1. Home
  2. CVE Database
  3. CVE-2021-38528
CRITICAL · 9.6

CVE-2021-38528

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects D8500 before 1.0.3.58, R6900P before 1.3.2.132, R7000P before 1.3.2.132, R7100LG before 1.0.0.64,...

Vulnerability Description

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects D8500 before 1.0.3.58, R6900P before 1.3.2.132, R7000P before 1.3.2.132, R7100LG before 1.0.0.64, WNDR3400v3 before 1.0.1.38, and XR300 before 1.0.3.56.

CVSS Score

9.6

CRITICAL

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
NetgearD8500 Firmware< 1.0.3.58
NetgearD8500-
NetgearR6900P Firmware< 1.3.2.132
NetgearR6900P-
NetgearR7000P Firmware< 1.3.2.132
NetgearR7000P-
NetgearR7100Lg Firmware< 1.0.0.64
NetgearR7100Lg-
NetgearWndr3400 Firmware< 1.0.1.38
NetgearWndr3400v3
NetgearXr300 Firmware< 1.0.3.56
NetgearXr300-

Related Weaknesses (CWE)

CWE-77

References

FAQ

What is CVE-2021-38528?

CVE-2021-38528 is a vulnerability with a CVSS score of 9.6 (CRITICAL). Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects D8500 before 1.0.3.58, R6900P before 1.3.2.132, R7000P before 1.3.2.132, R7100LG before 1.0.0.64,...

How severe is CVE-2021-38528?

CVE-2021-38528 has been rated CRITICAL with a CVSS base score of 9.6/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2021-38528?

Check the references section above for vendor advisories and patch information. Affected products include: Netgear D8500 Firmware, Netgear D8500, Netgear R6900P Firmware, Netgear R6900P, Netgear R7000P Firmware.