CVE-2021-45556

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects GS108Tv2 before 5.4.2.36, GS110TPP before 7.0.7.2, GS110TPv2 before 5.4.2.36., GS110TPv3 before 7.0.7.2, GS308T before 1.0.3.2, GS310TP before 1.0.3.2, GS724TPP before 2.0.6.3, GS724TPv2 before 2.0.6.3, GS728TPPv2 before 6.0.8.2, GS728TPv2 before 6.0.8.2, GS752TPP before 6.0.8.2, GS752TPv2 before 6.0.8.2, MS510TXM before 1.0.4.2, and MS510TXUP before 1.0.4.2.

Published: Dec 26, 2021
Updated: Apr 14, 2023
CVE: CVE-2021-45556
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.8
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: Medium
Score: 6.5
AV:N/AC:L/Au:S/C:P/I:P/A:P

CWEs:

CWE-77

OWASP TOP 10:

A1 - Injection

Affected Software
References

Software	From	Fixed in
netgear / gs108tv2_firmware	-	5.4.2.36
netgear / gs110tpp_firmware	-	7.0.7.2
netgear / gs110tpv2_firmware	-	5.4.2.36
netgear / gs308t_firmware	-	1.0.3.2
netgear / gs110tpv3_firmware	-	7.0.7.2
netgear / gs310tp_firmware	-	1.0.3.2
netgear / gs724tpp_firmware	-	2.0.6.3
netgear / gs724tpv2_firmware	-	2.0.6.3
netgear / gs728tppv2_firmware	-	6.0.8.2
netgear / gs728tpv2_firmware	-	6.0.8.2
netgear / gs752tpp_firmware	-	6.0.8.2
netgear / gs752tpv2_firmware	-	6.0.8.2
netgear / ms510txm_firmware	-	1.0.4.2
netgear / ms510txup_firmware	-	1.0.4.2

https://kb.netgear.com/000064534/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Smart-Managed-Pro-Switches-PSV-2021-0175

Vulnerability Database

289,871

CVE-2021-45556