Vulnerability Details : CVE-2021-45661
Certain NETGEAR devices are affected by server-side injection. This affects RBK40 before 2.5.1.16, RBR40 before 2.5.1.16, RBS40 before 2.5.1.16, RBK20 before 2.5.1.16, RBR20 before 2.5.1.16, RBS20 before 2.5.1.16, RBK50 before 2.5.1.16, RBR50 before 2.5.1.16, RBS50 before 2.5.1.16, and RBS50Y before 2.6.1.40.
Products affected by CVE-2021-45661
- cpe:2.3:o:netgear:rbr20_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:netgear:rbs20_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:netgear:rbk20_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:netgear:rbr40_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:netgear:rbs40_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:netgear:rbk40_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:netgear:rbr50_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:netgear:rbs50_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:netgear:rbk50_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:netgear:rbs50y_firmware:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2021-45661
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 10 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2021-45661
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.6
|
MEDIUM | AV:L/AC:L/Au:N/C:P/I:P/A:P |
3.9
|
6.4
|
NIST | |
7.1
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N |
1.8
|
5.2
|
MITRE | |
7.8
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST |
CWE ids for CVE-2021-45661
-
The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.Assigned by: nvd@nist.gov (Primary)
References for CVE-2021-45661
-
https://kb.netgear.com/000064065/Security-Advisory-for-Server-Side-Injection-on-Some-WiFi-Systems-PSV-2019-0134
Security Advisory for Server Side Injection on Some WiFi Systems, PSV-2019-0134 | Answer | NETGEAR SupportPatch;Vendor Advisory
Jump to