CVE-2021-45544

Vulnerability

A post-authentication command injection vulnerability exists in the web interface of certain NETGEAR routers and WiFi systems. Affected models include R7850 (before 1.0.5.74), R7900P (before 1.4.2.84), R7960P (before 1.4.2.84), R8000 (before 1.0.4.74), R8000P (before 1.4.2.84), RAX200 (before 1.0.4.120), RAX75 (before 1.0.4.120), RAX80 (before 1.0.4.120), RBK852 (before 3.2.17.12), RBR850 (before 3.2.17.12), and RBS850 (before 3.2.17.12). The vulnerability requires an authenticated user to exploit it [1].

Exploitation

An attacker must have valid credentials to the device's web interface. By sending a specially crafted input to a vulnerable parameter, the attacker can inject arbitrary operating system commands. No additional user interaction is required beyond the initial authentication [1].

Impact

Successful exploitation allows an authenticated attacker to execute arbitrary commands with root privileges, leading to full compromise of confidentiality, integrity, and availability of the device [1].

Mitigation

NETGEAR has released firmware updates to fix this vulnerability. Users should upgrade to the following versions: R7850 to 1.0.5.74, R7900P/R7960P/R8000P to 1.4.2.84, R8000 to 1.0.4.74, RAX200/RAX75/RAX80 to 1.0.4.120, and RBK852/RBR850/RBS850 to 3.2.17.12. No workarounds are available; updating the firmware is the only recommended mitigation [1].