CVE-2021-45658 — HIGH (7.1)

Q: How severe is CVE-2021-45658?

CVE-2021-45658 has been rated HIGH with a CVSS base score of 7.1/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2021-45658?

Check the references section above for vendor advisories and patch information. Affected products include: Netgear D7800 Firmware, Netgear D7800, Netgear Dm200 Firmware, Netgear Dm200, Netgear Ex2700 Firmware.

Vulnerability Description

Certain NETGEAR devices are affected by server-side injection. This affects D7800 before 1.0.1.58, DM200 before 1.0.0.66, EX2700 before 1.0.1.56, EX6150v2 before 1.0.1.86, EX6100v2 before 1.0.1.86, EX6200v2 before 1.0.1.78, EX6250 before 1.0.0.110, EX6410 before 1.0.0.110, EX6420 before 1.0.0.110, EX6400v2 before 1.0.0.110, EX7300 before 1.0.2.144, EX6400 before 1.0.2.144, EX7320 before 1.0.0.110, EX7300v2 before 1.0.0.110, R7500v2 before 1.0.3.48, R7800 before 1.0.2.68, R8900 before 1.0.5.2, R9000 before 1.0.5.2, RAX120 before 1.0.1.90, RBK40 before 2.5.1.16, RBK20 before 2.5.1.16, RBR20 before 2.5.1.16, RBS20 before 2.5.1.16, RBK50 before 2.5.1.16, RBR50 before 2.5.1.16, RBS50 before 2.5.1.16, RBS50Y before 2.6.1.40, WN3000RPv2 before 1.0.0.78, WN3000RPv3 before 1.0.2.80, WNR2000v5 before 1.0.0.72, XR500 before 2.3.2.56, and XR700 before 1.0.1.20.

CVSS Score

7.1

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Netgear	D7800 Firmware	< 1.0.1.58
Netgear	D7800	-
Netgear	Dm200 Firmware	< 1.0.0.66
Netgear	Dm200	-
Netgear	Ex2700 Firmware	< 1.0.1.56
Netgear	Ex2700	-
Netgear	Ex6150V2 Firmware	< 1.0.1.86
Netgear	Ex6150V2	-
Netgear	Ex6100V2 Firmware	< 1.0.1.86
Netgear	Ex6100V2	-
Netgear	Ex6200V2 Firmware	< 1.0.1.78
Netgear	Ex6200V2	-
Netgear	Ex6250 Firmware	< 1.0.0.110
Netgear	Ex6250	-
Netgear	Ex6410 Firmware	< 1.0.0.110
Netgear	Ex6410	-
Netgear	Ex6420 Firmware	< 1.0.0.110
Netgear	Ex6420	-
Netgear	Ex6400V2 Firmware	< 1.0.0.110
Netgear	Ex6400V2	-

Related Weaknesses (CWE)

CWE-74

References

https://kb.netgear.com/000064062/Security-Advisory-for-Server-Side-Injection-on-PatchVendor Advisory
https://kb.netgear.com/000064062/Security-Advisory-for-Server-Side-Injection-on-PatchVendor Advisory

FAQ

What is CVE-2021-45658?

CVE-2021-45658 is a vulnerability with a CVSS score of 7.1 (HIGH). Certain NETGEAR devices are affected by server-side injection. This affects D7800 before 1.0.1.58, DM200 before 1.0.0.66, EX2700 before 1.0.1.56, EX6150v2 before 1.0.1.86, EX6100v2 before 1.0.1.86, EX...

How severe is CVE-2021-45658?

CVE-2021-45658 has been rated HIGH with a CVSS base score of 7.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-45658?

Check the references section above for vendor advisories and patch information. Affected products include: Netgear D7800 Firmware, Netgear D7800, Netgear Dm200 Firmware, Netgear Dm200, Netgear Ex2700 Firmware.