Server-Side Injection Vulnerability in NETGEAR R6400 Product
CVE-2021-45655

6.9MEDIUM

Key Information:

Vendor: Netgear
Status: R6400 Firmware
Vendor: CVE Published:; 26 December 2021

What is CVE-2021-45655?

NETGEAR R6400 devices are susceptible to a server-side injection vulnerability present in firmware versions prior to 1.0.1.70. This flaw can potentially allow an attacker to send malicious input to the server, which might be processed improperly, leading to unauthorized actions within the affected system. To mitigate this risk, it's crucial to update to the latest firmware version as recommended by NETGEAR. Regularly checking for firmware updates can significantly enhance your network security.

References

https://kb.netgear.com/000064069/Security-Advisory-for-Se...

x_refsource_MISC

CVSS V3.1

Score:

6.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 26, 2021
Vulnerability Reserved
Dec 25, 2021

Netgear

What is CVE-2021-45655?

References

CVSS V3.1

Timeline