Unrated severityNVD Advisory· Published Dec 26, 2021· Updated Aug 4, 2024

CVE-2021-45536

Description

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RAX75 before 1.0.3.106, RAX80 before 1.0.3.106, RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Authenticated command injection in multiple NETGEAR routers and WiFi systems allows attackers to execute arbitrary commands.

Vulnerability

A post-authentication command injection vulnerability exists in several NETGEAR routers and WiFi systems. The affected models are RAX75, RAX80, RBK752, RBR750, RBS750, RBK852, RBR850, and RBS850, running firmware versions prior to 1.0.3.106 (for RAX75/RAX80) or prior to 3.2.16.6 (for the WiFi systems) [1]. An authenticated user can inject commands via a vulnerable input field.

Exploitation

An attacker must have valid credentials to log into the device's web interface. After authentication, the attacker can send specially crafted HTTP requests containing operating system commands. The advisory does not disclose the exact vulnerable parameter, but typical exploitation involves injecting command separators into fields that are insufficiently sanitized [1].

Impact

Successful exploitation allows the attacker to execute arbitrary commands on the device with elevated privileges. This can lead to full compromise of the affected device, including unauthorized access to network traffic, modification of settings, and potential lateral movement within the network [1].

Mitigation

NETGEAR has released firmware fixes for all affected models. Users should update RAX75 and RAX80 to version 1.0.3.106 or later, and the WiFi system models (RBK752, RBR750, RBS750, RBK852, RBR850, RBS850) to version 3.2.16.6 or later [1]. No workarounds are provided; updating to the latest firmware is the only recommended mitigation.

References

Security Advisory for Post-Authentication Command Injection on Some Routers and WiFi Systems, PSV-2020-0056

AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

NETGEAR/NETGEAR devicesdescription
Netgear/RBK752llm-fuzzy
Range: <3.2.16.6
Netgear/RAX75llm-fuzzy
Range: <1.0.3.106
Netgear/RAX80llm-fuzzy
Range: <1.0.3.106

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

kb.netgear.com/000064080/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Routers-and-WiFi-Systems-PSV-2020-0056mitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000