Description

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects RBK852 before 3.2.17.12, RBK853 before 3.2.17.12, RBK854 before 3.2.17.12, RBR850 before 3.2.17.12, RBS850 before 3.2.17.12, RBK752 before 3.2.17.12, RBK753 before 3.2.17.12, RBK753S before 3.2.17.12, RBK754 before 3.2.17.12, RBR750 before 3.2.17.12, and RBS750 before 3.2.17.12.

Related CPE's

o

netgear

rbk852_firmware

Vulnerable

h

netgear

rbk852

-

o

netgear

rbk853_firmware

Vulnerable

h

netgear

rbk853

-

o

netgear

rbk854_firmware

Vulnerable

h

netgear

rbk854

-

o

netgear

rbr850_firmware

Vulnerable

h

netgear

rbr850

-

o

netgear

rbs850_firmware

Vulnerable

h

netgear

rbs850

-

o

netgear

rbk752_firmware

Vulnerable

h

netgear

rbk752

-

o

netgear

rbk753_firmware

Vulnerable

h

netgear

rbk753

-

o

netgear

rbk753s_firmware

Vulnerable

h

netgear

rbk753s

-

o

netgear

rbk754_firmware

Vulnerable

h

netgear

rbk754

-

o

netgear

rbr750_firmware

Vulnerable

h

netgear

rbr750

-

o

netgear

rbs750_firmware

Vulnerable

h

netgear

rbs750

-

References

https://kb.netgear.com/000063009/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-WiFi-Systems-PSV-2020-0511

Vendor Advisory

Weaknesses

[email protected]

Primary
CWE-77

CVSS impact metrics

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

9.6 · Critical

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2021-03-23T07:15:14.077

4 years ago

Last modified

2021-03-24T19:35:13.467

4 years ago