CVE-2021-45595 — HIGH (7.6)

Q: How severe is CVE-2021-45595?

CVE-2021-45595 has been rated HIGH with a CVSS base score of 7.6/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2021-45595?

Check the references section above for vendor advisories and patch information. Affected products include: Netgear Lbr20 Firmware, Netgear Lbr20, Netgear Rbs50Y Firmware, Netgear Rbs50Y, Netgear Rbr10 Firmware.

Vulnerability Description

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects LBR20 before 2.6.3.50, RBS50Y before 2.7.3.22, RBR10 before 2.7.3.22, RBR20 before 2.7.3.22, RBR40 before 2.7.3.22, RBR50 before 2.7.3.22, RBS10 before 2.7.3.22, RBS20 before 2.7.3.22, RBS40 before 2.7.3.22, RBS50 before 2.7.3.22, RBK12 before 2.7.3.22, RBK20 before 2.7.3.22, RBK40 before 2.7.3.22, and RBK50 before 2.7.3.22.

CVSS Score

7.6

HIGH

CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

Attack Vector

ADJACENT_NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Netgear	Lbr20 Firmware	< 2.6.3.50
Netgear	Lbr20	-
Netgear	Rbs50Y Firmware	< 2.7.3.22
Netgear	Rbs50Y	-
Netgear	Rbr10 Firmware	< 2.7.3.22
Netgear	Rbr10	-
Netgear	Rbr20 Firmware	< 2.7.3.22
Netgear	Rbr20	-
Netgear	Rbr40 Firmware	< 2.7.3.22
Netgear	Rbr40	-
Netgear	Rbr50 Firmware	< 2.7.3.22
Netgear	Rbr50	-
Netgear	Rbs10 Firmware	< 2.7.3.22
Netgear	Rbs10	-
Netgear	Rbs20 Firmware	< 2.7.3.22
Netgear	Rbs20	-
Netgear	Rbs40 Firmware	< 2.7.3.22
Netgear	Rbs40	-
Netgear	Rbs50 Firmware	< 2.7.3.22
Netgear	Rbs50	-

Related Weaknesses (CWE)

CWE-77

References

https://kb.netgear.com/000064495/Security-Advisory-for-Post-Authentication-CommaVendor Advisory
https://kb.netgear.com/000064495/Security-Advisory-for-Post-Authentication-CommaVendor Advisory

FAQ

What is CVE-2021-45595?

CVE-2021-45595 is a vulnerability with a CVSS score of 7.6 (HIGH). Certain NETGEAR devices are affected by command injection by an authenticated user. This affects LBR20 before 2.6.3.50, RBS50Y before 2.7.3.22, RBR10 before 2.7.3.22, RBR20 before 2.7.3.22, RBR40 befo...

How severe is CVE-2021-45595?

CVE-2021-45595 has been rated HIGH with a CVSS base score of 7.6/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-45595?

Check the references section above for vendor advisories and patch information. Affected products include: Netgear Lbr20 Firmware, Netgear Lbr20, Netgear Rbs50Y Firmware, Netgear Rbs50Y, Netgear Rbr10 Firmware.