CVE-2021-45556

HIGH

NETGEAR Smart Managed Pro Switches - Authenticated Command Injection

Title source: llm

Description

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects GS108Tv2 before 5.4.2.36, GS110TPP before 7.0.7.2, GS110TPv2 before 5.4.2.36., GS110TPv3 before 7.0.7.2, GS308T before 1.0.3.2, GS310TP before 1.0.3.2, GS724TPP before 2.0.6.3, GS724TPv2 before 2.0.6.3, GS728TPPv2 before 6.0.8.2, GS728TPv2 before 6.0.8.2, GS752TPP before 6.0.8.2, GS752TPv2 before 6.0.8.2, MS510TXM before 1.0.4.2, and MS510TXUP before 1.0.4.2.

References (1)

Core 1

Core References

Patch, Vendor Advisory x_refsource_misc

https://kb.netgear.com/000064534/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Smart-Managed-Pro-Switches-PSV-2021-0175

Scores

CVSS v3 7.5

EPSS 0.0079

EPSS Percentile 74.1%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:L/I:H/A:H

Details

CWE

CWE-77

Status published

Products (14)

netgear/gs108tv2_firmware < 5.4.2.36

netgear/gs110tpp_firmware < 7.0.7.2

netgear/gs110tpv2_firmware < 5.4.2.36

netgear/gs110tpv3_firmware < 7.0.7.2

netgear/gs308t_firmware < 1.0.3.2

netgear/gs310tp_firmware < 1.0.3.2

netgear/gs724tpp_firmware < 2.0.6.3

netgear/gs724tpv2_firmware < 2.0.6.3

netgear/gs728tppv2_firmware < 6.0.8.2

netgear/gs728tpv2_firmware < 6.0.8.2

... and 4 more

Published Dec 26, 2021

Tracked Since Feb 18, 2026