CVE-2021-45589

Vulnerability

A post-authentication command injection vulnerability exists in certain NETGEAR WiFi system models. The flaw resides in the management interface of the affected devices, allowing an authenticated user to inject arbitrary operating system commands. The following models are affected when running firmware versions prior to 3.2.16.6: RBK752, RBR750, RBS750, RBK852, RBR850, and RBS850 [1].

Exploitation

An attacker must first obtain valid administrative credentials for the device's web-based management interface. Once authenticated, the attacker can send specially crafted input to a vulnerable parameter, which is then passed unsanitized to a system command. The exact sequence of steps is not publicly detailed, but the advisory confirms that command injection is achievable with authenticated access [1].

Impact

Successful exploitation allows the attacker to execute arbitrary commands on the underlying operating system with elevated privileges. This can lead to full compromise of the device, including unauthorized access to sensitive data, modification of device configuration, and potential use as a pivot point for further attacks on the local network [1].

Mitigation

NETGEAR has released firmware version 3.2.16.6 to address this vulnerability. Users are strongly advised to download and install the latest firmware for their specific model from the NETGEAR Support website. No workarounds are provided, and the vulnerability is not known to be listed on the CISA Known Exploited Vulnerabilities (KEV) catalog as of the publication date [1].