CVE-2021-45557

Published: Dic 26, 2021 Last Modified: Nov 21, 2024 EU-VD ID: EUVD-2021-32323 Aliases: GSD-2021-45557
ExploitDB:
Other exploit source:
Google Dorks:
HIGH 7,5
Source: [email protected]
Attack Vector: adjacent_network
Attack Complexity: high
Privileges Required: high
User Interaction: none
Scope: changed
Confidentiality: low
Integrity: high
Availability: high
MEDIUM 6,5
Source: [email protected]
Access Vector: network
Access Complexity: low
Authentication: single
Confidentiality: partial
Integrity: partial
Availability: partial

Description

AI Translation Available

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects GC108P before 1.0.8.2, GC108PP before 1.0.8.2, GS108Tv3 before 7.0.7.2, GS110TPv3 before 7.0.7.2, GS110TPP before 7.0.7.2, GS110TUP before 1.0.5.3, GS710TUP before 1.0.5.3, GS308T before 1.0.3.2, GS310TP before 1.0.3.2, GS710TUP before 1.0.5.3, GS716TP before 1.0.4.2, GS716TPP before 1.0.4.2, GS724TPP before 2.0.6.3, GS724TPv2 before 2.0.6.3, GS724TPP before 2.0.6.3, GS728TPPv2 before 6.0.8.2, GS728TPv2 before 6.0.8.2, GS752TPv2 before 6.0.8.2, GS752TPP before 6.0.8.2, GS750E before 1.0.1.10, MS510TXM before 1.0.4.2, and MS510TXUP before 1.0.4.2.

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score
0,0101
Percentile
0,8th
Updated

EPSS Score Trend (Last 90 Days)

77

Improper Neutralization of Special Elements used in a Command ('Command Injection')

Draft
Abstraction: Class Structure: Simple
Common Consequences
Security Scopes Affected:
Integrity Confidentiality Availability
Potential Impacts:
Execute Unauthorized Code Or Commands
Applicable Platforms
Technologies: AI/ML
Likelihood of Exploit: High
View CWE Details
Operating System

Gs752Tpp Firmware by Netgear

Product Information
Vendor Netgear
Product Gs752Tpp Firmware
Version Range Affected
To 6.0.8.2 (exclusive)
cpe:2.3:o:netgear:gs752tpp_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Gs728Tppv2 Firmware by Netgear

Product Information
Vendor Netgear
Product Gs728Tppv2 Firmware
Version Range Affected
To 6.0.8.2 (exclusive)
cpe:2.3:o:netgear:gs728tppv2_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Gc108P Firmware by Netgear

Product Information
Vendor Netgear
Product Gc108P Firmware
Version Range Affected
To 1.0.8.2 (exclusive)
cpe:2.3:o:netgear:gc108p_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Gs710Tup Firmware by Netgear

Product Information
Vendor Netgear
Product Gs710Tup Firmware
Version Range Affected
To 1.0.5.3 (exclusive)
cpe:2.3:o:netgear:gs710tup_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Gs724Tpv2 Firmware by Netgear

Product Information
Vendor Netgear
Product Gs724Tpv2 Firmware
Version Range Affected
To 2.0.6.3 (exclusive)
cpe:2.3:o:netgear:gs724tpv2_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Gs728Tpv2 Firmware by Netgear

Product Information
Vendor Netgear
Product Gs728Tpv2 Firmware
Version Range Affected
To 6.0.8.2 (exclusive)
cpe:2.3:o:netgear:gs728tpv2_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Gs724Tpp Firmware by Netgear

Product Information
Vendor Netgear
Product Gs724Tpp Firmware
Version Range Affected
To 2.0.6.3 (exclusive)
cpe:2.3:o:netgear:gs724tpp_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Gs716Tpp Firmware by Netgear

Product Information
Vendor Netgear
Product Gs716Tpp Firmware
Version Range Affected
To 1.0.4.2 (exclusive)
cpe:2.3:o:netgear:gs716tpp_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Gc108Pp Firmware by Netgear

Product Information
Vendor Netgear
Product Gc108Pp Firmware
Version Range Affected
To 1.0.8.2 (exclusive)
cpe:2.3:o:netgear:gc108pp_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Gs310Tp Firmware by Netgear

Product Information
Vendor Netgear
Product Gs310Tp Firmware
Version Range Affected
To 1.0.3.2 (exclusive)
cpe:2.3:o:netgear:gs310tp_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Gs110Tpv3 Firmware by Netgear

Product Information
Vendor Netgear
Product Gs110Tpv3 Firmware
Version Range Affected
To 7.0.7.2 (exclusive)
cpe:2.3:o:netgear:gs110tpv3_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Ms510Txm Firmware by Netgear

Product Information
Vendor Netgear
Product Ms510Txm Firmware
Version Range Affected
To 1.0.4.2 (exclusive)
cpe:2.3:o:netgear:ms510txm_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Gs108Tv3 Firmware by Netgear

Product Information
Vendor Netgear
Product Gs108Tv3 Firmware
Version Range Affected
To 7.0.7.2 (exclusive)
cpe:2.3:o:netgear:gs108tv3_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Gs110Tpp Firmware by Netgear

Product Information
Vendor Netgear
Product Gs110Tpp Firmware
Version Range Affected
To 7.0.7.2 (exclusive)
cpe:2.3:o:netgear:gs110tpp_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Gs752Tpv2 Firmware by Netgear

Product Information
Vendor Netgear
Product Gs752Tpv2 Firmware
Version Range Affected
To 6.0.8.2 (exclusive)
cpe:2.3:o:netgear:gs752tpv2_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Gs110Tup Firmware by Netgear

Product Information
Vendor Netgear
Product Gs110Tup Firmware
Version Range Affected
To 1.0.5.3 (exclusive)
cpe:2.3:o:netgear:gs110tup_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Ms510Txup Firmware by Netgear

Product Information
Vendor Netgear
Product Ms510Txup Firmware
Version Range Affected
To 1.0.4.2 (exclusive)
cpe:2.3:o:netgear:ms510txup_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Gs716Tp Firmware by Netgear

Product Information
Vendor Netgear
Product Gs716Tp Firmware
Version Range Affected
To 1.0.4.2 (exclusive)
cpe:2.3:o:netgear:gs716tp_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Gs750E Firmware by Netgear

Product Information
Vendor Netgear
Product Gs750E Firmware
Version Range Affected
To 1.0.1.10 (exclusive)
cpe:2.3:o:netgear:gs750e_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Gs308T Firmware by Netgear

Product Information
Vendor Netgear
Product Gs308T Firmware
Version Range Affected
To 1.0.3.2 (exclusive)
cpe:2.3:o:netgear:gs308t_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://kb.netgear.com/000064164/Security-Advisory-for-Post…
Patch Vendor Advisory
https://kb.netgear.com/000064164/Security-Advisory-for-Post-Authentication-Comm…
https://kb.netgear.com/000064164/Security-Advisory-for-Post…
Patch Vendor Advisory
https://kb.netgear.com/000064164/Security-Advisory-for-Post-Authentication-Comm…