CVE-2021-45560

Vulnerability

CVE-2021-45560 is a post-authentication command injection vulnerability affecting multiple NETGEAR Orbi WiFi system models: RBK752, RBR750, RBS750, RBK852, RBR850, and RBS850. All devices running firmware versions prior to 3.2.16.6 are affected [1]. The vulnerability resides in the device's administrative interface, which fails to properly sanitize input from authenticated users, allowing injection of arbitrary system commands [1]. The attacker must already have valid administrative credentials to reach the vulnerable code path.

Exploitation

To exploit CVE-2021-45560, an attacker must first authenticate to the affected NETGEAR device's web-based management interface with valid administrative credentials. Once authenticated, the attacker can send specially crafted HTTP requests containing injected commands to the vulnerable endpoint. The exact request parameters and command injection point have not been publicly detailed by NETGEAR, but the advisory confirms the issue as a command injection flaw that can be triggered after authentication [1]. No user interaction beyond the initial login is required; the attacker can proceed programmatically.

Impact

Successful exploitation allows an authenticated attacker to execute arbitrary operating system commands on the affected device with the privilege level of the web server process (typically root or similar high-integrity context). This can lead to full compromise of the device, including unauthorized access to network traffic, modification of device configuration, installation of persistent malware, or use of the device as a pivot point within the victim's local network. The CVSS v3.1 base score is 8.4 (Medium severity due to the Authenticated requirement), and the vector indicates an attack vector of Adjacent Network [1], meaning the attacker must be on the same local wireless or wired segment as the device.

Mitigation

NETGEAR released fixed firmware version 3.2.16.6 for all affected models on or before September 26, 2021 [1]. Users are strongly advised to upgrade to the latest firmware immediately via the NETGEAR Support downloads page [1]. No workarounds have been provided; the only mitigation is to apply the firmware update. If the device cannot be updated, administrators should restrict management access to trusted hosts only and ensure strong credential policies are in place. This vulnerability is not currently listed on the CISA Known Exploited Vulnerabilities (KEV) catalog.