Skip to main content

Ac2100 Firmware CVE-2021-45534

HIGH
Command Injection (CWE-77)
2021-12-26 cve@mitre.org
7.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.8 HIGH
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Dec 26, 2021 - 01:15 nvd
HIGH 7.8

DescriptionNVD

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects AC2100 before 1.2.0.88, AC2400 before 1.2.0.88, AC2600 before 1.2.0.88, D7000 before 1.0.1.82, R6220 before 1.1.0.110, R6230 before 1.1.0.110, R6260 before 1.1.0.84, R6330 before 1.1.0.84, R6350 before 1.1.0.84, R6700v2 before 1.2.0.88, R6800 before 1.2.0.88, R6850 before 1.1.0.84, R6900v2 before 1.2.0.88, R7200 before 1.2.0.88, R7350 before 1.2.0.88, R7400 before 1.2.0.88, and R7450 before 1.2.0.88.

AnalysisAI

Certain NETGEAR devices are affected by command injection by an authenticated user. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Technical ContextAI

This vulnerability is classified as Command Injection (CWE-77), which allows attackers to inject arbitrary commands into system command execution. Certain NETGEAR devices are affected by command injection by an authenticated user. This affects AC2100 before 1.2.0.88, AC2400 before 1.2.0.88, AC2600 before 1.2.0.88, D7000 before 1.0.1.82, R6220 before 1.1.0.110, R6230 before 1.1.0.110, R6260 before 1.1.0.84, R6330 before 1.1.0.84, R6350 before 1.1.0.84, R6700v2 before 1.2.0.88, R6800 before 1.2.0.88, R6850 before 1.1.0.84, R6900v2 before 1.2.0.88, R7200 before 1.2.0.88, R7350 before 1.2.0.88, R7400 before 1.2.0.88, and R7450 before 1.2.0.88. Affected products include: Netgear Ac2100 Firmware, Netgear Ac2400 Firmware, Netgear Ac2600 Firmware, Netgear D7000 Firmware, Netgear R6220 Firmware. Version information: before 1.2.0.88.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Use parameterized APIs, avoid shell execution, validate input with strict allowlists.

CVE-2021-45511 CRITICAL POC
9.8 Dec 26

Certain NETGEAR devices are affected by authentication bypass. Rated critical severity (CVSS 9.8), this vulnerability is

CVE-2021-45644 CRITICAL
9.8 Dec 26

Certain NETGEAR devices are affected by incorrect configuration of security settings. Rated critical severity (CVSS 9.8)

CVE-2021-45637 CRITICAL
9.8 Dec 26

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. Rated critical sev

CVE-2021-38516 CRITICAL
9.8 Aug 11

Certain NETGEAR devices are affected by lack of access control at the function level. Rated critical severity (CVSS 9.8)

CVE-2020-35795 CRITICAL
9.8 Dec 30

Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. Rated critical severity (CVSS

CVE-2020-26927 CRITICAL
9.8 Oct 09

Certain NETGEAR devices are affected by authentication bypass. Rated critical severity (CVSS 9.8), this vulnerability is

CVE-2020-35800 CRITICAL
9.4 Dec 30

Certain NETGEAR devices are affected by incorrect configuration of security settings. Rated critical severity (CVSS 9.4)

CVE-2021-45573 HIGH
8.8 Dec 26

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. Rated high severit

CVE-2021-45551 HIGH
8.8 Dec 26

Certain NETGEAR devices are affected by command injection by an authenticated user. Rated high severity (CVSS 8.8), this

CVE-2021-29068 HIGH
8.8 Mar 23

Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. Rated high severity (CVSS 8.8), this

CVE-2021-45657 HIGH
7.8 Dec 26

Certain NETGEAR devices are affected by server-side injection. Rated high severity (CVSS 7.8), this vulnerability is low

CVE-2021-45656 HIGH
7.8 Dec 26

Certain NETGEAR devices are affected by server-side injection. Rated high severity (CVSS 7.8), this vulnerability is low

Share

CVE-2021-45534 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy