Unrated severityNVD Advisory· Published Dec 26, 2021· Updated Aug 4, 2024

CVE-2021-45632

Description

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR750 before 4.6.3.6, RBK752 before 3.2.17.12, RBR750 before 3.2.17.12, RBS750 before 3.2.17.12, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

NETGEAR WiFi systems are vulnerable to pre-authentication command injection, allowing unauthenticated remote attackers to execute arbitrary commands on affected devices.

Vulnerability

A pre-authentication command injection vulnerability exists in several NETGEAR WiFi system models. The flaw resides in the firmware of the affected devices and can be triggered without any authentication. Affected models include CBR750 (firmware before 4.6.3.6), RBK752, RBR750, RBS750, RBK852, RBR850, and RBS850 (all firmware before 3.2.17.12). An unauthenticated attacker can exploit this vulnerability over the network [1].

Exploitation

An attacker with network access to the affected device can send specially crafted requests to the management interface to inject arbitrary commands. No authentication or user interaction is required. The exact attack vector is not detailed in the advisory, but the vulnerability is classified as pre-authentication command injection [1].

Impact

Successful exploitation allows an unauthenticated attacker to execute arbitrary commands with root privileges on the device. This can lead to full compromise of the WiFi system, including information disclosure, denial of service, or use as a pivot for further attacks on the network [1].

Mitigation

NETGEAR has released fixed firmware versions: CBR750 upgrade to 4.6.3.6; all other models upgrade to 3.2.17.12. The advisory was published on 2021-09-26. No workarounds are available; users are strongly advised to update their firmware immediately [1].

References

Security Advisory for Pre-Authentication Command Injection on Some WiFi Systems, PSV-2020-0505

AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

NETGEAR/NETGEAR devicesdescription
Netgear/RBK752llm-fuzzy
Range: <3.2.17.12
Netgear/RBK852llm-fuzzy
Range: <3.2.17.12
Netgear/CBR750llm-fuzzy
Range: <4.6.3.6

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

kb.netgear.com/000064137/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-WiFi-Systems-PSV-2020-0505mitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000