CVE-2021-29069

Description

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects XR450 before 2.3.2.114, XR500 before 2.3.2.114, and WNR2000v5 before 1.0.0.76.

Related CPE's

o netgear xr450_firmware ********

h netgear xr450 -*******

o netgear xr500_firmware ********

h netgear xr500 -*******

o netgear wnr2000v5_firmware ********

h netgear wnr2000v5 -*******

References

https://kb.netgear.com/000063023/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Routers-PSV-2020-0595

Vendor Advisory

CvssV3 impact

BaseSeverity	HIGH
ConfidentialityImpact	HIGH
AttackComplexity	LOW
Scope	CHANGED
AttackVector	ADJACENT_NETWORK
AvailabilityImpact	HIGH
IntegrityImpact	HIGH
PrivilegesRequired	HIGH
BaseScore	8.4
VectorString	CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Version	3.1
UserInteraction	NONE

CvssV2 impact

AccessComplexity	LOW
ConfidentialityImpact	PARTIAL
AvailabilityImpact	PARTIAL
IntegrityImpact	PARTIAL
BaseScore	5.2
VectorString	AV:A/AC:L/Au:S/C:P/I:P/A:P
Version	2.0
AccessVector	ADJACENT_NETWORK
Authentication	SINGLE