CVE-2021-45548

MEDIUM

NETGEAR Multiple Devices - Authenticated Command Injection

Title source: llm
STIX 2.1

Description

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D7800 before 1.0.1.60, DM200 before 1.0.0.66, EX2700 before 1.0.1.56, EX6150v2 before 1.0.1.86, EX6200v2 before 1.0.1.86, EX6250 before 1.0.0.128, EX6400 before 1.0.2.144, EX6400v2 before 1.0.0.128, EX6410 before 1.0.0.128, EX6420 before 1.0.0.128, EX7300 before 1.0.2.144, EX7300v2 before 1.0.0.128, EX7320 before 1.0.0.128, R7500v2 before 1.0.3.46, R7800 before 1.0.2.74, R8900 before 1.0.5.26, R9000 before 1.0.5.2, RAX120 before 1.0.1.128, WN3000RPv2 before 1.0.0.78, WN3000RPv3 before 1.0.2.80, WNR2000v5 before 1.0.0.74, XR500 before 2.3.2.66, RBK20 before 2.7.3.22, RBR20 before 2.7.3.22, RBS20 before 2.7.3.22, RBK40 before 2.7.3.22, RBR40 before 2.7.3.22, and RBS40 before 2.7.3.22.

References (1)

Core 1

Scores

CVSS v3 6.3
EPSS 0.0082
EPSS Percentile 74.6%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L

Details

CWE
CWE-77
Status published
Products (28)
netgear/d7800_firmware < 1.0.1.60
netgear/dm200_firmware < 1.0.0.66
netgear/ex2700_firmware < 1.0.1.56
netgear/ex6150v2_firmware < 1.0.1.86
netgear/ex6200v2_firmware < 1.0.1.86
netgear/ex6250_firmware < 1.0.0.128
netgear/ex6400_firmware < 1.0.2.144
netgear/ex6400v2_firmware < 1.0.0.128
netgear/ex6410_firmware < 1.0.0.128
netgear/ex6420_firmware < 1.0.0.128
... and 18 more
Published Dec 26, 2021
Tracked Since Feb 18, 2026