CVE-2021-45574 in RBK752
Summary
by MITRE • 12/26/2021
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6.
Once again VulDB remains the best source for vulnerability data.
Analysis
by VulDB Data Team • 12/28/2021
The vulnerability CVE-2021-45574 represents a critical command injection flaw affecting multiple NETGEAR router models including RBK752, RBR750, RBS750, RBK852, RBR850, and RBS850. This issue stems from insufficient input validation within the web administration interface of these devices, allowing authenticated users to execute arbitrary commands on the underlying operating system. The vulnerability specifically impacts firmware versions prior to 3.2.16.6, indicating that devices running older software versions remain exposed to this security risk. The command injection occurs when user-supplied input is directly incorporated into system commands without proper sanitization or escaping mechanisms, creating a pathway for malicious command execution.
From a technical perspective, this vulnerability falls under CWE-77 which describes improper neutralization of special elements used in commands. The flaw enables an authenticated attacker with access to the device's web interface to inject malicious commands that are subsequently executed with the privileges of the web server process. This typically operates with elevated privileges on the device, potentially allowing full system compromise. The vulnerability is particularly concerning because it requires only authentication, meaning that anyone with valid login credentials can exploit this weakness. Attackers could leverage this to gain persistent access, modify device configurations, redirect traffic, or establish backdoors for continued unauthorized access.
The operational impact of CVE-2021-45574 extends beyond simple command execution as it fundamentally compromises the integrity and confidentiality of the affected network infrastructure. When exploited, this vulnerability allows attackers to manipulate network routing, modify firewall rules, access sensitive configuration data, and potentially use the compromised device as a pivot point for attacking other systems within the local network. The affected devices are typically deployed in residential and small office environments where they serve as primary network gateways, making them attractive targets for attackers seeking persistent access to larger networks. Additionally, the vulnerability affects multiple device models from the same product line, suggesting a systemic issue in the firmware development process rather than isolated incidents.
Organizations and users should immediately update all affected NETGEAR devices to firmware version 3.2.16.6 or later to remediate this vulnerability. The update process should be conducted through official NETGEAR channels to ensure authenticity and prevent potential supply chain attacks. Network segmentation and monitoring should be implemented to detect unusual command execution patterns or unauthorized configuration changes. Security professionals should consider this vulnerability in their threat modeling for network infrastructure, particularly when assessing the risk of authenticated attackers within network perimeters. The MITRE ATT&CK framework categorizes this type of vulnerability under T1059.001 for command and scripting interpreter, highlighting the need for input validation controls and privilege separation in network device implementations. This vulnerability underscores the critical importance of firmware security updates and proper input validation in embedded network devices that form the foundation of modern network infrastructure.