P before 1.4.2.84, RAX15 before 1.0.3.96, RAX20 before 1.0.3.96, RAX200 before 1.0.4.120, RAX35v2 before 1.0.3.96, RAX40v2 before 1.0.3.96, RAX43 before 1.0.3.96, RAX45 before 1.0.3.96, RAX50 before 1.0.3.96, RAX75 before 1.0.4.120, RAX80 before 1.0.4.120, RS400 before 1.5.1.80, and XR1000 before 1.0.0.58.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:47:00.264Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.netgear.com/000064513/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Routers-Extenders-and-WiFi-Systems-PSV-2020-0517"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Certain NETGEAR devices are affected by command injection by an authenticated user. This affects LAX20 before 1.1.6.28, MK62 before 1.1.6.122, MR60 before 1.1.6.122, MS60 before 1.1.6.122, R6400v2 before 1.0.4.118, R6700v3 before 1.0.4.118, R6900P before 1.3.3.140, R7000 before 1.0.11.116, R7000P before 1.3.3.140, R7850 before 1.0.5.68, R7900 before 1.0.4.38, R7900P before 1.4.2.84, R7960P before 1.4.2.84, R8000 before 1.0.4.68, R8000P before 1.4.2.84, RAX15 before 1.0.3.96, RAX20 before 1.0.3.96, RAX200 before 1.0.4.120, RAX35v2 before 1.0.3.96, RAX40v2 before 1.0.3.96, RAX43 before 1.0.3.96, RAX45 before 1.0.3.96, RAX50 before 1.0.3.96, RAX75 before 1.0.4.120, RAX80 before 1.0.4.120, RS400 before 1.5.1.80, and XR1000 before 1.0.0.58."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:A/A:H/C:H/I:H/PR:H/S:C/UI:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-26T00:52:27",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.netgear.com/000064513/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Routers-Extenders-and-WiFi-Systems-PSV-2020-0517"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-45549",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Certain NETGEAR devices are affected by command injection by an authenticated user. This affects LAX20 before 1.1.6.28, MK62 before 1.1.6.122, MR60 before 1.1.6.122, MS60 before 1.1.6.122, R6400v2 before 1.0.4.118, R6700v3 before 1.0.4.118, R6900P before 1.3.3.140, R7000 before 1.0.11.116, R7000P before 1.3.3.140, R7850 before 1.0.5.68, R7900 before 1.0.4.38, R7900P before 1.4.2.84, R7960P before 1.4.2.84, R8000 before 1.0.4.68, R8000P before 1.4.2.84, RAX15 before 1.0.3.96, RAX20 before 1.0.3.96, RAX200 before 1.0.4.120, RAX35v2 before 1.0.3.96, RAX40v2 before 1.0.3.96, RAX43 before 1.0.3.96, RAX45 before 1.0.3.96, RAX50 before 1.0.3.96, RAX75 before 1.0.4.120, RAX80 before 1.0.4.120, RS400 before 1.5.1.80, and XR1000 before 1.0.0.58."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"availabilityImpact": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:A/A:H/C:H/I:H/PR:H/S:C/UI:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.netgear.com/000064513/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Routers-Extenders-and-WiFi-Systems-PSV-2020-0517",
"refsource": "MISC",
"url": "https://kb.netgear.com/000064513/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Routers-Extenders-and-WiFi-Systems-PSV-2020-0517"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-45549",
"datePublished": "2021-12-26T00:52:27",
"dateReserved": "2021-12-25T00:00:00",
"dateUpdated": "2024-08-04T04:47:00.264Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-45620
Vulnerability from cvelistv5
Published
2021-12-26 00:35
Modified
2024-08-04 04:47
Severity ?
EPSS score ?
Summary
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR40 before 2.5.0.24, CBR750 before 4.6.3.6, EAX20 before 1.0.0.58, EAX80 before 1.0.1.68, LAX20 before 1.1.6.28, MR60 before 1.0.6.116, MR80 before 1.1.2.20, MS60 before 1.0.6.116, MS80 before 1.1.2.20, MK62 before 1.0.6.116, MK83 before 1.1.2.20, R6400 before 1.0.1.70, R6400v2 before 1.0.4.106, R6700v3 before 1.0.4.106, R6900P before 1.3.3.140, R7000 before 1.0.11.126, R7000P before 1.3.3.140, R7850 before 1.0.5.74, R7900 before 1.0.4.46, R7900P before 1.4.2.84, R7960P before 1.4.2.84, R8000 before 1.0.4.74, R8000P before 1.4.2.84, RAX15 before 1.0.3.96, RAX20 before 1.0.3.96, RAX200 before 1.0.4.120, RAX35v2 before 1.0.3.96, RAX40v2 before 1.0.3.96, RAX43 before 1.0.3.96, RAX45 before 1.0.3.96, RAX50 before 1.0.3.96, RAX75 before 1.0.4.120, RAX80 before 1.0.4.120, RBK752 before 3.2.17.12, RBK852 before 3.2.17.12, RBR750 before 3.2.17.12, RBR850 before 3.2.17.12, RBS750 before 3.2.17.12, RBS850 before 3.2.17.12, RS400 before 1.5.1.80, XR1000 before 1.0.0.58, and XR300 before 1.0.3.68.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:47:01.265Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.netgear.com/000064510/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-Routers-Extenders-and-WiFi-Systems-PSV-2020-0509"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR40 before 2.5.0.24, CBR750 before 4.6.3.6, EAX20 before 1.0.0.58, EAX80 before 1.0.1.68, LAX20 before 1.1.6.28, MR60 before 1.0.6.116, MR80 before 1.1.2.20, MS60 before 1.0.6.116, MS80 before 1.1.2.20, MK62 before 1.0.6.116, MK83 before 1.1.2.20, R6400 before 1.0.1.70, R6400v2 before 1.0.4.106, R6700v3 before 1.0.4.106, R6900P before 1.3.3.140, R7000 before 1.0.11.126, R7000P before 1.3.3.140, R7850 before 1.0.5.74, R7900 before 1.0.4.46, R7900P before 1.4.2.84, R7960P before 1.4.2.84, R8000 before 1.0.4.74, R8000P before 1.4.2.84, RAX15 before 1.0.3.96, RAX20 before 1.0.3.96, RAX200 before 1.0.4.120, RAX35v2 before 1.0.3.96, RAX40v2 before 1.0.3.96, RAX43 before 1.0.3.96, RAX45 before 1.0.3.96, RAX50 before 1.0.3.96, RAX75 before 1.0.4.120, RAX80 before 1.0.4.120, RBK752 before 3.2.17.12, RBK852 before 3.2.17.12, RBR750 before 3.2.17.12, RBR850 before 3.2.17.12, RBS750 before 3.2.17.12, RBS850 before 3.2.17.12, RS400 before 1.5.1.80, XR1000 before 1.0.0.58, and XR300 before 1.0.3.68."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:A/A:H/C:H/I:H/PR:N/S:C/UI:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-26T00:35:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.netgear.com/000064510/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-Routers-Extenders-and-WiFi-Systems-PSV-2020-0509"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-45620",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR40 before 2.5.0.24, CBR750 before 4.6.3.6, EAX20 before 1.0.0.58, EAX80 before 1.0.1.68, LAX20 before 1.1.6.28, MR60 before 1.0.6.116, MR80 before 1.1.2.20, MS60 before 1.0.6.116, MS80 before 1.1.2.20, MK62 before 1.0.6.116, MK83 before 1.1.2.20, R6400 before 1.0.1.70, R6400v2 before 1.0.4.106, R6700v3 before 1.0.4.106, R6900P before 1.3.3.140, R7000 before 1.0.11.126, R7000P before 1.3.3.140, R7850 before 1.0.5.74, R7900 before 1.0.4.46, R7900P before 1.4.2.84, R7960P before 1.4.2.84, R8000 before 1.0.4.74, R8000P before 1.4.2.84, RAX15 before 1.0.3.96, RAX20 before 1.0.3.96, RAX200 before 1.0.4.120, RAX35v2 before 1.0.3.96, RAX40v2 before 1.0.3.96, RAX43 before 1.0.3.96, RAX45 before 1.0.3.96, RAX50 before 1.0.3.96, RAX75 before 1.0.4.120, RAX80 before 1.0.4.120, RBK752 before 3.2.17.12, RBK852 before 3.2.17.12, RBR750 before 3.2.17.12, RBR850 before 3.2.17.12, RBS750 before 3.2.17.12, RBS850 before 3.2.17.12, RS400 before 1.5.1.80, XR1000 before 1.0.0.58, and XR300 before 1.0.3.68."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"availabilityImpact": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:A/A:H/C:H/I:H/PR:N/S:C/UI:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.netgear.com/000064510/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-Routers-Extenders-and-WiFi-Systems-PSV-2020-0509",
"refsource": "MISC",
"url": "https://kb.netgear.com/000064510/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-Routers-Extenders-and-WiFi-Systems-PSV-2020-0509"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-45620",
"datePublished": "2021-12-26T00:35:01",
"dateReserved": "2021-12-25T00:00:00",
"dateUpdated": "2024-08-04T04:47:01.265Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-27642
Vulnerability from cvelistv5
Published
2023-03-29 00:00
Modified
2025-02-18 17:49
Severity ?
EPSS score ?
Summary
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service. The issue results from incorrect string matching logic when accessing protected pages. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-15854.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:32:59.905Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-518/"
},
{
"tags": [
"x_transferred"
],
"url": "https://kb.netgear.com/000064723/Security-Advisory-for-Multiple-Vulnerabilities-on-Multiple-Products-PSV-2021-0327"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-27642",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-18T17:49:46.824954Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-18T17:49:51.215Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "R6700v3",
"vendor": "NETGEAR",
"versions": [
{
"status": "affected",
"version": "1.0.4.120_10.0.91"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Bugscale team"
}
],
"descriptions": [
{
"lang": "en",
"value": "This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service. The issue results from incorrect string matching logic when accessing protected pages. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-15854."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863: Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-29T00:00:00.000Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-518/"
},
{
"url": "https://kb.netgear.com/000064723/Security-Advisory-for-Multiple-Vulnerabilities-on-Multiple-Products-PSV-2021-0327"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2022-27642",
"datePublished": "2023-03-29T00:00:00.000Z",
"dateReserved": "2022-03-22T00:00:00.000Z",
"dateUpdated": "2025-02-18T17:49:51.215Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-45613
Vulnerability from cvelistv5
Published
2021-12-26 00:36
Modified
2024-08-04 04:47
Severity ?
EPSS score ?
Summary
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR40 before 2.5.0.24, CBR750 before 4.6.3.6, D7000v2 before 1.0.0.74, LAX20 before 1.1.6.28, MK62 before 1.0.6.116, MR60 before 1.0.6.116, MS60 before 1.0.6.116, MR80 before 1.1.2.20, MS80 before 1.1.2.20, RAX15 before 1.0.3.96, RAX20 before 1.0.3.96, RAX200 before 1.0.4.120, RAX45 before 1.0.3.96, RAX50 before 1.0.3.96, RAX43 before 1.0.3.96, RAX40v2 before 1.0.3.96, RAX35v2 before 1.0.3.96, RAX75 before 1.0.4.120, RAX80 before 1.0.4.120, RBK752 before 3.2.17.12, RBR750 before 3.2.17.12, RBS750 before 3.2.17.12, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, RBS850 before 3.2.17.12, and XR1000 before 1.0.0.58.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:47:01.168Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.netgear.com/000064138/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-Routers-and-WiFi-Systems-PSV-2020-0508"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR40 before 2.5.0.24, CBR750 before 4.6.3.6, D7000v2 before 1.0.0.74, LAX20 before 1.1.6.28, MK62 before 1.0.6.116, MR60 before 1.0.6.116, MS60 before 1.0.6.116, MR80 before 1.1.2.20, MS80 before 1.1.2.20, RAX15 before 1.0.3.96, RAX20 before 1.0.3.96, RAX200 before 1.0.4.120, RAX45 before 1.0.3.96, RAX50 before 1.0.3.96, RAX43 before 1.0.3.96, RAX40v2 before 1.0.3.96, RAX35v2 before 1.0.3.96, RAX75 before 1.0.4.120, RAX80 before 1.0.4.120, RBK752 before 3.2.17.12, RBR750 before 3.2.17.12, RBS750 before 3.2.17.12, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, RBS850 before 3.2.17.12, and XR1000 before 1.0.0.58."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:A/A:H/C:H/I:H/PR:N/S:C/UI:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-26T00:36:29",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.netgear.com/000064138/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-Routers-and-WiFi-Systems-PSV-2020-0508"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-45613",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR40 before 2.5.0.24, CBR750 before 4.6.3.6, D7000v2 before 1.0.0.74, LAX20 before 1.1.6.28, MK62 before 1.0.6.116, MR60 before 1.0.6.116, MS60 before 1.0.6.116, MR80 before 1.1.2.20, MS80 before 1.1.2.20, RAX15 before 1.0.3.96, RAX20 before 1.0.3.96, RAX200 before 1.0.4.120, RAX45 before 1.0.3.96, RAX50 before 1.0.3.96, RAX43 before 1.0.3.96, RAX40v2 before 1.0.3.96, RAX35v2 before 1.0.3.96, RAX75 before 1.0.4.120, RAX80 before 1.0.4.120, RBK752 before 3.2.17.12, RBR750 before 3.2.17.12, RBS750 before 3.2.17.12, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, RBS850 before 3.2.17.12, and XR1000 before 1.0.0.58."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"availabilityImpact": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:A/A:H/C:H/I:H/PR:N/S:C/UI:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.netgear.com/000064138/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-Routers-and-WiFi-Systems-PSV-2020-0508",
"refsource": "MISC",
"url": "https://kb.netgear.com/000064138/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-Routers-and-WiFi-Systems-PSV-2020-0508"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-45613",
"datePublished": "2021-12-26T00:36:29",
"dateReserved": "2021-12-25T00:00:00",
"dateUpdated": "2024-08-04T04:47:01.168Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-20167
Vulnerability from cvelistv5
Published
2021-12-30 21:31
Modified
2024-08-03 17:30
Severity ?
EPSS score ?
Summary
Netgear RAX43 version 1.0.3.96 contains a command injection vulnerability. The readycloud cgi application is vulnerable to command injection in the name parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.tenable.com/security/research/tra-2021-55 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Netgear RAX43 |
Version: 1.0.3.96 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:30:07.925Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tenable.com/security/research/tra-2021-55"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Netgear RAX43",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "1.0.3.96"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Netgear RAX43 version 1.0.3.96 contains a command injection vulnerability. The readycloud cgi application is vulnerable to command injection in the name parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Command Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-30T21:31:17",
"orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"shortName": "tenable"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tenable.com/security/research/tra-2021-55"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnreport@tenable.com",
"ID": "CVE-2021-20167",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Netgear RAX43",
"version": {
"version_data": [
{
"version_value": "1.0.3.96"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Netgear RAX43 version 1.0.3.96 contains a command injection vulnerability. The readycloud cgi application is vulnerable to command injection in the name parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tenable.com/security/research/tra-2021-55",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2021-55"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"assignerShortName": "tenable",
"cveId": "CVE-2021-20167",
"datePublished": "2021-12-30T21:31:17",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:30:07.925Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-34991
Vulnerability from cvelistv5
Published
2021-11-15 15:40
Modified
2024-08-04 00:26
Severity ?
EPSS score ?
Summary
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6400v2 1.0.4.106_10.0.80 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UPnP service, which listens on TCP port 5000 by default. When parsing the uuid request header, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-14110.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:26:55.733Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1303/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.netgear.com/000064361/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Multiple-Products-PSV-2021-0168"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "R6400v2",
"vendor": "NETGEAR",
"versions": [
{
"status": "affected",
"version": "1.0.4.106_10.0.80"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "anonymous"
}
],
"descriptions": [
{
"lang": "en",
"value": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6400v2 1.0.4.106_10.0.80 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UPnP service, which listens on TCP port 5000 by default. When parsing the uuid request header, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-14110."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121: Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-13T21:44:43",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1303/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.netgear.com/000064361/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Multiple-Products-PSV-2021-0168"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID": "CVE-2021-34991",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "R6400v2",
"version": {
"version_data": [
{
"version_value": "1.0.4.106_10.0.80"
}
]
}
}
]
},
"vendor_name": "NETGEAR"
}
]
}
},
"credit": "anonymous",
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6400v2 1.0.4.106_10.0.80 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UPnP service, which listens on TCP port 5000 by default. When parsing the uuid request header, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-14110."
}
]
},
"impact": {
"cvss": {
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-121: Stack-based Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-1303/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1303/"
},
{
"name": "https://kb.netgear.com/000064361/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Multiple-Products-PSV-2021-0168",
"refsource": "MISC",
"url": "https://kb.netgear.com/000064361/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Multiple-Products-PSV-2021-0168"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2021-34991",
"datePublished": "2021-11-15T15:40:16",
"dateReserved": "2021-06-17T00:00:00",
"dateUpdated": "2024-08-04T00:26:55.733Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-20166
Vulnerability from cvelistv5
Published
2021-12-30 21:31
Modified
2024-08-03 17:30
Severity ?
EPSS score ?
Summary
Netgear RAX43 version 1.0.3.96 contains a buffer overrun vulnerability. The URL parsing functionality in the cgi-bin endpoint of the router containers a buffer overrun issue that can redirection control flow of the applicaiton.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.tenable.com/security/research/tra-2021-55 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Netgear RAX43 |
Version: 1.0.3.96 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:30:07.653Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tenable.com/security/research/tra-2021-55"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Netgear RAX43",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "1.0.3.96"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Netgear RAX43 version 1.0.3.96 contains a buffer overrun vulnerability. The URL parsing functionality in the cgi-bin endpoint of the router containers a buffer overrun issue that can redirection control flow of the applicaiton."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Buffer Overrun",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-30T21:31:16",
"orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"shortName": "tenable"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tenable.com/security/research/tra-2021-55"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnreport@tenable.com",
"ID": "CVE-2021-20166",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Netgear RAX43",
"version": {
"version_data": [
{
"version_value": "1.0.3.96"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Netgear RAX43 version 1.0.3.96 contains a buffer overrun vulnerability. The URL parsing functionality in the cgi-bin endpoint of the router containers a buffer overrun issue that can redirection control flow of the applicaiton."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer Overrun"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tenable.com/security/research/tra-2021-55",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2021-55"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"assignerShortName": "tenable",
"cveId": "CVE-2021-20166",
"datePublished": "2021-12-30T21:31:16",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:30:07.653Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-20169
Vulnerability from cvelistv5
Published
2021-12-30 21:31
Modified
2024-08-03 17:30
Severity ?
EPSS score ?
Summary
Netgear RAX43 version 1.0.3.96 does not utilize secure communications to the web interface. By default, all communication to/from the device is sent via HTTP, which causes potentially sensitive information (such as usernames and passwords) to be transmitted in cleartext.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.tenable.com/security/research/tra-2021-55 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Netgear RAX43 |
Version: 1.0.3.96 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:30:07.449Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tenable.com/security/research/tra-2021-55"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Netgear RAX43",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "1.0.3.96"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Netgear RAX43 version 1.0.3.96 does not utilize secure communications to the web interface. By default, all communication to/from the device is sent via HTTP, which causes potentially sensitive information (such as usernames and passwords) to be transmitted in cleartext."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Access Controls",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-30T21:31:18",
"orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"shortName": "tenable"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tenable.com/security/research/tra-2021-55"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnreport@tenable.com",
"ID": "CVE-2021-20169",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Netgear RAX43",
"version": {
"version_data": [
{
"version_value": "1.0.3.96"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Netgear RAX43 version 1.0.3.96 does not utilize secure communications to the web interface. By default, all communication to/from the device is sent via HTTP, which causes potentially sensitive information (such as usernames and passwords) to be transmitted in cleartext."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Access Controls"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tenable.com/security/research/tra-2021-55",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2021-55"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"assignerShortName": "tenable",
"cveId": "CVE-2021-20169",
"datePublished": "2021-12-30T21:31:18",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:30:07.449Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-20171
Vulnerability from cvelistv5
Published
2021-12-30 21:31
Modified
2024-08-03 17:30
Severity ?
EPSS score ?
Summary
Netgear RAX43 version 1.0.3.96 stores sensitive information in plaintext. All usernames and passwords for the device's associated services are stored in plaintext on the device. For example, the admin password is stored in plaintext in the primary configuration file on the device.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.tenable.com/security/research/tra-2021-55 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Netgear RAX43 |
Version: 1.0.3.96 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:30:07.477Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tenable.com/security/research/tra-2021-55"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Netgear RAX43",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "1.0.3.96"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Netgear RAX43 version 1.0.3.96 stores sensitive information in plaintext. All usernames and passwords for the device\u0027s associated services are stored in plaintext on the device. For example, the admin password is stored in plaintext in the primary configuration file on the device."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Plaintext Passwords",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-30T21:31:15",
"orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"shortName": "tenable"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tenable.com/security/research/tra-2021-55"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnreport@tenable.com",
"ID": "CVE-2021-20171",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Netgear RAX43",
"version": {
"version_data": [
{
"version_value": "1.0.3.96"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Netgear RAX43 version 1.0.3.96 stores sensitive information in plaintext. All usernames and passwords for the device\u0027s associated services are stored in plaintext on the device. For example, the admin password is stored in plaintext in the primary configuration file on the device."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Plaintext Passwords"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tenable.com/security/research/tra-2021-55",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2021-55"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"assignerShortName": "tenable",
"cveId": "CVE-2021-20171",
"datePublished": "2021-12-30T21:31:15",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:30:07.477Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-20168
Vulnerability from cvelistv5
Published
2021-12-30 21:31
Modified
2024-08-03 17:30
Severity ?
EPSS score ?
Summary
Netgear RAX43 version 1.0.3.96 does not have sufficient protections to the UART interface. A malicious actor with physical access to the device is able to connect to the UART port via a serial connection, login with default credentials, and execute commands as the root user. These default credentials are admin:admin.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.tenable.com/security/research/tra-2021-55 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Netgear RAX43 |
Version: 1.0.3.96 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:30:07.570Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tenable.com/security/research/tra-2021-55"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Netgear RAX43",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "1.0.3.96"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Netgear RAX43 version 1.0.3.96 does not have sufficient protections to the UART interface. A malicious actor with physical access to the device is able to connect to the UART port via a serial connection, login with default credentials, and execute commands as the root user. These default credentials are admin:admin."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Access Controls",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-30T21:31:17",
"orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"shortName": "tenable"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tenable.com/security/research/tra-2021-55"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnreport@tenable.com",
"ID": "CVE-2021-20168",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Netgear RAX43",
"version": {
"version_data": [
{
"version_value": "1.0.3.96"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Netgear RAX43 version 1.0.3.96 does not have sufficient protections to the UART interface. A malicious actor with physical access to the device is able to connect to the UART port via a serial connection, login with default credentials, and execute commands as the root user. These default credentials are admin:admin."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Access Controls"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tenable.com/security/research/tra-2021-55",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2021-55"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"assignerShortName": "tenable",
"cveId": "CVE-2021-20168",
"datePublished": "2021-12-30T21:31:17",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:30:07.570Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-45616
Vulnerability from cvelistv5
Published
2021-12-26 00:35
Modified
2024-08-04 04:47
Severity ?
EPSS score ?
Summary
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR750 before 3.2.18.2, LAX20 before 1.1.6.28, MK62 before 1.0.6.116, MR60 before 1.0.6.116, MS60 before 1.0.6.116, R6900P before 1.3.3.140, R7000 before 1.0.11.126, R7000P before 1.3.3.140, R7850 before 1.0.5.68, R7900 before 1.0.4.46, R7900P before 1.4.2.84, R7960P before 1.4.2.84, R8000 before 1.0.4.68, R8000P before 1.4.2.84, RAX15 before 1.0.3.96, RAX20 before 1.0.3.96, RAX200 before 1.0.4.120, RAX35v2 before 1.0.3.96, RAX40v2 before 1.0.3.96, RAX43 before 1.0.3.96, RAX45 before 1.0.3.96, RAX50 before 1.0.3.96, RAX75 before 1.0.4.120, RAX80 before 1.0.4.120, RBK752 before 3.2.17.12, RBK852 before 3.2.17.12, RBR750 before 3.2.17.12, RBR850 before 3.2.17.12, RBS750 before 3.2.17.12, RBS850 before 3.2.17.12, RS400 before 1.5.1.80, and XR1000 before 1.0.0.58.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:47:01.869Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.netgear.com/000064527/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-Routers-and-WiFi-Systems-PSV-2020-0576"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR750 before 3.2.18.2, LAX20 before 1.1.6.28, MK62 before 1.0.6.116, MR60 before 1.0.6.116, MS60 before 1.0.6.116, R6900P before 1.3.3.140, R7000 before 1.0.11.126, R7000P before 1.3.3.140, R7850 before 1.0.5.68, R7900 before 1.0.4.46, R7900P before 1.4.2.84, R7960P before 1.4.2.84, R8000 before 1.0.4.68, R8000P before 1.4.2.84, RAX15 before 1.0.3.96, RAX20 before 1.0.3.96, RAX200 before 1.0.4.120, RAX35v2 before 1.0.3.96, RAX40v2 before 1.0.3.96, RAX43 before 1.0.3.96, RAX45 before 1.0.3.96, RAX50 before 1.0.3.96, RAX75 before 1.0.4.120, RAX80 before 1.0.4.120, RBK752 before 3.2.17.12, RBK852 before 3.2.17.12, RBR750 before 3.2.17.12, RBR850 before 3.2.17.12, RBS750 before 3.2.17.12, RBS850 before 3.2.17.12, RS400 before 1.5.1.80, and XR1000 before 1.0.0.58."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:A/A:H/C:H/I:H/PR:N/S:C/UI:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-26T00:35:57",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.netgear.com/000064527/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-Routers-and-WiFi-Systems-PSV-2020-0576"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-45616",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR750 before 3.2.18.2, LAX20 before 1.1.6.28, MK62 before 1.0.6.116, MR60 before 1.0.6.116, MS60 before 1.0.6.116, R6900P before 1.3.3.140, R7000 before 1.0.11.126, R7000P before 1.3.3.140, R7850 before 1.0.5.68, R7900 before 1.0.4.46, R7900P before 1.4.2.84, R7960P before 1.4.2.84, R8000 before 1.0.4.68, R8000P before 1.4.2.84, RAX15 before 1.0.3.96, RAX20 before 1.0.3.96, RAX200 before 1.0.4.120, RAX35v2 before 1.0.3.96, RAX40v2 before 1.0.3.96, RAX43 before 1.0.3.96, RAX45 before 1.0.3.96, RAX50 before 1.0.3.96, RAX75 before 1.0.4.120, RAX80 before 1.0.4.120, RBK752 before 3.2.17.12, RBK852 before 3.2.17.12, RBR750 before 3.2.17.12, RBR850 before 3.2.17.12, RBS750 before 3.2.17.12, RBS850 before 3.2.17.12, RS400 before 1.5.1.80, and XR1000 before 1.0.0.58."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"availabilityImpact": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:A/A:H/C:H/I:H/PR:N/S:C/UI:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.netgear.com/000064527/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-Routers-and-WiFi-Systems-PSV-2020-0576",
"refsource": "MISC",
"url": "https://kb.netgear.com/000064527/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-Routers-and-WiFi-Systems-PSV-2020-0576"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-45616",
"datePublished": "2021-12-26T00:35:57",
"dateReserved": "2021-12-25T00:00:00",
"dateUpdated": "2024-08-04T04:47:01.869Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-45604
Vulnerability from cvelistv5
Published
2021-12-26 00:38
Modified
2024-08-04 04:47
Severity ?
EPSS score ?
Summary
Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects CBR750 before 3.2.18.2, D6220 before 1.0.0.68, D6400 before 1.0.0.102, D8500 before 1.0.3.60, LAX20 before 1.1.6.28, MK62 before 1.0.6.116, MR60 before 1.0.6.116, MS60 before 1.0.6.116, R6300v2 before 1.0.4.50, R6400 before 1.0.1.68, R6400v2 before 1.0.4.118, R6700v3 before 1.0.4.118, R6900P before 1.3.3.140, R7000 before 1.0.11.116, R7000P before 1.3.3.140, R7850 before 1.0.5.68, R7900 before 1.0.4.38, R7900P before 1.4.2.84, R7960P before 1.4.2.84, R8000 before 1.0.4.68, R8000P before 1.4.2.84, RAX15 before 1.0.3.96, RAX20 before 1.0.3.96, RAX200 before 1.0.4.120, RAX35v2 before 1.0.3.96, RAX40v2 before 1.0.3.96, RAX43 before 1.0.3.96, RAX45 before 1.0.3.96, RAX50 before 1.0.3.96, RAX75 before 1.0.4.120, RAX80 before 1.0.4.120, RBK752 before 3.2.17.12, RBK852 before 3.2.17.12, RBR750 before 3.2.17.12, RBR850 before 3.2.17.12, RBS750 before 3.2.17.12, RBS850 before 3.2.17.12, RS400 before 1.5.1.80, and XR1000 before 1.0.0.58.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:47:01.868Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.netgear.com/000064526/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-WiFi-Systems-PSV-2020-0572"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects CBR750 before 3.2.18.2, D6220 before 1.0.0.68, D6400 before 1.0.0.102, D8500 before 1.0.3.60, LAX20 before 1.1.6.28, MK62 before 1.0.6.116, MR60 before 1.0.6.116, MS60 before 1.0.6.116, R6300v2 before 1.0.4.50, R6400 before 1.0.1.68, R6400v2 before 1.0.4.118, R6700v3 before 1.0.4.118, R6900P before 1.3.3.140, R7000 before 1.0.11.116, R7000P before 1.3.3.140, R7850 before 1.0.5.68, R7900 before 1.0.4.38, R7900P before 1.4.2.84, R7960P before 1.4.2.84, R8000 before 1.0.4.68, R8000P before 1.4.2.84, RAX15 before 1.0.3.96, RAX20 before 1.0.3.96, RAX200 before 1.0.4.120, RAX35v2 before 1.0.3.96, RAX40v2 before 1.0.3.96, RAX43 before 1.0.3.96, RAX45 before 1.0.3.96, RAX50 before 1.0.3.96, RAX75 before 1.0.4.120, RAX80 before 1.0.4.120, RBK752 before 3.2.17.12, RBK852 before 3.2.17.12, RBR750 before 3.2.17.12, RBR850 before 3.2.17.12, RBS750 before 3.2.17.12, RBS850 before 3.2.17.12, RS400 before 1.5.1.80, and XR1000 before 1.0.0.58."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:A/A:H/C:N/I:N/PR:H/S:U/UI:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-26T00:38:12",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.netgear.com/000064526/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-WiFi-Systems-PSV-2020-0572"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-45604",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects CBR750 before 3.2.18.2, D6220 before 1.0.0.68, D6400 before 1.0.0.102, D8500 before 1.0.3.60, LAX20 before 1.1.6.28, MK62 before 1.0.6.116, MR60 before 1.0.6.116, MS60 before 1.0.6.116, R6300v2 before 1.0.4.50, R6400 before 1.0.1.68, R6400v2 before 1.0.4.118, R6700v3 before 1.0.4.118, R6900P before 1.3.3.140, R7000 before 1.0.11.116, R7000P before 1.3.3.140, R7850 before 1.0.5.68, R7900 before 1.0.4.38, R7900P before 1.4.2.84, R7960P before 1.4.2.84, R8000 before 1.0.4.68, R8000P before 1.4.2.84, RAX15 before 1.0.3.96, RAX20 before 1.0.3.96, RAX200 before 1.0.4.120, RAX35v2 before 1.0.3.96, RAX40v2 before 1.0.3.96, RAX43 before 1.0.3.96, RAX45 before 1.0.3.96, RAX50 before 1.0.3.96, RAX75 before 1.0.4.120, RAX80 before 1.0.4.120, RBK752 before 3.2.17.12, RBK852 before 3.2.17.12, RBR750 before 3.2.17.12, RBR850 before 3.2.17.12, RBS750 before 3.2.17.12, RBS850 before 3.2.17.12, RS400 before 1.5.1.80, and XR1000 before 1.0.0.58."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"availabilityImpact": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:A/A:H/C:N/I:N/PR:H/S:U/UI:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.netgear.com/000064526/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-WiFi-Systems-PSV-2020-0572",
"refsource": "MISC",
"url": "https://kb.netgear.com/000064526/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-WiFi-Systems-PSV-2020-0572"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-45604",
"datePublished": "2021-12-26T00:38:12",
"dateReserved": "2021-12-25T00:00:00",
"dateUpdated": "2024-08-04T04:47:01.868Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-45621
Vulnerability from cvelistv5
Published
2021-12-26 00:34
Modified
2024-08-04 04:47
Severity ?
EPSS score ?
Summary
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR40 before 2.5.0.24, CBR750 before 3.2.18.2, EAX20 before 1.0.0.58, EAX80 before 1.0.1.68, EX3700 before 1.0.0.94, EX3800 before 1.0.0.94, EX6120 before 1.0.0.64, EX6130 before 1.0.0.44, EX7000 before 1.0.1.104, EX7500 before 1.0.0.74, LAX20 before 1.1.6.28, MR60 before 1.0.6.116, MS60 before 1.0.6.116, R6300v2 before 1.0.4.52, R6400 before 1.0.1.70, R6400v2 before 1.0.4.106, R6700v3 before 1.0.4.106, R6900P before 1.3.3.140, R7000 before 1.0.11.126, R7000P before 1.3.3.140, R7100LG before 1.0.0.72, R7850 before 1.0.5.74, R7900 before 1.0.4.46, R7900P before 1.4.2.84, R7960P before 1.4.2.84, R8000 before 1.0.4.74, R8000P before 1.4.2.84, R8300 before 1.0.2.154, R8500 before 1.0.2.154, RAX15 before 1.0.3.96, RAX20 before 1.0.3.96, RAX200 before 1.0.4.120, RAX35v2 before 1.0.3.96, RAX40v2 before 1.0.3.96, RAX43 before 1.0.3.96, RAX45 before 1.0.3.96, RAX50 before 1.0.3.96, RAX75 before 1.0.4.120, RAX80 before 1.0.4.120, RBK752 before 3.2.17.12, RBK852 before 3.2.17.12, RBK852 before 3.2.17.12, RBR750 before 3.2.17.12, RBR850 before 3.2.17.12, RBR850 before 3.2.17.12, RBS750 before 3.2.17.12, RBS850 before 3.2.17.12, RBS850 before 3.2.17.12, RS400 before 1.5.1.80, XR1000 before 1.0.0.58, and XR300 before 1.0.3.68.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:47:01.926Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.netgear.com/000064523/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-Routers-Extenders-and-WiFi-Systems-PSV-2020-0562"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR40 before 2.5.0.24, CBR750 before 3.2.18.2, EAX20 before 1.0.0.58, EAX80 before 1.0.1.68, EX3700 before 1.0.0.94, EX3800 before 1.0.0.94, EX6120 before 1.0.0.64, EX6130 before 1.0.0.44, EX7000 before 1.0.1.104, EX7500 before 1.0.0.74, LAX20 before 1.1.6.28, MR60 before 1.0.6.116, MS60 before 1.0.6.116, R6300v2 before 1.0.4.52, R6400 before 1.0.1.70, R6400v2 before 1.0.4.106, R6700v3 before 1.0.4.106, R6900P before 1.3.3.140, R7000 before 1.0.11.126, R7000P before 1.3.3.140, R7100LG before 1.0.0.72, R7850 before 1.0.5.74, R7900 before 1.0.4.46, R7900P before 1.4.2.84, R7960P before 1.4.2.84, R8000 before 1.0.4.74, R8000P before 1.4.2.84, R8300 before 1.0.2.154, R8500 before 1.0.2.154, RAX15 before 1.0.3.96, RAX20 before 1.0.3.96, RAX200 before 1.0.4.120, RAX35v2 before 1.0.3.96, RAX40v2 before 1.0.3.96, RAX43 before 1.0.3.96, RAX45 before 1.0.3.96, RAX50 before 1.0.3.96, RAX75 before 1.0.4.120, RAX80 before 1.0.4.120, RBK752 before 3.2.17.12, RBK852 before 3.2.17.12, RBK852 before 3.2.17.12, RBR750 before 3.2.17.12, RBR850 before 3.2.17.12, RBR850 before 3.2.17.12, RBS750 before 3.2.17.12, RBS850 before 3.2.17.12, RBS850 before 3.2.17.12, RS400 before 1.5.1.80, XR1000 before 1.0.0.58, and XR300 before 1.0.3.68."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:A/A:H/C:H/I:H/PR:N/S:C/UI:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-26T00:34:50",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.netgear.com/000064523/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-Routers-Extenders-and-WiFi-Systems-PSV-2020-0562"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-45621",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR40 before 2.5.0.24, CBR750 before 3.2.18.2, EAX20 before 1.0.0.58, EAX80 before 1.0.1.68, EX3700 before 1.0.0.94, EX3800 before 1.0.0.94, EX6120 before 1.0.0.64, EX6130 before 1.0.0.44, EX7000 before 1.0.1.104, EX7500 before 1.0.0.74, LAX20 before 1.1.6.28, MR60 before 1.0.6.116, MS60 before 1.0.6.116, R6300v2 before 1.0.4.52, R6400 before 1.0.1.70, R6400v2 before 1.0.4.106, R6700v3 before 1.0.4.106, R6900P before 1.3.3.140, R7000 before 1.0.11.126, R7000P before 1.3.3.140, R7100LG before 1.0.0.72, R7850 before 1.0.5.74, R7900 before 1.0.4.46, R7900P before 1.4.2.84, R7960P before 1.4.2.84, R8000 before 1.0.4.74, R8000P before 1.4.2.84, R8300 before 1.0.2.154, R8500 before 1.0.2.154, RAX15 before 1.0.3.96, RAX20 before 1.0.3.96, RAX200 before 1.0.4.120, RAX35v2 before 1.0.3.96, RAX40v2 before 1.0.3.96, RAX43 before 1.0.3.96, RAX45 before 1.0.3.96, RAX50 before 1.0.3.96, RAX75 before 1.0.4.120, RAX80 before 1.0.4.120, RBK752 before 3.2.17.12, RBK852 before 3.2.17.12, RBK852 before 3.2.17.12, RBR750 before 3.2.17.12, RBR850 before 3.2.17.12, RBR850 before 3.2.17.12, RBS750 before 3.2.17.12, RBS850 before 3.2.17.12, RBS850 before 3.2.17.12, RS400 before 1.5.1.80, XR1000 before 1.0.0.58, and XR300 before 1.0.3.68."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"availabilityImpact": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:A/A:H/C:H/I:H/PR:N/S:C/UI:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.netgear.com/000064523/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-Routers-Extenders-and-WiFi-Systems-PSV-2020-0562",
"refsource": "MISC",
"url": "https://kb.netgear.com/000064523/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-Routers-Extenders-and-WiFi-Systems-PSV-2020-0562"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-45621",
"datePublished": "2021-12-26T00:34:50",
"dateReserved": "2021-12-25T00:00:00",
"dateUpdated": "2024-08-04T04:47:01.926Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-27645
Vulnerability from cvelistv5
Published
2023-03-29 00:00
Modified
2025-02-18 17:47
Severity ?
EPSS score ?
Summary
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700v3 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within readycloud_control.cgi. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15762.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:32:59.899Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-522/"
},
{
"tags": [
"x_transferred"
],
"url": "https://kb.netgear.com/000064722/Security-Advisory-for-Sensitive-Information-Disclosure-on-Some-Routers-and-Fixed-Wireless-Products-PSV-2021-0325"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-27645",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-18T17:47:46.916392Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-18T17:47:52.653Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "R6700v3",
"vendor": "NETGEAR",
"versions": [
{
"status": "affected",
"version": "1.0.4.120_10.0.91"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Xin\u0027an Zhou, Xiaochen Zou, Zhiyun Qian (from the team NullRiver)"
}
],
"descriptions": [
{
"lang": "en",
"value": "This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700v3 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within readycloud_control.cgi. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15762."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306: Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-28T00:00:00.000Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-522/"
},
{
"url": "https://kb.netgear.com/000064722/Security-Advisory-for-Sensitive-Information-Disclosure-on-Some-Routers-and-Fixed-Wireless-Products-PSV-2021-0325"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2022-27645",
"datePublished": "2023-03-29T00:00:00.000Z",
"dateReserved": "2022-03-22T00:00:00.000Z",
"dateUpdated": "2025-02-18T17:47:52.653Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-45622
Vulnerability from cvelistv5
Published
2021-12-26 00:34
Modified
2024-08-04 04:47
Severity ?
EPSS score ?
Summary
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR40 before 2.5.0.24, CBR750 before 4.6.3.6, EAX20 before 1.0.0.58, EAX80 before 1.0.1.68, EX7500 before 1.0.0.74, LAX20 before 1.1.6.28, MK62 before 1.0.6.116, MR60 before 1.0.6.116, MS60 before 1.0.6.116, R6400 before 1.0.1.70, R6400v2 before 1.0.4.118, R6700v3 before 1.0.4.118, R6900P before 1.3.3.140, R7000 before 1.0.11.116, R7000P before 1.3.3.140, R7850 before 1.0.5.68, R7900 before 1.0.4.38, R7900P before 1.4.2.84, R7960P before 1.4.2.84, R8000 before 1.0.4.68, R8000P before 1.4.2.84, RAX15 before 1.0.3.96, RAX20 before 1.0.3.96, RAX200 before 1.0.4.120, RAX35v2 before 1.0.3.96, RAX40v2 before 1.0.3.96, RAX43 before 1.0.3.96, RAX45 before 1.0.3.96, RAX50 before 1.0.3.96, RAX75 before 1.0.4.120, RAX80 before 1.0.4.120, RBK752 before 3.2.17.12, RBK852 before 3.2.17.12, RBR750 before 3.2.17.12, RBR850 before 3.2.17.12, RBS750 before 3.2.17.12, RBS850 before 3.2.17.12, RS400 before 1.5.1.80, XR1000 before 1.0.0.58, and XR300 before 1.0.3.68.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:47:01.216Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.netgear.com/000064509/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-Routers-Extender-WiFi-Systems-PSV-2020-0506"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR40 before 2.5.0.24, CBR750 before 4.6.3.6, EAX20 before 1.0.0.58, EAX80 before 1.0.1.68, EX7500 before 1.0.0.74, LAX20 before 1.1.6.28, MK62 before 1.0.6.116, MR60 before 1.0.6.116, MS60 before 1.0.6.116, R6400 before 1.0.1.70, R6400v2 before 1.0.4.118, R6700v3 before 1.0.4.118, R6900P before 1.3.3.140, R7000 before 1.0.11.116, R7000P before 1.3.3.140, R7850 before 1.0.5.68, R7900 before 1.0.4.38, R7900P before 1.4.2.84, R7960P before 1.4.2.84, R8000 before 1.0.4.68, R8000P before 1.4.2.84, RAX15 before 1.0.3.96, RAX20 before 1.0.3.96, RAX200 before 1.0.4.120, RAX35v2 before 1.0.3.96, RAX40v2 before 1.0.3.96, RAX43 before 1.0.3.96, RAX45 before 1.0.3.96, RAX50 before 1.0.3.96, RAX75 before 1.0.4.120, RAX80 before 1.0.4.120, RBK752 before 3.2.17.12, RBK852 before 3.2.17.12, RBR750 before 3.2.17.12, RBR850 before 3.2.17.12, RBS750 before 3.2.17.12, RBS850 before 3.2.17.12, RS400 before 1.5.1.80, XR1000 before 1.0.0.58, and XR300 before 1.0.3.68."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:A/A:H/C:H/I:H/PR:N/S:C/UI:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-26T00:34:41",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.netgear.com/000064509/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-Routers-Extender-WiFi-Systems-PSV-2020-0506"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-45622",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR40 before 2.5.0.24, CBR750 before 4.6.3.6, EAX20 before 1.0.0.58, EAX80 before 1.0.1.68, EX7500 before 1.0.0.74, LAX20 before 1.1.6.28, MK62 before 1.0.6.116, MR60 before 1.0.6.116, MS60 before 1.0.6.116, R6400 before 1.0.1.70, R6400v2 before 1.0.4.118, R6700v3 before 1.0.4.118, R6900P before 1.3.3.140, R7000 before 1.0.11.116, R7000P before 1.3.3.140, R7850 before 1.0.5.68, R7900 before 1.0.4.38, R7900P before 1.4.2.84, R7960P before 1.4.2.84, R8000 before 1.0.4.68, R8000P before 1.4.2.84, RAX15 before 1.0.3.96, RAX20 before 1.0.3.96, RAX200 before 1.0.4.120, RAX35v2 before 1.0.3.96, RAX40v2 before 1.0.3.96, RAX43 before 1.0.3.96, RAX45 before 1.0.3.96, RAX50 before 1.0.3.96, RAX75 before 1.0.4.120, RAX80 before 1.0.4.120, RBK752 before 3.2.17.12, RBK852 before 3.2.17.12, RBR750 before 3.2.17.12, RBR850 before 3.2.17.12, RBS750 before 3.2.17.12, RBS850 before 3.2.17.12, RS400 before 1.5.1.80, XR1000 before 1.0.0.58, and XR300 before 1.0.3.68."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"availabilityImpact": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:A/A:H/C:H/I:H/PR:N/S:C/UI:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.netgear.com/000064509/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-Routers-Extender-WiFi-Systems-PSV-2020-0506",
"refsource": "MISC",
"url": "https://kb.netgear.com/000064509/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-Routers-Extender-WiFi-Systems-PSV-2020-0506"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-45622",
"datePublished": "2021-12-26T00:34:41",
"dateReserved": "2021-12-25T00:00:00",
"dateUpdated": "2024-08-04T04:47:01.216Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-20170
Vulnerability from cvelistv5
Published
2021-12-30 21:31
Modified
2024-08-03 17:30
Severity ?
EPSS score ?
Summary
Netgear RAX43 version 1.0.3.96 makes use of hardcoded credentials. It does not appear that normal users are intended to be able to manipulate configuration backups due to the fact that they are encrypted. This encryption is accomplished via a password-protected zip file with a hardcoded password (RAX50w!a4udk). By unzipping the configuration using this password, a user can reconfigure settings not intended to be manipulated, re-zip the configuration, and restore a backup causing these settings to be changed.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.tenable.com/security/research/tra-2021-55 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Netgear RAX43 |
Version: 1.0.3.96 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:30:07.477Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tenable.com/security/research/tra-2021-55"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Netgear RAX43",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "1.0.3.96"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Netgear RAX43 version 1.0.3.96 makes use of hardcoded credentials. It does not appear that normal users are intended to be able to manipulate configuration backups due to the fact that they are encrypted. This encryption is accomplished via a password-protected zip file with a hardcoded password (RAX50w!a4udk). By unzipping the configuration using this password, a user can reconfigure settings not intended to be manipulated, re-zip the configuration, and restore a backup causing these settings to be changed."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Hardcoded Credential",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-30T21:31:15",
"orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"shortName": "tenable"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tenable.com/security/research/tra-2021-55"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnreport@tenable.com",
"ID": "CVE-2021-20170",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Netgear RAX43",
"version": {
"version_data": [
{
"version_value": "1.0.3.96"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Netgear RAX43 version 1.0.3.96 makes use of hardcoded credentials. It does not appear that normal users are intended to be able to manipulate configuration backups due to the fact that they are encrypted. This encryption is accomplished via a password-protected zip file with a hardcoded password (RAX50w!a4udk). By unzipping the configuration using this password, a user can reconfigure settings not intended to be manipulated, re-zip the configuration, and restore a backup causing these settings to be changed."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Hardcoded Credential"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tenable.com/security/research/tra-2021-55",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2021-55"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"assignerShortName": "tenable",
"cveId": "CVE-2021-20170",
"datePublished": "2021-12-30T21:31:15",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:30:07.477Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-27647
Vulnerability from cvelistv5
Published
2023-03-29 00:00
Modified
2025-02-18 17:41
Severity ?
EPSS score ?
Summary
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of the name or email field provided to libreadycloud.so. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15874.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:32:59.969Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://kb.netgear.com/000064723/Security-Advisory-for-Multiple-Vulnerabilities-on-Multiple-Products-PSV-2021-0327"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-524/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-27647",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-18T17:40:25.890386Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-18T17:41:07.125Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "R6700v3",
"vendor": "NETGEAR",
"versions": [
{
"status": "affected",
"version": "1.0.4.120_10.0.91"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Bugscale team"
}
],
"descriptions": [
{
"lang": "en",
"value": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of the name or email field provided to libreadycloud.so. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15874."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-29T00:00:00.000Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"url": "https://kb.netgear.com/000064723/Security-Advisory-for-Multiple-Vulnerabilities-on-Multiple-Products-PSV-2021-0327"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-524/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2022-27647",
"datePublished": "2023-03-29T00:00:00.000Z",
"dateReserved": "2022-03-22T00:00:00.000Z",
"dateUpdated": "2025-02-18T17:41:07.125Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}