CVE-2021-45556 — HIGH (7.5)

Q: How severe is CVE-2021-45556?

CVE-2021-45556 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2021-45556?

Check the references section above for vendor advisories and patch information. Affected products include: Netgear Gs108Tv2 Firmware, Netgear Gs108Tv2, Netgear Gs110Tpp Firmware, Netgear Gs110Tpp, Netgear Gs110Tpv2 Firmware.

Vulnerability Description

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects GS108Tv2 before 5.4.2.36, GS110TPP before 7.0.7.2, GS110TPv2 before 5.4.2.36., GS110TPv3 before 7.0.7.2, GS308T before 1.0.3.2, GS310TP before 1.0.3.2, GS724TPP before 2.0.6.3, GS724TPv2 before 2.0.6.3, GS728TPPv2 before 6.0.8.2, GS728TPv2 before 6.0.8.2, GS752TPP before 6.0.8.2, GS752TPv2 before 6.0.8.2, MS510TXM before 1.0.4.2, and MS510TXUP before 1.0.4.2.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:L/I:H/A:H

Attack Vector

ADJACENT_NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality

LOW

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Netgear	Gs108Tv2 Firmware	< 5.4.2.36
Netgear	Gs108Tv2	-
Netgear	Gs110Tpp Firmware	< 7.0.7.2
Netgear	Gs110Tpp	-
Netgear	Gs110Tpv2 Firmware	< 5.4.2.36
Netgear	Gs110Tpv2	-
Netgear	Gs308T Firmware	< 1.0.3.2
Netgear	Gs308T	-
Netgear	Gs110Tpv3 Firmware	< 7.0.7.2
Netgear	Gs110Tpv3	-
Netgear	Gs310Tp Firmware	< 1.0.3.2
Netgear	Gs310Tp	-
Netgear	Gs724Tpp Firmware	< 2.0.6.3
Netgear	Gs724Tpp	-
Netgear	Gs724Tpv2 Firmware	< 2.0.6.3
Netgear	Gs724Tpv2	-
Netgear	Gs728Tppv2 Firmware	< 6.0.8.2
Netgear	Gs728Tppv2	-
Netgear	Gs728Tpv2 Firmware	< 6.0.8.2
Netgear	Gs728Tpv2	-

Related Weaknesses (CWE)

CWE-77

References

https://kb.netgear.com/000064534/Security-Advisory-for-Post-Authentication-CommaPatchVendor Advisory
https://kb.netgear.com/000064534/Security-Advisory-for-Post-Authentication-CommaPatchVendor Advisory

FAQ

What is CVE-2021-45556?

CVE-2021-45556 is a vulnerability with a CVSS score of 7.5 (HIGH). Certain NETGEAR devices are affected by command injection by an authenticated user. This affects GS108Tv2 before 5.4.2.36, GS110TPP before 7.0.7.2, GS110TPv2 before 5.4.2.36., GS110TPv3 before 7.0.7.2...

How severe is CVE-2021-45556?

CVE-2021-45556 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-45556?

Check the references section above for vendor advisories and patch information. Affected products include: Netgear Gs108Tv2 Firmware, Netgear Gs108Tv2, Netgear Gs110Tpp Firmware, Netgear Gs110Tpp, Netgear Gs110Tpv2 Firmware.