CVE-2021-45545

Vulnerability

The vulnerability is a post-authentication command injection flaw affecting multiple NETGEAR router and WiFi system models [1]. The affected versions are: R7850 before 1.0.5.74, R7900P before 1.4.2.84, R7960P before 1.4.2.84, R8000 before 1.0.4.74, R8000P before 1.4.2.84, RAX200 before 1.0.4.120, RAX75 before 1.0.4.120, RAX80 before 1.0.4.120, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12 [1]. The bug resides in the firmware handling of user-supplied input after authentication, where insufficient sanitization allows injection of operating system commands.

Exploitation

An attacker must first authenticate to the device's administrative interface. Once authenticated, the attacker can craft a malicious input that, when processed by the vulnerable component, executes arbitrary commands on the underlying operating system [1]. The exact sequence of steps is not publicly detailed, but the advisory confirms that no user interaction beyond authentication is required.

Impact

Successful exploitation allows an authenticated attacker to execute arbitrary commands on the affected device with elevated privileges [1]. This can lead to full compromise of the device, including unauthorized access to network traffic, modification of device settings, and potential lateral movement within the network.

Mitigation

NETGEAR has released firmware updates to fix the vulnerability [1]. The fixed versions are: R7850 firmware version 1.0.5.74, R7900P firmware version 1.4.2.84, R7960P firmware version 1.4.2.84, R8000 firmware version 1.0.4.74, R8000P firmware version 1.4.2.84, RAX200 firmware version 1.0.4.120, RAX75 firmware version 1.0.4.120, RAX80 firmware version 1.0.4.120, RBK852 firmware version 3.2.17.12, RBR850 firmware version 3.2.17.12, and RBS850 firmware version 3.2.17.12 [1]. Users should download and install the latest firmware from the NETGEAR Support website. No workaround is provided for unpatched devices [1].