CVE-2021-29069
HIGHNETGEAR XR450 XR500 WNR2000v5 - Authenticated Command Injection
Title source: llmDescription
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects XR450 before 2.3.2.114, XR500 before 2.3.2.114, and WNR2000v5 before 1.0.0.76.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://kb.netgear.com/000063023/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Routers-PSV-2020-0595
Scores
CVSS v3
7.3
EPSS
0.0008
EPSS Percentile
23.6%
Attack Vector
ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H
Details
CWE
CWE-77
Status
published
Products (3)
netgear/wnr2000v5_firmware
< 1.0.0.76
netgear/xr450_firmware
< 2.3.2.114
netgear/xr500_firmware
< 2.3.2.114
Published
Mar 23, 2021
Tracked Since
Feb 18, 2026