CVE-2021-45625: Command Injection
First published: Sun Dec 26 2021(Updated: )
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects XR300 before 1.0.3.68, R7000P before 1.3.3.140, and R6900P before 1.3.3.140.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Netgear Xr300 Firmware | <1.0.3.68 | |
| Netgear XR300 | ||
| Netgear R7000p Firmware | <1.3.3.140 | |
| Netgear R7000P | ||
| Netgear R6900p Firmware | <1.3.3.140 | |
| Netgear R6900P |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2021-45625?
CVE-2021-45625 is a command injection vulnerability that affects certain NETGEAR devices.
Which NETGEAR devices are affected by CVE-2021-45625?
The NETGEAR devices affected by CVE-2021-45625 include XR300 before 1.0.3.68, R7000P before 1.3.3.140, and R6900P before 1.3.3.140.
What is the severity level of CVE-2021-45625?
CVE-2021-45625 has a severity level of 9.8 (Critical).
How can an unauthenticated attacker exploit CVE-2021-45625?
An unauthenticated attacker can exploit CVE-2021-45625 through command injection.
Is there a fix available for CVE-2021-45625?
Yes, a fix is available for CVE-2021-45625. Please refer to the NETGEAR Security Advisory for instructions.
- collector/nvd-index
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/author
- agent/remedy
- agent/references
- agent/weakness
- agent/tags
- agent/type
- agent/description
- agent/first-publish-date
- agent/softwarecombine
- agent/event
- vendor/netgear
- canonical/netgear xr300 firmware
- canonical/netgear xr300
- canonical/netgear r7000p firmware
- canonical/netgear r7000p
- canonical/netgear r6900p firmware
- canonical/netgear r6900p