CVE-2021-45535

HIGH

NETGEAR RAX200/RAX80/RAX75 <1.0.3.106 & RBK752/RBR750/RBS750/RBK852/RBR850/RBS850 <3.2.16.6 Auth Command Injection

Title source: llm
STIX 2.1

Description

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RAX200 before 1.0.3.106, RAX80 before 1.0.3.106, RAX75 before 1.0.3.106, RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6.

References (1)

Core 1

Scores

CVSS v3 8.4
EPSS 0.0027
EPSS Percentile 51.0%
Attack Vector ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Details

CWE
CWE-77
Status published
Products (9)
netgear/rax200_firmware < 1.0.3.106
netgear/rax75_firmware < 1.0.3.106
netgear/rax80_firmware < 1.0.3.106
netgear/rbk752
netgear/rbk852_firmware < 3.2.16.6
netgear/rbr750_firmware < 3.2.16.6
netgear/rbr850_firmware < 3.2.16.6
netgear/rbs750_firmware < 3.2.16.6
netgear/rbs850_firmware < 3.2.16.6
Published Dec 26, 2021
Tracked Since Feb 18, 2026