CVE-2021-45539

Vulnerability

A post-authentication command injection vulnerability exists in the firmware of multiple NETGEAR router and WiFi system models. The vulnerability affects the following devices and versions: R7900P before 1.4.2.84, R7960P before 1.4.2.84, R8000 before 1.0.4.74, R8000P before 1.4.2.84, MR60 before 1.0.6.110, RAX20 before 1.0.2.82, RAX45 before 1.0.2.28, RAX80 before 1.0.3.106, MS60 before 1.0.6.110, RAX15 before 1.0.2.82, RAX50 before 1.0.2.28, and RAX75 before 1.0.3.106 [1]. The vulnerability is exploitable only after an attacker has authenticated to the device's administrative interface.

Exploitation

An attacker must first obtain valid administrative credentials for the affected device. Once authenticated, the attacker can send specially crafted input to a vulnerable parameter or endpoint, leading to command injection. The exact sequence of steps is not publicly detailed, but the advisory confirms that an authenticated user can inject commands into the underlying operating system [1].

Impact

Successful exploitation allows an authenticated attacker to execute arbitrary commands on the device with elevated privileges. This can lead to full compromise of the router or WiFi system, including unauthorized access to network traffic, modification of device configuration, and potential pivot to other devices on the network [1].

Mitigation

NETGEAR has released fixed firmware versions for all affected models. Users should update to the following versions or later: R7900P/R7960P/R8000P to 1.4.2.84, R8000 to 1.0.4.74, MR60/MS60 to 1.0.6.110, RAX20/RAX15 to 1.0.2.82, RAX45/RAX50 to 1.0.2.28, RAX80 to 1.0.3.106, and RAX75 to 1.0.3.106 [1]. No workarounds are provided; installing the latest firmware is the only recommended mitigation [1].