CVE-2021-45623

HIGH

NETGEAR R7800/R9000/XR500 Firmware - Unauthenticated Command Injection

Title source: llm

Description

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects R7800 before 1.0.2.74, R9000 before 1.0.5.2, and XR500 before 2.3.2.66.

References (1)

Core 1

Core References

Patch, Vendor Advisory x_refsource_misc

https://kb.netgear.com/000064449/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-Routers-PSV-2019-0203

Scores

CVSS v3 8.3

EPSS 0.0161

EPSS Percentile 82.0%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L

Details

CWE

CWE-77

Status published

Products (3)

netgear/r7800_firmware < 1.0.2.74

netgear/r9000_firmware < 1.0.5.2

netgear/xr500_firmware < 2.3.2.66

Published Dec 26, 2021

Tracked Since Feb 18, 2026