CVE-2021-45557

HIGH

NETGEAR Switches - Authenticated OS Command Injection

Title source: llm

Description

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects GC108P before 1.0.8.2, GC108PP before 1.0.8.2, GS108Tv3 before 7.0.7.2, GS110TPv3 before 7.0.7.2, GS110TPP before 7.0.7.2, GS110TUP before 1.0.5.3, GS710TUP before 1.0.5.3, GS308T before 1.0.3.2, GS310TP before 1.0.3.2, GS710TUP before 1.0.5.3, GS716TP before 1.0.4.2, GS716TPP before 1.0.4.2, GS724TPP before 2.0.6.3, GS724TPv2 before 2.0.6.3, GS724TPP before 2.0.6.3, GS728TPPv2 before 6.0.8.2, GS728TPv2 before 6.0.8.2, GS752TPv2 before 6.0.8.2, GS752TPP before 6.0.8.2, GS750E before 1.0.1.10, MS510TXM before 1.0.4.2, and MS510TXUP before 1.0.4.2.

References (1)

Core 1

Core References

Patch, Vendor Advisory x_refsource_misc

https://kb.netgear.com/000064164/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Switches-PSV-2021-0167

Scores

CVSS v3 7.5

EPSS 0.0051

EPSS Percentile 66.8%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:L/I:H/A:H

Details

CWE

CWE-77

Status published

Products (20)

netgear/gc108p_firmware < 1.0.8.2

netgear/gc108pp_firmware < 1.0.8.2

netgear/gs108tv3_firmware < 7.0.7.2

netgear/gs110tpp_firmware < 7.0.7.2

netgear/gs110tpv3_firmware < 7.0.7.2

netgear/gs110tup_firmware < 1.0.5.3

netgear/gs308t_firmware < 1.0.3.2

netgear/gs310tp_firmware < 1.0.3.2

netgear/gs710tup_firmware < 1.0.5.3

netgear/gs716tp_firmware < 1.0.4.2

... and 10 more

Published Dec 26, 2021

Tracked Since Feb 18, 2026