CVE-2021-45626: Command Injection
First published: Sun Dec 26 2021(Updated: )
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects RBK20 before 2.6.1.36, RBR20 before 2.6.1.36, RBS20 before 2.6.1.38, RBK40 before 2.6.1.36, RBR40 before 2.6.1.36, RBS40 before 2.6.1.38, RBK50 before 2.6.1.40, RBR50 before 2.6.1.40, RBS50 before 2.6.1.40, and RBS50Y before 2.6.1.40.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| NETGEAR RBK20 Router Firmware | <2.6.1.38 | |
| NETGEAR Orbi RBK20 | ||
| NETGEAR RBR20 | <2.6.1.36 | |
| NETGEAR RBR20 | ||
| NETGEAR RBS20 | <2.6.1.38 | |
| NETGEAR RBS20 firmware | ||
| NETGEAR RBK40 Satellite Firmware | <2.6.1.38 | |
| NETGEAR RBK40 firmware | ||
| NETGEAR CBR40 firmware | <2.6.1.36 | |
| NETGEAR RBR40 firmware | ||
| NETGEAR RBS40 Firmware | <2.6.1.38 | |
| NETGEAR RBS40 firmware | ||
| NETGEAR RBK50 firmware | <2.6.1.40 | |
| NETGEAR Orbi RBK50 | ||
| NETGEAR RBR50 firmware | <2.6.1.40 | |
| NETGEAR RBR50 firmware | ||
| NETGEAR RBS50 Firmware | <2.6.1.40 | |
| NETGEAR RBS50 | ||
| NETGEAR RBS50Y firmware | <2.6.1.40 | |
| NETGEAR RBS50Y firmware | ||
| All of | ||
| NETGEAR RBK20 Router Firmware | <2.6.1.38 | |
| NETGEAR Orbi RBK20 | ||
| All of | ||
| NETGEAR RBR20 | <2.6.1.36 | |
| NETGEAR RBR20 | ||
| All of | ||
| NETGEAR RBS20 | <2.6.1.38 | |
| NETGEAR RBS20 firmware | ||
| All of | ||
| NETGEAR RBK40 Satellite Firmware | <2.6.1.38 | |
| NETGEAR RBK40 firmware | ||
| All of | ||
| NETGEAR CBR40 firmware | <2.6.1.36 | |
| NETGEAR RBR40 firmware | ||
| All of | ||
| NETGEAR RBS40 Firmware | <2.6.1.38 | |
| NETGEAR RBS40 firmware | ||
| All of | ||
| NETGEAR RBK50 firmware | <2.6.1.40 | |
| NETGEAR Orbi RBK50 | ||
| All of | ||
| NETGEAR RBR50 firmware | <2.6.1.40 | |
| NETGEAR RBR50 firmware | ||
| All of | ||
| NETGEAR RBS50 Firmware | <2.6.1.40 | |
| NETGEAR RBS50 | ||
| All of | ||
| NETGEAR RBS50Y firmware | <2.6.1.40 | |
| NETGEAR RBS50Y firmware |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2021-45626?
CVE-2021-45626 is a vulnerability that affects certain NETGEAR devices, allowing an unauthenticated attacker to perform command injection.
Which devices are affected by CVE-2021-45626?
RBK20 before 2.6.1.36, RBR20 before 2.6.1.36, RBS20 before 2.6.1.38, RBK40 before 2.6.1.36, RBR40 before 2.6.1.36, RBS40 before 2.6.1.38, RBK50 before 2.6.1.40, RBR50 before 2.6.1.40, RBS50 before 2.6.1.40, and RBS50Y before 2.6.1.40 are affected.
What is the severity of CVE-2021-45626?
CVE-2021-45626 has a severity rating of 8.8 (critical).
How can an attacker exploit CVE-2021-45626?
An unauthenticated attacker can exploit CVE-2021-45626 by performing command injection attacks.
Is there a fix available for CVE-2021-45626?
Yes, a fix is available for CVE-2021-45626. It is recommended to update the affected devices to the latest firmware versions.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/remedy
- agent/references
- agent/description
- agent/first-publish-date
- agent/last-modified-date
- agent/author
- agent/event
- agent/source
- agent/weakness
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/softwarecombine
- vendor/netgear
- canonical/netgear rbk20 router firmware
- canonical/netgear orbi rbk20
- canonical/netgear rbr20
- canonical/netgear rbs20
- canonical/netgear rbs20 firmware
- canonical/netgear rbk40 satellite firmware
- canonical/netgear rbk40 firmware
- canonical/netgear cbr40 firmware
- canonical/netgear rbr40 firmware
- canonical/netgear rbs40 firmware
- canonical/netgear rbk50 firmware
- canonical/netgear orbi rbk50
- canonical/netgear rbr50 firmware
- canonical/netgear rbs50 firmware
- canonical/netgear rbs50
- canonical/netgear rbs50y firmware