CVE-2021-38529

HIGH

NETGEAR D7800/R7800/R8900/R9000 - Unauthenticated Command Injection

Title source: llm

Description

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects D7800 before 1.0.1.56, R7800 before 1.0.2.68, R8900 before 1.0.4.26, and R9000 before 1.0.4.26.

References (1)

Core 1

Core References

Vendor Advisory x_refsource_misc

https://kb.netgear.com/000063765/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-Routers-and-Gateways-PSV-2018-0616

Scores

CVSS v3 8.3

EPSS 0.0187

EPSS Percentile 83.3%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L

Details

CWE

CWE-77

Status published

Products (4)

netgear/d7800_firmware < 1.0.1.56

netgear/r7800_firmware < 1.0.2.68

netgear/r8900_firmware < 1.0.4.26

netgear/r9000_firmware < 1.0.4.26

Published Aug 11, 2021

Tracked Since Feb 18, 2026