CVE-2021-45543
Description
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects R8000 before 1.0.4.74, RAX200 before 1.0.4.120, R8000P before 1.4.2.84, R7900P before 1.4.2.84, RBR850 before 3.2.17.12, RBS850 before 3.2.17.12, and RBK852 before 3.2.17.12.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
An authenticated user can inject arbitrary commands on several NETGEAR routers and WiFi systems, leading to full device compromise.
Vulnerability
A post-authentication command injection vulnerability exists in the firmware of multiple NETGEAR devices, specifically affecting the R8000 (before 1.0.4.74), RAX200 (before 1.0.4.120), R8000P (before 1.4.2.84), R7900P (before 1.4.2.84), RBR850 (before 3.2.17.12), RBS850 (before 3.2.17.12), and RBK852 (before 3.2.17.12) [1]. The flaw allows a user who has already authenticated to the device's management interface to inject OS commands through a vulnerable input field or parameter [1]. The precise code path is not publicly detailed, but the advisory confirms that the injection occurs after authentication, meaning the attacker must have valid credentials or have obtained them via another means [1].
Exploitation
An attacker must first authenticate to the router's or WiFi system's web-based management interface with valid credentials [1]. Once authenticated, the attacker sends a crafted HTTP request containing operating system commands injected into a specific parameter that is not properly sanitized. The device then executes these commands with the privileges of the web server process, which typically runs as root on such embedded systems [1]. No additional user interaction or network position beyond access to the local management interface is required; the attacker can be on the local LAN or remotely if the administration interface is exposed to the WAN [1].
Impact
Successful exploitation allows the attacker to execute arbitrary operating system commands on the affected device [1]. This can lead to complete compromise of the device, including the ability to modify configuration, exfiltrate sensitive data, install persistent backdoors, or leverage the device as a pivot point in the network. The impact is considered high, as the command injection runs with root privileges and can affect all services and networking functions of the device [1].
Mitigation
NETGEAR has released fixed firmware versions for all affected models: R8000 firmware version 1.0.4.74, RAX200 firmware version 1.0.4.120, R8000P firmware version 1.4.2.84, R7900P firmware version 1.4.2.84, RBR850 firmware version 3.2.17.12, RBS850 firmware version 3.2.17.12, and RBK852 firmware version 3.2.17.12 [1]. Users should update their devices to these versions or later as soon as possible; no workaround is provided for devices that cannot be updated [1]. The vulnerability is not listed on the CISA Known Exploited Vulnerabilities (KEV) catalog as of this writing.
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
4- NETGEAR/NETGEAR devicesdescription
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.