CVE-2021-45635 in CBR750
Summary
by MITRE • 12/26/2021
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR750 before 4.6.3.6, RBK752 before 3.2.17.12, RBR750 before 3.2.17.12, RBS750 before 3.2.17.12, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12.
Be aware that VulDB is the high quality source for vulnerability data.
Analysis
by VulDB Data Team • 12/28/2021
The vulnerability identified as CVE-2021-45635 represents a critical command injection flaw affecting multiple NETGEAR networking devices within the CBR750, RBK752, RBR750, RBS750, RBK852, RBR850, and RBS850 product lines. This vulnerability exposes devices to unauthenticated remote command execution attacks, fundamentally compromising the security posture of affected networks. The flaw exists in the web interface handling of user input, where insufficient validation allows attackers to inject malicious commands that are subsequently executed with elevated privileges on the affected devices.
The technical implementation of this vulnerability stems from improper input sanitization within the device's web management interface. Attackers can exploit this weakness by crafting malicious HTTP requests containing command injection payloads that bypass authentication mechanisms. The vulnerability falls under CWE-77 which specifically addresses command injection flaws, where user-supplied data is directly incorporated into system commands without adequate sanitization or escaping. This allows an attacker to execute arbitrary commands on the device, potentially leading to complete system compromise, data exfiltration, or use as a pivot point for further network attacks.
The operational impact of this vulnerability extends beyond individual device compromise to potentially affect entire network infrastructures. Unauthenticated attackers can gain unauthorized access to network devices without requiring credentials, making the attack surface particularly dangerous in environments where network security is not properly segmented. The affected devices operate in critical network infrastructure roles, meaning their compromise could lead to denial of service, unauthorized network access, or data interception. According to ATT&CK framework, this vulnerability maps to T1059.001 for command and scripting interpreter, representing a direct path for attackers to execute malicious code on target systems.
Network administrators should prioritize immediate remediation of affected devices through firmware updates to versions 4.6.3.6 or later for CBR750 models and 3.2.17.12 or later for all other affected RBK and RBR models. The vulnerability affects devices that have been in production for several years, highlighting the importance of ongoing security maintenance and patch management processes. Organizations should implement network segmentation to limit the potential impact of such compromises, deploy intrusion detection systems to monitor for suspicious traffic patterns, and consider temporary network access restrictions to affected devices until patches are applied. The vulnerability demonstrates the critical need for manufacturers to implement robust input validation and authentication mechanisms in network infrastructure devices, particularly those with web-based management interfaces that are accessible from untrusted networks.