What is CVE-2021-38528?

CVE-2021-38528 is a vulnerability that affects certain NETGEAR devices, allowing unauthenticated attackers to execute commands.

What is the severity level of CVE-2021-38528?

CVE-2021-38528 has a severity level of 9.8 (Critical).

How can an unauthenticated attacker exploit CVE-2021-38528?

An unauthenticated attacker can exploit CVE-2021-38528 by injecting malicious commands into certain NETGEAR devices.

Is there a fix available for CVE-2021-38528?

Yes, NETGEAR has released firmware updates to address and mitigate the CVE-2021-38528 vulnerability.

Vulnerability/
CVE-2021-38528

critical

CWE

11/8/2021

4/8/2024

CVE-2021-38528: Command Injection

Q: Which NETGEAR devices are affected by CVE-2021-38528?

NETGEAR devices D8500 (before 1.0.3.58), R6900P (before 1.3.2.132), R7000P (before 1.3.2.132), R7100LG (before 1.0.0.64), WNDR3400v3 (before 1.0.1.38), and XR300 (before 1.0.3.56) are affected by CVE-2021-38528.

First published: Wed Aug 11 2021(Updated: )

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects D8500 before 1.0.3.58, R6900P before 1.3.2.132, R7000P before 1.3.2.132, R7100LG before 1.0.0.64, WNDR3400v3 before 1.0.1.38, and XR300 before 1.0.3.56.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Netgear D8500 Firmware	<1.0.3.58
Netgear D8500
Netgear R6900p Firmware	<1.3.2.132
Netgear R6900P
Netgear R7000p Firmware	<1.3.2.132
Netgear R7000P
Netgear R7100lg Firmware	<1.0.0.64
Netgear R7100LG
Netgear Wndr3400 Firmware	<1.0.1.38
NETGEAR Multiple Routers	=v3
Netgear Xr300 Firmware	<1.0.3.56
Netgear XR300

Never miss a vulnerability like this again

Reference Links

https://kb.netgear.com/000063781/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-Gateways-and-Routers-PSV-2020-0297

Frequently Asked Questions

What is CVE-2021-38528?
CVE-2021-38528 is a vulnerability that affects certain NETGEAR devices, allowing unauthenticated attackers to execute commands.
Which NETGEAR devices are affected by CVE-2021-38528?
NETGEAR devices D8500 (before 1.0.3.58), R6900P (before 1.3.2.132), R7000P (before 1.3.2.132), R7100LG (before 1.0.0.64), WNDR3400v3 (before 1.0.1.38), and XR300 (before 1.0.3.56) are affected by CVE-2021-38528.
What is the severity level of CVE-2021-38528?
CVE-2021-38528 has a severity level of 9.8 (Critical).
How can an unauthenticated attacker exploit CVE-2021-38528?
An unauthenticated attacker can exploit CVE-2021-38528 by injecting malicious commands into certain NETGEAR devices.
Is there a fix available for CVE-2021-38528?
Yes, NETGEAR has released firmware updates to address and mitigate the CVE-2021-38528 vulnerability.

collector/nvd-index
agent/references
agent/severity
agent/author
agent/event
agent/tags
agent/weakness
agent/type
agent/description
agent/last-modified-date
agent/softwarecombine
agent/first-publish-date
collector/mitre-cve
source/MITRE
vendor/netgear
canonical/netgear d8500 firmware
canonical/netgear d8500
canonical/netgear r6900p firmware
canonical/netgear r6900p
canonical/netgear r7000p firmware
canonical/netgear r7000p
canonical/netgear r7100lg firmware
canonical/netgear r7100lg
canonical/netgear wndr3400 firmware
canonical/netgear multiple routers
version/netgear multiple routers/v3
canonical/netgear xr300 firmware
canonical/netgear xr300

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.