CVE-2021-45615 — CRITICAL (9.6)

Q: How severe is CVE-2021-45615?

CVE-2021-45615 has been rated CRITICAL with a CVSS base score of 9.6/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2021-45615?

Check the references section above for vendor advisories and patch information. Affected products include: Netgear Cbr40 Firmware, Netgear Cbr40, Netgear Cbr750 Firmware, Netgear Cbr750, Netgear R7900P Firmware.

Vulnerability Description

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR40 before 2.5.0.24, CBR750 before 4.6.3.6, R7900P before 1.4.2.84, R7960P before 1.4.2.84, R8000P before 1.4.2.84, R8300 before 1.0.2.154, R8500 before 1.0.2.154, RBK752 before 3.2.17.12, RBR750 before 3.2.17.12, RBS750 before 3.2.17.12, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12.

CVSS Score

9.6

CRITICAL

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Netgear	Cbr40 Firmware	< 2.5.0.24
Netgear	Cbr40	-
Netgear	Cbr750 Firmware	< 4.6.3.6
Netgear	Cbr750	-
Netgear	R7900P Firmware	< 1.4.2.84
Netgear	R7900P	-
Netgear	R7960P Firmware	< 1.4.2.84
Netgear	R7960P	-
Netgear	R8000P Firmware	< 1.4.2.84
Netgear	R8000P	-
Netgear	R8300 Firmware	< 1.0.2.154
Netgear	R8300	-
Netgear	R8500 Firmware	< 1.0.2.154
Netgear	R8500	-
Netgear	Rbk752 Firmware	< 3.2.17.12
Netgear	Rbk752	-
Netgear	Rbk852 Firmware	< 3.2.17.12
Netgear	Rbk852	-
Netgear	Rbr750 Firmware	< 3.2.17.12
Netgear	Rbr750	-

Related Weaknesses (CWE)

CWE-77

References

https://kb.netgear.com/000064514/Security-Advisory-for-Pre-Authentication-CommanVendor Advisory
https://kb.netgear.com/000064514/Security-Advisory-for-Pre-Authentication-CommanVendor Advisory

FAQ

What is CVE-2021-45615?

CVE-2021-45615 is a vulnerability with a CVSS score of 9.6 (CRITICAL). Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR40 before 2.5.0.24, CBR750 before 4.6.3.6, R7900P before 1.4.2.84, R7960P before 1.4.2.84, R80...

How severe is CVE-2021-45615?

CVE-2021-45615 has been rated CRITICAL with a CVSS base score of 9.6/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2021-45615?

Check the references section above for vendor advisories and patch information. Affected products include: Netgear Cbr40 Firmware, Netgear Cbr40, Netgear Cbr750 Firmware, Netgear Cbr750, Netgear R7900P Firmware.