CVE-2021-45577 – This vulnerability allows authenticated users t... (How to Fix)

Q: What is the severity of CVE-2021-45577?

CVE-2021-45577 has a CVSS score of 8.4 (HIGH). This vulnerability allows authenticated users to execute arbitrary commands on affected NETGEAR WiFi systems. It affects RBK752, RBR750, RBS750, RBK852, RBR850, and RBS850 devices running firmware versions before 3.2.16.6.

📋 TL;DR

This vulnerability allows authenticated users to execute arbitrary commands on affected NETGEAR WiFi systems. It affects RBK752, RBR750, RBS750, RBK852, RBR850, and RBS850 devices running firmware versions before 3.2.16.6.

💻 Affected Systems

Products:

NETGEAR RBK752
NETGEAR RBR750
NETGEAR RBS750
NETGEAR RBK852
NETGEAR RBR850
NETGEAR RBS850

Versions: Firmware versions before 3.2.16.6

Operating Systems: Embedded firmware

Default Config Vulnerable: ⚠️ Yes

Notes: All affected devices with default configurations are vulnerable. Requires authenticated access to exploit.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise allowing attacker to install persistent backdoors, steal credentials, pivot to internal networks, or disrupt network services.

🟠

Likely Case

Privilege escalation leading to unauthorized access to device configuration, network traffic interception, or denial of service.

🟢

If Mitigated

Limited impact if strong authentication controls and network segmentation prevent unauthorized access to management interfaces.

🌐 Internet-Facing: HIGH if management interfaces are exposed to the internet, as authenticated attackers could gain full control.

🏢 Internal Only: MEDIUM as it requires authenticated access, but insider threats or compromised credentials could lead to significant impact.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authenticated access to the device's management interface. The vulnerability is in post-authentication functionality.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.2.16.6 or later

Vendor Advisory: https://kb.netgear.com/000064099/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-WiFi-Systems-PSV-2020-0085

Restart Required: Yes

Instructions:

1. Log into the router's web interface. 2. Navigate to Advanced > Administration > Firmware Update. 3. Check for updates and install firmware version 3.2.16.6 or later. 4. The device will reboot automatically after installation.

🔧 Temporary Workarounds

Restrict Management Access

all

Limit access to router management interfaces to trusted IP addresses only

Use Strong Authentication

all

Implement complex passwords and consider multi-factor authentication if supported

🧯 If You Can't Patch

Isolate affected devices in a separate VLAN with strict network segmentation
Implement strict access controls and monitor for suspicious authentication attempts

🔍 How to Verify

Check if Vulnerable:

Check firmware version in router web interface under Advanced > Administration > Firmware Update

Check Version:

No CLI command available. Check via web interface at Advanced > Administration > Firmware Update

Verify Fix Applied:

Verify firmware version shows 3.2.16.6 or later after update

📡 Detection & Monitoring

Log Indicators:

Unusual command execution patterns in system logs
Multiple failed authentication attempts followed by successful login

Network Indicators:

Unusual outbound connections from router management IP
Traffic patterns suggesting command and control activity

SIEM Query:

source="router_logs" AND (event_type="command_execution" OR event_type="system_call")

📊 Metadata

CVE ID: CVE-2021-45577

CVSS v3 Score: 8.4 (HIGH)

CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

CWE: CWE-77

Published: December 26, 2021

Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-45577, you might also want to check these: