CVE-2021-45536

HIGH

NETGEAR RAX75/RAX80/RBK752/RBR750/RBS750/RBK852/RBR850/RBS850 Firmware - Authenticated Command Injection

Title source: llm
STIX 2.1

Description

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RAX75 before 1.0.3.106, RAX80 before 1.0.3.106, RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6.

References (1)

Core 1

Scores

CVSS v3 8.4
EPSS 0.0019
EPSS Percentile 40.3%
Attack Vector ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Details

CWE
CWE-77
Status published
Products (8)
netgear/rax75_firmware < 1.0.3.106
netgear/rax80_firmware < 1.0.3.106
netgear/rbk752_firmware < 3.2.16.6
netgear/rbk852_firmware < 3.2.16.6
netgear/rbr750_firmware < 3.2.16.6
netgear/rbr850_firmware < 3.2.16.6
netgear/rbs750_firmware < 3.2.16.6
netgear/rbs850_firmware < 3.2.16.6
Published Dec 26, 2021
Tracked Since Feb 18, 2026