Unrated severityNVD Advisory· Published Dec 26, 2021· Updated Aug 4, 2024

CVE-2021-45633

Description

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR750 before 4.6.3.6, RBR750 before 3.2.17.12, RBR850 before 3.2.17.12, RBS750 before 3.2.17.12, RBS850 before 3.2.17.12, RBK752 before 3.2.17.12, and RBK852 before 3.2.17.12.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Unauthenticated command injection in multiple NETGEAR WiFi systems allows remote attackers to execute arbitrary commands on affected devices.

Vulnerability

A pre-authentication command injection vulnerability exists in several NETGEAR WiFi system models. The flaw resides in the firmware of the affected devices, allowing an unauthenticated attacker to inject arbitrary commands. Affected models and fixed firmware versions are: CBR750 before 4.6.3.6, RBR750, RBR850, RBS750, RBS850, RBK752, and RBK852 all before 3.2.17.12 [1].

Exploitation

An attacker can exploit this vulnerability without any prior authentication or network access credentials. The attack vector is remote, requiring only network connectivity to the affected device. The exact exploitation steps are not publicly detailed, but the advisory confirms that the command injection occurs before authentication, meaning no user interaction or special privileges are needed [1].

Impact

Successful exploitation allows an unauthenticated attacker to execute arbitrary commands on the device with elevated privileges. This can lead to full compromise of the device, including disclosure of sensitive information, modification of device configuration, and potential use as a pivot point for further network attacks [1].

Mitigation

NETGEAR has released fixed firmware versions for all affected models: CBR750 firmware version 4.6.3.6, and for the other models firmware version 3.2.17.12. Users are strongly advised to download and install the latest firmware from NETGEAR Support as soon as possible. No workarounds are provided; updating to the patched firmware is the only mitigation [1].

References

Security Advisory for Pre-Authentication Command Injection on Some WiFi Systems, PSV-2020-0514

AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

NETGEAR/NETGEAR devicesdescription
Netgear/RBR750llm-fuzzy
Range: <3.2.17.12
Netgear/RBR850llm-fuzzy
Range: <3.2.17.12
Netgear/CBR750llm-fuzzy
Range: <4.6.3.6

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

kb.netgear.com/000064511/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-WiFi-Systems-PSV-2020-0514mitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000