1. Home
  2. CVE Database
  3. CVE-2021-45625
CRITICAL · 9.6

CVE-2021-45625

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects XR300 before 1.0.3.68, R7000P before 1.3.3.140, and R6900P before 1.3.3.140.

Vulnerability Description

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects XR300 before 1.0.3.68, R7000P before 1.3.3.140, and R6900P before 1.3.3.140.

CVSS Score

9.6

CRITICAL

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
NetgearXr300 Firmware< 1.0.3.68
NetgearXr300-
NetgearR7000P Firmware< 1.3.3.140
NetgearR7000P-
NetgearR6900P Firmware< 1.3.3.140
NetgearR6900P-

Related Weaknesses (CWE)

CWE-77

References

FAQ

What is CVE-2021-45625?

CVE-2021-45625 is a vulnerability with a CVSS score of 9.6 (CRITICAL). Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects XR300 before 1.0.3.68, R7000P before 1.3.3.140, and R6900P before 1.3.3.140.

How severe is CVE-2021-45625?

CVE-2021-45625 has been rated CRITICAL with a CVSS base score of 9.6/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2021-45625?

Check the references section above for vendor advisories and patch information. Affected products include: Netgear Xr300 Firmware, Netgear Xr300, Netgear R7000P Firmware, Netgear R7000P, Netgear R6900P Firmware.