CVE-2021-29071 | Severity.io

Description

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK852 before 3.2.17.12, RBK853 before 3.2.17.12, RBK854 before 3.2.17.12, RBR850 before 3.2.17.12, RBS850 before 3.2.17.12, RBR752 before 3.2.17.12, RBR753 before 3.2.17.12, RBR753S before 3.2.17.12, RBR754 before 3.2.17.12, RBR750 before 3.2.17.12, and RBS750 before 3.2.17.12.

Related CPE's

rbk852_firmware

Vulnerable

rbk853_firmware

Vulnerable

rbk854_firmware

Vulnerable

rbr850_firmware

Vulnerable

rbs850_firmware

Vulnerable

rbr752_firmware

Vulnerable

rbr753_firmware

Vulnerable

rbr753s_firmware

Vulnerable

rbr754_firmware

Vulnerable

rbr750_firmware

Vulnerable

rbs750_firmware

Vulnerable

References

https://kb.netgear.com/000063008/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-WiFi-Systems-PSV-2020-0476

Vendor Advisory

https://kb.netgear.com/000063008/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-WiFi-Systems-PSV-2020-0476

Vendor Advisory

Weaknesses

[email protected]

Primary

CWE-77

CVSS impact metrics

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

9.6 · Critical

Information

Source identifier

[email protected]

Vulnerability status

Modified

Published

2021-03-23T06:15:13.560Z

5 years ago

Last modified

2024-11-21T05:00:38.910Z

1 year ago