CVE-2021-45533

Vulnerability

A post-authentication command injection vulnerability exists in certain NETGEAR extenders and WiFi systems. The vulnerability affects the following models and firmware versions: EX6120 before 1.0.0.66, EX6130 before 1.0.0.46, EX7000 before 1.0.1.106, EX7500 before 1.0.1.76, EX3700 before 1.0.0.94, EX3800 before 1.0.0.94, RBR850 before 4.6.3.9, RBS850 before 4.6.3.9, and RBK852 before 4.6.3.9 [1]. An authenticated user can inject arbitrary operating system commands through a specially crafted request to the device's management interface.

Exploitation

To exploit this vulnerability, an attacker must first authenticate to the device's web-based management interface using valid administrator credentials. After authentication, the attacker sends a crafted HTTP request to a vulnerable endpoint, embedding shell metacharacters that the firmware fails to sanitize [1]. The injected commands are then executed with root-level privileges on the device.

Impact

Successful exploitation allows an authenticated attacker to execute arbitrary commands as root on the affected device. This leads to full compromise of the device, enabling the attacker to read or modify sensitive configuration data, install malicious software, or pivot to other devices on the local network. The attack does not require any additional privileges beyond the initial administrator authentication.

Mitigation

NETGEAR has released firmware updates that fix this vulnerability. The fixed versions are: EX6120 firmware version 1.0.0.66, EX6130 firmware version 1.0.0.46, EX7000 firmware version 1.0.1.106, EX7500 firmware version 1.0.1.76, EX3700 firmware version 1.0.0.94, EX3800 firmware version 1.0.0.94, RBR850 firmware version 4.6.3.9, RBS850 firmware version 4.6.3.9, and RBK852 firmware version 4.6.3.9 [1]. Users should download and install the latest firmware from the NETGEAR Support website as soon as possible [1]. No workarounds are available; the only mitigation is to apply the firmware update [1].