{ "id": "CVE-2021-38528", "sourceIdentifier": "cve@mitre.org", "published": "2021-08-11T00:16:23.717", "lastModified": "2024-11-21T06:17:20.823", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects D8500 before 1.0.3.58, R6900P before 1.3.2.132, R7000P before 1.3.2.132, R7100LG before 1.0.0.64, WNDR3400v3 before 1.0.1.38, and XR300 before 1.0.3.56." }, { "lang": "es", "value": "Determinados dispositivos NETGEAR est\u00e1n afectados por una inyecci\u00f3n de comandos por un atacante no autenticado. Esto afecta a D8500 versiones anteriores a 1.0.3.58, R6900P versiones anteriores a 1.3.2.132, R7000P versiones anteriores a 1.3.2.132, R7100LG versiones anteriores a 1.0.0.64, WNDR3400v3 versiones anteriores a 1.0.1.38 y XR300 versiones anteriores a 1.0.3.56" } ], "metrics": { "cvssMetricV31": [ { "source": "cve@mitre.org", "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "baseScore": 9.6, "baseSeverity": "CRITICAL", "attackVector": "ADJACENT_NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH" }, "exploitabilityScore": 2.8, "impactScore": 6.0 }, { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH" }, "exploitabilityScore": 3.9, "impactScore": 5.9 } ], "cvssMetricV2": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "baseScore": 10.0, "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "availabilityImpact": "COMPLETE" }, "baseSeverity": "HIGH", "exploitabilityScore": 10.0, "impactScore": 10.0, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false } ] }, "weaknesses": [ { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "CWE-77" } ] } ], "configurations": [ { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:netgear:d8500_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "1.0.3.58", "matchCriteriaId": "0E1D0A84-92A5-4E07-B2BB-ED4431E64457" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:netgear:d8500:-:*:*:*:*:*:*:*", "matchCriteriaId": "814A0114-9A1D-4EA0-9AF4-6968514E4F01" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:netgear:r6900p_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "1.3.2.132", "matchCriteriaId": "839A9EBE-5F14-4695-8040-7D5607F8E248" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:netgear:r6900p:-:*:*:*:*:*:*:*", "matchCriteriaId": "C41908FF-AE64-4949-80E3-BEE061B2DA8A" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:netgear:r7000p_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "1.3.2.132", "matchCriteriaId": "EAF3EA40-79FB-4D2C-A8AF-A04820745C4D" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:netgear:r7000p:-:*:*:*:*:*:*:*", "matchCriteriaId": "DFE55F4D-E98B-46D3-B870-041141934CD1" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:netgear:r7100lg_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "1.0.0.64", "matchCriteriaId": "1AC36017-5BCF-4CF6-91D0-278279943847" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:netgear:r7100lg:-:*:*:*:*:*:*:*", "matchCriteriaId": "366FA778-3C2A-42AF-9141-DAD7043B406C" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:netgear:wndr3400_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "1.0.1.38", "matchCriteriaId": "065AE552-7268-45C5-92CA-B56602C9313D" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:netgear:wndr3400:v3:*:*:*:*:*:*:*", "matchCriteriaId": "1992E44C-122C-41BC-8FDC-5F9EBEE1FB7C" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:netgear:xr300_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "1.0.3.56", "matchCriteriaId": "4AF96D62-1D28-4FE5-AFC3-FB93A1BB4D45" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:netgear:xr300:-:*:*:*:*:*:*:*", "matchCriteriaId": "5590CF28-B88A-4755-904B-1BC1778FBEDD" } ] } ] } ], "references": [ { "url": "https://kb.netgear.com/000063781/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-Gateways-and-Routers-PSV-2020-0297", "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ] }, { "url": "https://kb.netgear.com/000063781/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-Gateways-and-Routers-PSV-2020-0297", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ] } ] }