CVE-2021-45540

Vulnerability

A post-authentication command injection vulnerability exists in the web interfaces of multiple NETGEAR router and WiFi system models. The flaw affects R7000 before 1.0.11.126, R7900 before 1.0.4.46, R7900P before 1.4.2.84, R7960P before 1.4.2.84, R8000 before 1.0.4.74, R8000P before 1.4.2.84, RAX200 before 1.0.3.106, MR60 before 1.0.6.110, RAX45 before 1.0.2.66, RAX80 before 1.0.3.106, MS60 before 1.0.6.110, RAX50 before 1.0.2.66, and RAX75 before 1.0.3.106 [1].

Exploitation

An attacker must first authenticate to the device's web interface with valid credentials. Once authenticated, the attacker can send specially crafted input to an unspecified parameter, which is then used to construct and execute system commands. The advisory notes that the attacker requires user interaction or write access to trigger the vulnerable code path [1].

Impact

Successful exploitation allows an authenticated attacker to execute arbitrary operating system commands on the affected device. This can lead to full compromise of the router, including data exfiltration, configuration changes, denial of service, and further network intrusion. The attack achieves command injection at the root privilege level [1].

Mitigation

NETGEAR released fixed firmware for all affected models. Users should update to the following versions or later: R7000 1.0.11.126, R7900 1.0.4.46, R7900P 1.4.2.84, R7960P 1.4.2.84, R8000 1.0.4.74, R8000P 1.4.2.84, RAX200 1.0.3.106, MR60 1.0.6.110, RAX45 1.0.2.66, RAX80 1.0.3.106, MS60 1.0.6.110, RAX50 1.0.2.66, and RAX75 1.0.3.106. Firmware is available from NETGEAR Support [1]. No workaround is provided; upgrading is the only mitigation.