CVE-2021-45547

Vulnerability

A post-authentication command injection vulnerability exists in the web interface of multiple NETGEAR routers and WiFi systems. An authenticated user can inject arbitrary operating system commands through a crafted input. Affected models include R7850 (before 1.0.5.74), R7900P (before 1.4.2.84), R7960P (before 1.4.2.84), R8000 (before 1.0.4.74), R8000P (before 1.4.2.84), RAX200 (before 1.0.4.120), RAX75 (before 1.0.4.120), RAX80 (before 1.0.4.120), RBK752 (before 3.2.17.12), RBK852 (before 3.2.17.12), RBR750 (before 3.2.17.12), RBR850 (before 3.2.17.12), RBS750 (before 3.2.17.12), and RBS850 (before 3.2.17.12) [1].

Exploitation

An attacker must have valid administrative credentials to the device's web management interface. With authenticated access, the attacker can send specially crafted HTTP requests that include command injection payloads, leading to arbitrary command execution on the underlying operating system [1].

Impact

Successful exploitation allows the attacker to execute arbitrary commands with root-level privileges, resulting in full compromise of the device. This can lead to unauthorized access, data exfiltration, or further network attacks [1].

Mitigation

NETGEAR has released fixed firmware versions for all affected models. Users should update to the latest firmware as soon as possible: R7850 to 1.0.5.74, R7900P/R7960P/R8000P to 1.4.2.84, R8000 to 1.0.4.74, RAX200/RAX75/RAX80 to 1.0.4.120, and RBK752/RBK852/RBR750/RBR850/RBS750/RBS850 to 3.2.17.12 [1]. No workarounds are available; updating firmware is the only mitigation.