CVE-2021-45625

CRITICAL

NETGEAR XR300/R7000P/R6900P Firmware - Unauthenticated Command Injection

Title source: llm

Description

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects XR300 before 1.0.3.68, R7000P before 1.3.3.140, and R6900P before 1.3.3.140.

References (1)

Core 1

Core References

Patch, Vendor Advisory x_refsource_misc

https://kb.netgear.com/000064489/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-Routers-PSV-2020-0371

Scores

CVSS v3 9.6

EPSS 0.0119

EPSS Percentile 79.1%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Details

CWE

CWE-77

Status published

Products (3)

netgear/r6900p_firmware < 1.3.3.140

netgear/r7000p_firmware < 1.3.3.140

netgear/xr300_firmware < 1.0.3.68

Published Dec 26, 2021

Tracked Since Feb 18, 2026