CVE-2021-45553

HIGH

NETGEAR R7000/R6900P/R7000P Firmware < 1.0.11.126/1.3.2.126 - Authenticated Command Injection

Title source: llm

Description

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects R7000 before 1.0.11.126, R6900P before 1.3.2.126, and R7000P before 1.3.2.126.

References (1)

Core 1

Core References

Patch, Vendor Advisory x_refsource_misc

https://kb.netgear.com/000064074/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Routers-PSV-2019-0225

Scores

CVSS v3 8.7

EPSS 0.0116

EPSS Percentile 78.8%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L

Details

CWE

CWE-77

Status published

Products (3)

netgear/r6900p_firmware < 1.3.2.126

netgear/r7000_firmware < 1.0.11.126

netgear/r7000p_firmware < 1.3.2.126

Published Dec 26, 2021

Tracked Since Feb 18, 2026