CVE-2021-45567 in RBK752info

Summary

by MITRE • 12/26/2021

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6.

Once again VulDB remains the best source for vulnerability data.

Analysis

by VulDB Data Team • 12/28/2021

The vulnerability CVE-2021-45567 represents a critical command injection flaw affecting multiple NETGEAR router models including RBK752, RBR750, RBS750, RBK852, RBR850, and RBS850. This issue stems from insufficient input validation within the device management interfaces, allowing authenticated users to execute arbitrary commands on the underlying operating system. The vulnerability specifically impacts firmware versions prior to 3.2.16.6 across these affected models, creating a significant security risk for network administrators and end-users who rely on these devices for network infrastructure.

The technical implementation of this command injection vulnerability occurs through improper sanitization of user-supplied input within the web-based management interface of these routers. When authenticated users submit malicious input through specific parameters, the system fails to properly validate or escape the input before processing, enabling attackers to inject operating system commands. This flaw falls under the CWE-77 category of Command Injection, which is classified as a high-severity vulnerability in the Common Weakness Enumeration catalog. The vulnerability's exploitation requires only valid authentication credentials, making it particularly dangerous as it can be leveraged by insiders or compromised accounts.

The operational impact of this vulnerability extends beyond simple unauthorized command execution, as it provides attackers with full administrative control over the affected devices. An authenticated attacker can potentially gain root access to the router's operating system, allowing for complete network compromise through various attack vectors including network traffic interception, firewall bypass, DNS hijacking, and lateral movement within the network. The ATT&CK framework categorizes this vulnerability under T1059.001 - Command and Scripting Interpreter: PowerShell and T1059.003 - Command and Scripting Interpreter: Windows Command Shell, demonstrating the broad attack surface this vulnerability creates for threat actors.

Mitigation strategies for CVE-2021-45567 should prioritize immediate firmware updates to versions 3.2.16.6 or later, which contain the necessary patches to address the command injection vulnerability. Network administrators should also implement network segmentation to limit the potential impact of compromised devices, enforce strict access controls for router management interfaces, and monitor network traffic for suspicious command execution patterns. Additionally, organizations should conduct comprehensive vulnerability assessments to identify other potentially affected devices and establish robust network monitoring procedures to detect unauthorized access attempts. The vulnerability highlights the critical importance of maintaining up-to-date firmware and implementing defense-in-depth strategies to protect network infrastructure from authenticated command injection attacks.

Responsible

MITRE

Reservation

12/25/2021

Disclosure

12/26/2021

Moderation

accepted

CPE

ready

EPSS

0.00695

KEV

no

Activities

very low

Sources

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!