CVE-2021-38520
MEDIUMNETGEAR R6400/R6700/R6900/R7000P Firmware - Authenticated Command Injection
Title source: llmDescription
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects R6400 before 1.0.1.52, R6400v2 before 1.0.4.84, R6700v3 before 1.0.4.84, R6700v2 before 1.2.0.62, R6900v2 before 1.2.0.62, and R7000P before 1.3.2.124.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://kb.netgear.com/000063763/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Routers-PSV-2018-0565
Scores
CVSS v3
6.6
EPSS
0.0030
EPSS Percentile
53.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-77
Status
published
Products (4)
netgear/r6400_firmware
< 1.0.1.52
netgear/r6700_firmware
< 1.2.0.62
netgear/r6900_firmware
< 1.2.0.62
netgear/r7000p_firmware
< 1.3.2.124
Published
Aug 11, 2021
Tracked Since
Feb 18, 2026