CVE-2021-45593: Command Injection
First published: Sun Dec 26 2021(Updated: )
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBR20 before 2.7.3.22, RBR40 before 2.7.3.22, RBR50 before 2.7.2.102, RBS20 before 2.7.3.22, RBS40 before 2.7.3.22, RBR50 before 2.7.2.102, RBK20 before 2.7.3.22, RBK40 before 2.7.3.22, and RBK50 before 2.7.2.102.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| NETGEAR RBR20 | <2.7.3.22 | |
| NETGEAR Orbi RBR20 | ||
| NETGEAR CBR40 firmware | <2.7.3.22 | |
| NETGEAR RBR40 firmware | ||
| NETGEAR RBR50 firmware | <2.7.2.102 | |
| NETGEAR RBR50 firmware | ||
| NETGEAR RBS20 | <2.7.3.22 | |
| NETGEAR Orbi RBS20 | ||
| NETGEAR RBS40 Firmware | <2.7.3.22 | |
| NETGEAR Orbi RBS40 | ||
| NETGEAR RBK20 Router Firmware | <2.7.3.22 | |
| NETGEAR Orbi RBK20 | ||
| NETGEAR RBK40 Satellite Firmware | <2.7.3.22 | |
| NETGEAR RBK40 Satellite Firmware | ||
| NETGEAR RBK50 firmware | <2.7.2.102 | |
| NETGEAR Orbi RBK50 | ||
| All of | ||
| NETGEAR RBR20 | <2.7.3.22 | |
| NETGEAR Orbi RBR20 | ||
| All of | ||
| NETGEAR CBR40 firmware | <2.7.3.22 | |
| NETGEAR RBR40 firmware | ||
| All of | ||
| NETGEAR RBR50 firmware | <2.7.2.102 | |
| NETGEAR RBR50 firmware | ||
| All of | ||
| NETGEAR RBS20 | <2.7.3.22 | |
| NETGEAR Orbi RBS20 | ||
| All of | ||
| NETGEAR RBS40 Firmware | <2.7.3.22 | |
| NETGEAR Orbi RBS40 | ||
| All of | ||
| NETGEAR RBK20 Router Firmware | <2.7.3.22 | |
| NETGEAR Orbi RBK20 | ||
| All of | ||
| NETGEAR RBK40 Satellite Firmware | <2.7.3.22 | |
| NETGEAR RBK40 Satellite Firmware | ||
| All of | ||
| NETGEAR RBK50 firmware | <2.7.2.102 | |
| NETGEAR Orbi RBK50 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2021-45593?
CVE-2021-45593 is a vulnerability that allows an authenticated user to execute arbitrary commands on certain NETGEAR devices.
Which NETGEAR devices are affected by CVE-2021-45593?
CVE-2021-45593 affects the following NETGEAR devices: RBR20, RBR40, RBR50, RBS20, RBS40, RBK20, RBK40, and RBK50.
What is the severity of CVE-2021-45593?
CVE-2021-45593 has a severity rating of 6.8 (high).
How can I fix CVE-2021-45593?
To fix CVE-2021-45593, update the affected NETGEAR devices to the latest firmware versions: RBR20 2.7.3.22, RBR40 2.7.3.22, RBR50 2.7.2.102, RBS20 2.7.3.22, RBS40 2.7.3.22, RBK20 2.7.3.22, RBK40 2.7.3.22, and RBK50 2.7.2.102.
Where can I find more information about CVE-2021-45593?
You can find more information about CVE-2021-45593 in the NETGEAR Security Advisory: https://kb.netgear.com/000064474/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-WiFi-Systems-PSV-2020-0175.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/severity
- agent/description
- agent/first-publish-date
- agent/author
- agent/last-modified-date
- agent/event
- agent/source
- agent/weakness
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- vendor/netgear
- canonical/netgear rbr20
- canonical/netgear orbi rbr20
- canonical/netgear cbr40 firmware
- canonical/netgear rbr40 firmware
- canonical/netgear rbr50 firmware
- canonical/netgear rbs20
- canonical/netgear orbi rbs20
- canonical/netgear rbs40 firmware
- canonical/netgear orbi rbs40
- canonical/netgear rbk20 router firmware
- canonical/netgear orbi rbk20
- canonical/netgear rbk40 satellite firmware
- canonical/netgear rbk50 firmware
- canonical/netgear orbi rbk50