Command Injection Vulnerability in NETGEAR Routers and Extenders
CVE-2021-45618

9.6CRITICAL

Key Information:

Vendor: Netgear
Status: D7800 Firmware
Vendor: CVE Published:; 26 December 2021

Summary

Certain NETGEAR devices are susceptible to a command injection attack due to improper validation of user-supplied input. An unauthenticated attacker can exploit this vulnerability to execute arbitrary commands, potentially compromising the affected router or extender. This affects a range of NETGEAR models that have not received firmware updates, emphasizing the importance of keeping device software up to date to safeguard against such attacks.

References

https://kb.netgear.com/000064490/Security-Advisory-for-Pr...

x_refsource_MISC

CVSS V3.1

Score:

9.6

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Dec 26, 2021
Vulnerability Reserved
Dec 25, 2021