CVE-2021-45620 in CBR40info

Summary

by MITRE • 12/26/2021

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR40 before 2.5.0.24, CBR750 before 4.6.3.6, EAX20 before 1.0.0.58, EAX80 before 1.0.1.68, LAX20 before 1.1.6.28, MR60 before 1.0.6.116, MR80 before 1.1.2.20, MS60 before 1.0.6.116, MS80 before 1.1.2.20, MK62 before 1.0.6.116, MK83 before 1.1.2.20, R6400 before 1.0.1.70, R6400v2 before 1.0.4.106, R6700v3 before 1.0.4.106, R6900P before 1.3.3.140, R7000 before 1.0.11.126, R7000P before 1.3.3.140, R7850 before 1.0.5.74, R7900 before 1.0.4.46, R7900P before 1.4.2.84, R7960P before 1.4.2.84, R8000 before 1.0.4.74, R8000P before 1.4.2.84, RAX15 before 1.0.3.96, RAX20 before 1.0.3.96, RAX200 before 1.0.4.120, RAX35v2 before 1.0.3.96, RAX40v2 before 1.0.3.96, RAX43 before 1.0.3.96, RAX45 before 1.0.3.96, RAX50 before 1.0.3.96, RAX75 before 1.0.4.120, RAX80 before 1.0.4.120, RBK752 before 3.2.17.12, RBK852 before 3.2.17.12, RBR750 before 3.2.17.12, RBR850 before 3.2.17.12, RBS750 before 3.2.17.12, RBS850 before 3.2.17.12, RS400 before 1.5.1.80, XR1000 before 1.0.0.58, and XR300 before 1.0.3.68.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Analysis

by VulDB Data Team • 12/28/2021

This command injection vulnerability in NETGEAR devices represents a critical security flaw that allows unauthenticated attackers to execute arbitrary commands on affected routers and access points. The vulnerability stems from insufficient input validation in the web interface of these networking devices, specifically in how they process user-supplied data in HTTP requests. Attackers can exploit this weakness by crafting malicious payloads that bypass authentication mechanisms and directly inject command sequences into the underlying operating system. This flaw affects a wide range of NETGEAR consumer and business networking equipment spanning multiple product lines including CBR, EAX, LAX, MR, MS, MK, R, RAX, RBK, RBR, RBS, RS, XR, and others. The vulnerability exists in firmware versions prior to the specified patches, indicating that device manufacturers released updates to address this specific security gap. This type of vulnerability is classified as CWE-77 according to the Common Weakness Enumeration catalog, which specifically addresses command injection flaws in software systems.

The operational impact of this vulnerability extends far beyond simple unauthorized access to device management interfaces. An attacker who successfully exploits this command injection flaw can gain complete control over the affected device, potentially enabling them to modify network configurations, redirect traffic, install malware, or use the device as a pivot point for attacking other systems within the local network. The unauthenticated nature of this vulnerability makes it particularly dangerous as it requires no prior credentials or access privileges to exploit. Network traffic passing through compromised devices could be monitored, modified, or disrupted, leading to potential data breaches or service interruptions. Organizations relying on these devices for network infrastructure may experience significant security risks, especially in environments where these devices are exposed to untrusted network segments or where they serve as gateways to sensitive internal systems.

Mitigation strategies for this vulnerability should include immediate firmware updates from NETGEAR to the latest versions that contain patches addressing the command injection flaw. Network administrators should also implement network segmentation to limit the potential attack surface, ensuring that critical systems are not directly accessible from less secure network segments. Monitoring network traffic for suspicious command execution patterns and implementing intrusion detection systems can help identify exploitation attempts. Device access controls should be strengthened by disabling unnecessary services, changing default credentials, and configuring proper firewall rules. Security assessments should include vulnerability scanning to identify any remaining affected devices within the network infrastructure. Organizations should also consider implementing network access control policies that limit which devices can communicate with critical network infrastructure. The ATT&CK framework categorizes this vulnerability under T1059.001 for command and scripting interpreter, indicating that exploitation involves the execution of commands through the system's command-line interface, which aligns with the nature of this command injection flaw. Regular security audits and patch management processes should be established to prevent similar vulnerabilities from being introduced in future device deployments or firmware updates.

Responsible

MITRE

Reservation

12/25/2021

Disclosure

12/26/2021

Moderation

accepted

CPE

ready

EPSS

0.02020

KEV

no

Activities

very low

Sources

Want to stay up to date on a daily basis?

Enable the mail alert feature now!