CVE-2021-45559 – This vulnerability allows authenticated users t... (How to Fix)

Q: What is the severity of CVE-2021-45559?

CVE-2021-45559 has a CVSS score of 8.4 (HIGH). This vulnerability allows authenticated users to execute arbitrary commands on affected NETGEAR WiFi systems. It affects RBK752, RBR750, RBS750, RBK852, RBR850, and RBS850 devices running firmware versions before 3.2.16.6. Attackers with valid credentials can inject malicious commands through vulnerable interfaces.

📋 TL;DR

This vulnerability allows authenticated users to execute arbitrary commands on affected NETGEAR WiFi systems. It affects RBK752, RBR750, RBS750, RBK852, RBR850, and RBS850 devices running firmware versions before 3.2.16.6. Attackers with valid credentials can inject malicious commands through vulnerable interfaces.

💻 Affected Systems

Products:

NETGEAR RBK752
NETGEAR RBR750
NETGEAR RBS750
NETGEAR RBK852
NETGEAR RBR850
NETGEAR RBS850

Versions: Firmware versions before 3.2.16.6

Operating Systems: Embedded firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Affects both router and satellite units in these WiFi 6 mesh systems. Authentication required for exploitation.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise leading to network takeover, data exfiltration, or use as pivot point for lateral movement within the network.

🟠

Likely Case

Local privilege escalation allowing attackers to modify device settings, intercept traffic, or install persistent backdoors.

🟢

If Mitigated

Limited impact if strong authentication controls and network segmentation prevent unauthorized access to management interfaces.

🌐 Internet-Facing: MEDIUM - Risk depends on whether management interfaces are exposed to the internet, which is not default but sometimes configured.

🏢 Internal Only: HIGH - Any authenticated user on the internal network could potentially exploit this vulnerability.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Requires authenticated access to the device's web interface or API. No public exploit code available as of knowledge cutoff.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.2.16.6 or later

Vendor Advisory: https://kb.netgear.com/000064079/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-WiFi-Systems-PSV-2020-0055

Restart Required: Yes

Instructions:

1. Log into router web interface. 2. Navigate to Advanced > Administration > Firmware Update. 3. Check for updates and install firmware version 3.2.16.6 or later. 4. Reboot device after update completes.

🔧 Temporary Workarounds

Restrict management access

all

Limit access to device management interfaces to trusted IP addresses only

Use strong authentication

all

Implement complex passwords and consider multi-factor authentication if supported

🧯 If You Can't Patch

Segment affected devices on isolated network VLANs
Implement strict access controls and monitor for suspicious authentication attempts

🔍 How to Verify

Check if Vulnerable:

Check firmware version in router web interface under Advanced > Administration > Firmware Update

Check Version:

Not applicable - check via web interface or mobile app

Verify Fix Applied:

Confirm firmware version is 3.2.16.6 or higher in the same location

📡 Detection & Monitoring

Log Indicators:

Unusual command execution in system logs
Multiple failed authentication attempts followed by successful login
Unexpected configuration changes

Network Indicators:

Unusual outbound connections from router
Traffic patterns inconsistent with normal operation

SIEM Query:

source="netgear-router" AND (event_type="command_execution" OR event_type="config_change")

📊 Metadata

CVE ID: CVE-2021-45559

CVSS v3 Score: 8.4 (HIGH)

CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

CWE: CWE-77

Published: December 26, 2021

Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-45559, you might also want to check these: