CVE-2021-38529: Command Injection
First published: Wed Aug 11 2021(Updated: )
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects D7800 before 1.0.1.56, R7800 before 1.0.2.68, R8900 before 1.0.4.26, and R9000 before 1.0.4.26.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Netgear D7800 Firmware | <1.0.1.56 | |
| Netgear D7800 | ||
| NETGEAR R7800 firmware | <1.0.2.68 | |
| NETGEAR R7800 | ||
| Netgear R8900 Firmware | <1.0.4.26 | |
| NETGEAR R8900 | ||
| Netgear R9000 Firmware | <1.0.4.26 | |
| NETGEAR R9000 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
Which devices are affected by CVE-2021-38529?
Netgear D7800 Firmware before 1.0.1.56, NETGEAR R7800 firmware before 1.0.2.68, Netgear R8900 Firmware before 1.0.4.26, and Netgear R9000 Firmware before 1.0.4.26.
What is the severity level of CVE-2021-38529?
The severity level of CVE-2021-38529 is critical (9.8).
How can an unauthenticated attacker exploit CVE-2021-38529?
An unauthenticated attacker can exploit CVE-2021-38529 by injecting malicious commands.
Is CVE-2021-38529 a remote vulnerability?
Yes, CVE-2021-38529 is a remote vulnerability.
Where can I find more information about CVE-2021-38529?
You can find more information about CVE-2021-38529 at the following reference: https://kb.netgear.com/000063765/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-Routers-and-Gateways-PSV-2018-0616