CVE-2021-45593

Vulnerability

CVE-2021-45593 is a post-authentication command injection vulnerability affecting multiple NETGEAR Orbi WiFi system models. The vulnerability is present in firmware versions prior to 2.7.3.22 for the RBR20, RBR40, RBS20, RBS40, RBK20, and RBK40 models, and prior to 2.7.2.102 for the RBR50 and RBK50 models. An authenticated user can inject arbitrary operating system commands through a vulnerable input field, leading to command execution on the device [1].

Exploitation

To exploit this vulnerability, an attacker must first have valid authentication credentials for the affected NETGEAR device. With authenticated access, the attacker can send specially crafted input that bypasses input sanitization, causing the device's firmware to execute injected commands. No additional user interaction or specific network position is required beyond being able to reach the device's management interface [1].

Impact

Successful exploitation allows an authenticated attacker to execute arbitrary commands on the underlying operating system with elevated privileges. This can lead to full compromise of the device, including the ability to modify configurations, exfiltrate sensitive data, or use the device as a pivot point for further attacks on the network [1].

Mitigation

NETGEAR has released fixed firmware versions: 2.7.3.22 for RBR20, RBR40, RBS20, RBS40, RBK20, and RBK40; and 2.7.2.102 for RBR50 and RBK50. Users should update their devices to these versions immediately via the NETGEAR Support download page [1]. No workarounds have been provided by the vendor. This vulnerability is not listed in CISA's Known Exploited Vulnerabilities (KEV) catalog as of the publication date.