1. Home
  2. CVE Database
  3. CVE-2021-29069
HIGH · 7.3

CVE-2021-29069

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects XR450 before 2.3.2.114, XR500 before 2.3.2.114, and WNR2000v5 before 1.0.0.76.

Vulnerability Description

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects XR450 before 2.3.2.114, XR500 before 2.3.2.114, and WNR2000v5 before 1.0.0.76.

CVSS Score

7.3

HIGH

CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H
Attack Vector
ADJACENT_NETWORK
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
NetgearXr450 Firmware< 2.3.2.114
NetgearXr450-
NetgearXr500 Firmware< 2.3.2.114
NetgearXr500-
NetgearWnr2000V5 Firmware< 1.0.0.76
NetgearWnr2000V5-

Related Weaknesses (CWE)

CWE-77

References

FAQ

What is CVE-2021-29069?

CVE-2021-29069 is a vulnerability with a CVSS score of 7.3 (HIGH). Certain NETGEAR devices are affected by command injection by an authenticated user. This affects XR450 before 2.3.2.114, XR500 before 2.3.2.114, and WNR2000v5 before 1.0.0.76.

How severe is CVE-2021-29069?

CVE-2021-29069 has been rated HIGH with a CVSS base score of 7.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-29069?

Check the references section above for vendor advisories and patch information. Affected products include: Netgear Xr450 Firmware, Netgear Xr450, Netgear Xr500 Firmware, Netgear Xr500, Netgear Wnr2000V5 Firmware.