CVE-2021-45549
Description
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects LAX20 before 1.1.6.28, MK62 before 1.1.6.122, MR60 before 1.1.6.122, MS60 before 1.1.6.122, R6400v2 before 1.0.4.118, R6700v3 before 1.0.4.118, R6900P before 1.3.3.140, R7000 before 1.0.11.116, R7000P before 1.3.3.140, R7850 before 1.0.5.68, R7900 before 1.0.4.38, R7900P before 1.4.2.84, R7960P before 1.4.2.84, R8000 before 1.0.4.68, R8000P before 1.4.2.84, RAX15 before 1.0.3.96, RAX20 before 1.0.3.96, RAX200 before 1.0.4.120, RAX35v2 before 1.0.3.96, RAX40v2 before 1.0.3.96, RAX43 before 1.0.3.96, RAX45 before 1.0.3.96, RAX50 before 1.0.3.96, RAX75 before 1.0.4.120, RAX80 before 1.0.4.120, RS400 before 1.5.1.80, and XR1000 before 1.0.0.58.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
An authenticated command injection vulnerability in many NETGEAR routers and extenders allows an attacker to execute arbitrary commands on the device.
Vulnerability
CVE-2021-45549 is a post-authentication command injection vulnerability affecting numerous NETGEAR devices. The flaw resides in the firmware of certain routers, extenders, and WiFi systems, where an authenticated user can inject arbitrary operating system commands. Affected models and fixed versions include LAX20 before 1.1.6.28, MK62 before 1.1.6.122, MR60 before 1.1.6.122, MS60 before 1.1.6.122, R6400v2 before 1.0.4.118, R6700v3 before 1.0.4.118, R6900P before 1.3.3.140, R7000 before 1.0.11.116, R7000P before 1.3.3.140, R7850 before 1.0.5.68, R7900 before 1.0.4.38, R7900P before 1.4.2.84, R7960P before 1.4.2.84, R8000 before 1.0.4.68, R8000P before 1.4.2.84, RAX15 before 1.0.3.96, RAX20 before 1.0.3.96, RAX200 before 1.0.4.120, RAX35v2 before 1.0.3.96, RAX40v2 before 1.0.3.96, RAX43 before 1.0.3.96, RAX45 before 1.0.3.96, RAX50 before 1.0.3.96, RAX75 before 1.0.4.120, RAX80 before 1.0.4.120, RS400 before 1.5.1.80, and XR1000 before 1.0.0.58 [1].
Exploitation
To exploit CVE-2021-45549, an attacker must first have a valid authenticated session on the affected device. The specific input vectors and the exact sequence of steps are not publicly detailed in the available references, but the vulnerability is classified as a post-authentication command injection, meaning the attacker sends specially crafted requests to the device's management interface or web UI to inject commands [1].
Impact
Successful exploitation allows an authenticated attacker to execute arbitrary commands on the underlying operating system of the device. This can lead to full device compromise, including the ability to modify configuration, exfiltrate sensitive data, or launch further attacks on the network. The privilege level achieved is that of the web server process, which typically runs with root or high privileges on such devices [1].
Mitigation
NETGEAR has released firmware updates to fix this vulnerability for all affected models. Users should upgrade to the latest firmware version for their specific device as listed above. The security advisory was first published on December 22, 2021, and updates are available for download from NETGEAR Support [1]. There is no known workaround besides applying the firmware patch.
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- NETGEAR/NETGEAR devicesdescription
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.