CVE-2021-45552: Command Injection
First published: Sun Dec 26 2021(Updated: )
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D7800 before 1.0.1.58, R7500v2 before 1.0.3.48, R7800 before 1.0.2.68, R8900 before 1.0.5.2, R9000 before 1.0.5.2, RAX120 before 1.0.1.108, and XR700 before 1.0.1.20.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| NETGEAR D7800 | <1.0.1.58 | |
| NETGEAR D7800 Firmware | ||
| All of | ||
| NETGEAR R7500v2 firmware | <1.0.3.48 | |
| NETGEAR Nighthawk R7500 | ||
| All of | ||
| NETGEAR R7800 firmware | <1.0.2.68 | |
| NETGEAR R7800 firmware | ||
| All of | ||
| NETGEAR R8900 firmware | <1.0.5.2 | |
| NETGEAR R8900 | ||
| All of | ||
| NETGEAR R9000 firmware | <1.0.5.2 | |
| NETGEAR R9000 firmware | ||
| All of | ||
| NETGEAR RAX120 firmware | <=1.0.1.108 | |
| NETGEAR RAX120 firmware | ||
| All of | ||
| NETGEAR XR700 | <1.0.1.20 | |
| NETGEAR XR700 firmware | ||
| NETGEAR D7800 | <1.0.1.58 | |
| NETGEAR D7800 Firmware | ||
| NETGEAR R7500v2 firmware | <1.0.3.48 | |
| NETGEAR Nighthawk R7500 | ||
| NETGEAR R7800 firmware | <1.0.2.68 | |
| NETGEAR R7800 firmware | ||
| NETGEAR R8900 firmware | <1.0.5.2 | |
| NETGEAR R8900 | ||
| NETGEAR R9000 firmware | <1.0.5.2 | |
| NETGEAR R9000 firmware | ||
| NETGEAR RAX120 firmware | <=1.0.1.108 | |
| NETGEAR RAX120 firmware | ||
| NETGEAR XR700 | <1.0.1.20 | |
| NETGEAR XR700 firmware |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2021-45552?
CVE-2021-45552 is a vulnerability that allows an authenticated user to perform command injection on certain NETGEAR devices.
Which devices are affected by CVE-2021-45552?
CVE-2021-45552 affects D7800 before 1.0.1.58, R7500v2 before 1.0.3.48, R7800 before 1.0.2.68, R8900 before 1.0.5.2, R9000 before 1.0.5.2, RAX120 before 1.0.1.108, and XR700 before 1.0.1.20.
What is the severity of CVE-2021-45552?
CVE-2021-45552 has a severity of 7.2 (High).
How can an authenticated user exploit CVE-2021-45552?
An authenticated user can exploit CVE-2021-45552 by injecting and executing arbitrary commands.
How can I fix CVE-2021-45552?
To fix CVE-2021-45552, ensure you are running the latest firmware version for your NETGEAR device.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/severity
- agent/remedy
- agent/description
- agent/first-publish-date
- agent/last-modified-date
- agent/author
- agent/event
- agent/source
- agent/weakness
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/netgear
- canonical/netgear d7800
- canonical/netgear d7800 firmware
- canonical/netgear r7500v2 firmware
- canonical/netgear nighthawk r7500
- canonical/netgear r7800 firmware
- canonical/netgear r8900 firmware
- canonical/netgear r8900
- canonical/netgear r9000 firmware
- canonical/netgear rax120 firmware
- version/netgear rax120 firmware/1.0.1.108
- canonical/netgear xr700
- canonical/netgear xr700 firmware