CVE-2021-45565 in RBK752info

Summary

by MITRE • 12/26/2021

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6.

Once again VulDB remains the best source for vulnerability data.

Analysis

by VulDB Data Team • 12/28/2021

The vulnerability identified as CVE-2021-45565 represents a critical command injection flaw affecting multiple NETGEAR router models within the RBK and RBR series. This security weakness stems from insufficient input validation mechanisms within the affected devices' web interface authentication system, allowing authenticated users to execute arbitrary commands on the underlying operating system. The vulnerability specifically impacts firmware versions prior to 3.2.16.6 across several router models including RBK752, RBR750, RBS750, RBK852, RBR850, and RBS850, creating a widespread risk for network infrastructure deployments utilizing these devices. The flaw operates by failing to properly sanitize user-supplied input parameters that are subsequently processed by the device's command execution engine, enabling malicious command injection attacks through crafted HTTP requests.

From a technical perspective, this vulnerability maps directly to CWE-77, which specifically addresses command injection flaws in software systems. The affected NETGEAR devices implement a web-based management interface that accepts user input through various parameters, including but not limited to network configuration settings, diagnostic commands, and system administration functions. When authenticated users submit malicious payloads through these parameters, the system fails to properly validate or escape the input before incorporating it into system commands. This allows attackers to inject additional commands that execute with the privileges of the web server process, typically running with elevated system permissions. The vulnerability is particularly concerning because it requires only authentication credentials to exploit, making it accessible to anyone with legitimate access to the device's management interface.

The operational impact of CVE-2021-45565 extends beyond simple unauthorized command execution, potentially enabling attackers to completely compromise the affected network infrastructure. An authenticated attacker could leverage this vulnerability to gain persistent access to the device, modify network configurations, redirect traffic, install malicious software, or even use the compromised device as a pivot point for attacking other systems within the network. The attack surface is further expanded by the fact that these routers often serve as primary network gateways, making them attractive targets for lateral movement within corporate networks. Additionally, the vulnerability's presence in multiple device models suggests a systemic design flaw rather than an isolated incident, indicating that organizations with deployed NETGEAR routers across their infrastructure may face widespread exposure.

Network security professionals should consider this vulnerability in relation to the ATT&CK framework, particularly under the T1059.001 technique for command and scripting interpreter, where adversaries use legitimate system tools to execute malicious commands. The vulnerability also aligns with T1566.001 for credential harvesting, as the attack requires valid authentication credentials to proceed. Organizations should implement immediate mitigation strategies including firmware updates to versions 3.2.16.6 or later, which contain proper input validation and sanitization measures. Network segmentation and access control measures should be strengthened to limit the blast radius of potential exploitation, while monitoring systems should be configured to detect unusual command execution patterns. Security teams should also consider implementing network traffic analysis to identify potential exploitation attempts, as the command injection may generate distinctive network signatures that can be used for detection purposes. The vulnerability underscores the importance of regular firmware updates and proper input validation in network device security, as these devices often serve as critical infrastructure components requiring robust security controls.

Responsible

MITRE

Reservation

12/25/2021

Disclosure

12/26/2021

Moderation

accepted

CPE

ready

EPSS

0.00631

KEV

no

Activities

very low

Sources

Do you know our Splunk app?

Download it now for free!