Description

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK852 before 3.2.17.12, RBK853 before 3.2.17.12, RBK854 before 3.2.17.12, RBR850 before 3.2.17.12, RBS850 before 3.2.17.12, RBR752 before 3.2.17.12, RBR753 before 3.2.17.12, RBR753S before 3.2.17.12, RBR754 before 3.2.17.12, RBR750 before 3.2.17.12, and RBS750 before 3.2.17.12.

Related CPE's

o

netgear

rbk852_firmware

Vulnerable

h

netgear

rbk852

-

o

netgear

rbk853_firmware

Vulnerable

h

netgear

rbk853

-

o

netgear

rbk854_firmware

Vulnerable

h

netgear

rbk854

-

o

netgear

rbr850_firmware

Vulnerable

h

netgear

rbr850

-

o

netgear

rbs850_firmware

Vulnerable

h

netgear

rbs850

-

o

netgear

rbr752_firmware

Vulnerable

h

netgear

rbr752

-

o

netgear

rbr753_firmware

Vulnerable

h

netgear

rbr753

-

o

netgear

rbr753s_firmware

Vulnerable

h

netgear

rbr753s

-

o

netgear

rbr754_firmware

Vulnerable

h

netgear

rbr754

-

o

netgear

rbr750_firmware

Vulnerable

h

netgear

rbr750

-

o

netgear

rbs750_firmware

Vulnerable

h

netgear

rbs750

-

References

https://kb.netgear.com/000063008/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-WiFi-Systems-PSV-2020-0476

Vendor Advisory

Weaknesses

[email protected]

Primary
CWE-77

CVSS impact metrics

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

9 · Critical

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2021-03-23T07:15:13.560

4 years ago

Last modified

2021-03-24T19:40:11.363

4 years ago