CVE-2021-45567 – This vulnerability allows authenticated users t... (How to Fix)

Q: What is the severity of CVE-2021-45567?

CVE-2021-45567 has a CVSS score of 8.4 (HIGH). This vulnerability allows authenticated users to execute arbitrary commands on affected NETGEAR WiFi systems through command injection. It affects RBK752, RBR750, RBS750, RBK852, RBR850, and RBS850 devices running firmware versions before 3.2.16.6.

📋 TL;DR

This vulnerability allows authenticated users to execute arbitrary commands on affected NETGEAR WiFi systems through command injection. It affects RBK752, RBR750, RBS750, RBK852, RBR850, and RBS850 devices running firmware versions before 3.2.16.6.

💻 Affected Systems

Products:

NETGEAR RBK752
NETGEAR RBR750
NETGEAR RBS750
NETGEAR RBK852
NETGEAR RBR850
NETGEAR RBS850

Versions: Firmware versions before 3.2.16.6

Operating Systems: Embedded firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Requires authenticated access to the web interface or API. Affects both router and satellite units in mesh systems.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

An authenticated attacker could gain full control of the device, pivot to internal networks, install persistent backdoors, or use the device as a launch point for further attacks.

🟠

Likely Case

An authenticated malicious insider or compromised account could execute commands to disrupt network services, steal credentials, or modify device configurations.

🟢

If Mitigated

With proper access controls and network segmentation, impact is limited to the affected device only.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires valid credentials. The vulnerability is in post-authentication functionality.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.2.16.6 or later

Vendor Advisory: https://kb.netgear.com/000064089/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-WiFi-Systems-PSV-2020-0075

Restart Required: Yes

Instructions:

1. Log into NETGEAR router web interface. 2. Navigate to Advanced > Administration > Firmware Update. 3. Check for updates and install firmware version 3.2.16.6 or later. 4. Reboot the device after update completes.

🔧 Temporary Workarounds

Restrict administrative access

all

Limit administrative interface access to trusted IP addresses only

Use strong authentication

all

Enforce complex passwords and consider multi-factor authentication if supported

🧯 If You Can't Patch

Segment affected devices on isolated network segments
Implement strict access controls and monitor for suspicious administrative activity

🔍 How to Verify

Check if Vulnerable:

Check firmware version in router web interface under Advanced > Administration > Firmware Update

Check Version:

Check web interface or use: curl -k https://router-ip/currentsetting.htm | grep firmware

Verify Fix Applied:

Verify firmware version shows 3.2.16.6 or higher after update

📡 Detection & Monitoring

Log Indicators:

Unusual command execution in system logs
Multiple failed authentication attempts followed by successful login
Configuration changes from unexpected sources

Network Indicators:

Unusual outbound connections from router
Traffic patterns inconsistent with normal operation

SIEM Query:

source="netgear-router" AND (event_type="command_execution" OR event_type="config_change")

📊 Metadata

CVE ID: CVE-2021-45567

CVSS v3 Score: 8.4 (HIGH)

CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

CWE: CWE-77

Published: December 26, 2021

Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-45567, you might also want to check these: