CVE-2021-45538

HIGH

NETGEAR RAX75/RAX80/RBK752/RBR750/RBS750/RBK852/RBR850/RBS850 - Authenticated Command Injection

Title source: llm
STIX 2.1

Description

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RAX75 before 1.0.3.106, RAX80 before 1.0.3.106, RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6.

References (1)

Core 1

Scores

CVSS v3 8.4
EPSS 0.0046
EPSS Percentile 64.2%
Attack Vector ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Details

CWE
CWE-77
Status published
Products (8)
netgear/rax75_firmware < 1.0.3.106
netgear/rax80_firmware < 1.0.3.106
netgear/rbk752_firmware < 3.2.16.6
netgear/rbk852_firmware < 3.2.16.6
netgear/rbr750_firmware < 3.2.16.6
netgear/rbr850_firmware < 3.2.16.6
netgear/rbs750_firmware < 3.2.16.6
netgear/rbs850_firmware < 3.2.16.6
Published Dec 26, 2021
Tracked Since Feb 18, 2026