1. Home
  2. CVE Database
  3. CVE-2021-45613
CRITICAL · 9.6

CVE-2021-45613

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR40 before 2.5.0.24, CBR750 before 4.6.3.6, D7000v2 before 1.0.0.74, LAX20 before 1.1.6.28, MK6...

Vulnerability Description

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR40 before 2.5.0.24, CBR750 before 4.6.3.6, D7000v2 before 1.0.0.74, LAX20 before 1.1.6.28, MK62 before 1.0.6.116, MR60 before 1.0.6.116, MS60 before 1.0.6.116, MR80 before 1.1.2.20, MS80 before 1.1.2.20, RAX15 before 1.0.3.96, RAX20 before 1.0.3.96, RAX200 before 1.0.4.120, RAX45 before 1.0.3.96, RAX50 before 1.0.3.96, RAX43 before 1.0.3.96, RAX40v2 before 1.0.3.96, RAX35v2 before 1.0.3.96, RAX75 before 1.0.4.120, RAX80 before 1.0.4.120, RBK752 before 3.2.17.12, RBR750 before 3.2.17.12, RBS750 before 3.2.17.12, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, RBS850 before 3.2.17.12, and XR1000 before 1.0.0.58.

CVSS Score

9.6

CRITICAL

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
NetgearCbr40 Firmware< 2.5.0.24
NetgearCbr40-
NetgearCbr750 Firmware< 4.6.3.6
NetgearCbr750-
NetgearD7000V2 Firmware< 1.0.0.74
NetgearD7000V2-
NetgearLax20 Firmware< 1.1.6.28
NetgearLax20-
NetgearMk62 Firmware< 1.0.6.116
NetgearMk62-
NetgearMr60 Firmware< 1.0.6.116
NetgearMr60-
NetgearMs60 Firmware< 1.0.6.116
NetgearMs60-
NetgearRax15 Firmware< 1.0.3.96
NetgearRax15-
NetgearRax20 Firmware< 1.0.3.96
NetgearRax20-
NetgearRax200 Firmware< 1.0.4.120
NetgearRax200-

Related Weaknesses (CWE)

CWE-77

References

FAQ

What is CVE-2021-45613?

CVE-2021-45613 is a vulnerability with a CVSS score of 9.6 (CRITICAL). Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR40 before 2.5.0.24, CBR750 before 4.6.3.6, D7000v2 before 1.0.0.74, LAX20 before 1.1.6.28, MK6...

How severe is CVE-2021-45613?

CVE-2021-45613 has been rated CRITICAL with a CVSS base score of 9.6/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2021-45613?

Check the references section above for vendor advisories and patch information. Affected products include: Netgear Cbr40 Firmware, Netgear Cbr40, Netgear Cbr750 Firmware, Netgear Cbr750, Netgear D7000V2 Firmware.