CVE-2021-38521
MEDIUMNETGEAR R6400/R7900P/R8000P/RAX75/RAX80 Firmware - Authenticated Command Injection
Title source: llmDescription
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects R6400 before 1.0.1.50, R7900P before 1.4.1.50, R8000P before 1.4.1.50, RAX75 before 1.0.1.62, and RAX80 before 1.0.1.62.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://kb.netgear.com/000063764/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Routers-PSV-2018-0566
Scores
CVSS v3
6.1
EPSS
0.0038
EPSS Percentile
59.7%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:L
Details
CWE
CWE-77
Status
published
Products (5)
netgear/r6400_firmware
< 1.0.1.50
netgear/r7900p_firmware
< 1.4.1.50
netgear/r8000p_firmware
< 1.4.1.50
netgear/rax75_firmware
< 1.0.1.62
netgear/rax80_firmware
< 1.0.1.62
Published
Aug 11, 2021
Tracked Since
Feb 18, 2026