Unrated severityNVD Advisory· Published Dec 26, 2021· Updated Aug 4, 2024

CVE-2021-45546

Description

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects R7850 before 1.0.5.74, R7900P before 1.4.2.84, R7960P before 1.4.2.84, R8000 before 1.0.4.74, R8000P before 1.4.2.84, RAX200 before 1.0.4.120, RAX75 before 1.0.4.120, RAX80 before 1.0.4.120, RBK752 before 3.2.17.12, RBK852 before 3.2.17.12, RBR750 before 3.2.17.12, RBR850 before 3.2.17.12, RBS750 before 3.2.17.12, and RBS850 before 3.2.17.12.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Authenticated command injection vulnerability in multiple NETGEAR routers and WiFi systems allows attackers to execute arbitrary commands.

Vulnerability

This post-authentication command injection vulnerability affects multiple NETGEAR devices, including R7850, R7900P, R7960P, R8000, R8000P, RAX200, RAX75, RAX80, RBK752, RBK852, RBR750, RBR850, RBS750, and RBS850. The vulnerability exists in firmware versions prior to the fixed versions listed in the advisory [1]. An authenticated user can inject arbitrary commands through a vulnerable input field.

Exploitation

An attacker must have valid credentials to the device's web interface. The exact attack vector is not detailed in the advisory, but it involves sending crafted input that is not properly sanitized, leading to command injection. No user interaction beyond authentication is required.

Impact

Successful exploitation allows an authenticated attacker to execute arbitrary commands on the device with root privileges, potentially leading to full compromise of the device and network.

Mitigation

NETGEAR has released firmware updates for all affected models: R7850 to 1.0.5.74, R7900P/R7960P/R8000P to 1.4.2.84, R8000 to 1.0.4.74, RAX200/RAX75/RAX80 to 1.0.4.120, and Orbi systems (RBK752, RBK852, RBR750, RBR850, RBS750, RBS850) to 3.2.17.12 [1]. Users should update immediately. No workarounds are provided.

References

Security Advisory for Post-Authentication Command Injection on Some Routers and WiFi Systems, PSV-2020-0566

AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

NETGEAR/NETGEAR devicesdescription
Netgear/R7960Pllm-fuzzy
Range: <1.4.2.84
Netgear/R7900Pllm-fuzzy
Range: <1.4.2.84
Netgear/R7850llm-fuzzy
Range: <1.0.5.74

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

kb.netgear.com/000064524/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Routers-and-WiFi-Systems-PSV-2020-0566mitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000