Login Sign Up

CVE-2021-45597

8.4 HIGH

📋 TL;DR

This vulnerability allows authenticated users to execute arbitrary commands on affected NETGEAR WiFi systems. It affects specific NETGEAR CBR40, CBR750, RBR850, and RBS850 devices running vulnerable firmware versions. Attackers with valid credentials can inject commands through the web interface.

💻 Affected Systems

Products:
  • NETGEAR CBR40
  • NETGEAR CBR750
  • NETGEAR RBR850
  • NETGEAR RBS850
Versions: CBR40 before 2.5.0.24, CBR750 before 4.6.3.6, RBR850 before 3.2.17.12, RBS850 before 3.2.17.12
Operating Systems: Embedded firmware
Default Config Vulnerable: ⚠️ Yes
Notes: Requires authenticated access to the web management interface. All default configurations of affected firmware versions are vulnerable.

📦 What is this software?

Cbr40 Firmware by Netgear

View all CVEs affecting Cbr40 Firmware →

Cbr750 Firmware by Netgear

View all CVEs affecting Cbr750 Firmware →

Rbk852 Firmware by Netgear

View all CVEs affecting Rbk852 Firmware →

Rbr850 Firmware by Netgear

View all CVEs affecting Rbr850 Firmware →

Rbs850 Firmware by Netgear

View all CVEs affecting Rbs850 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full device compromise allowing attackers to install persistent backdoors, intercept network traffic, pivot to internal networks, or use the device for botnet activities.

🟠

Likely Case

Local network compromise where attackers with valid credentials gain elevated privileges, modify device settings, or access connected devices.

🟢

If Mitigated

Limited impact if strong authentication controls, network segmentation, and proper access controls are implemented.

🌐 Internet-Facing: MEDIUM - Devices exposed to the internet are vulnerable if attackers obtain valid credentials through other means.
🏢 Internal Only: HIGH - Authenticated users on the local network can exploit this vulnerability to gain elevated privileges.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires valid credentials but is straightforward once authenticated. No public exploit code has been disclosed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: CBR40: 2.5.0.24, CBR750: 4.6.3.6, RBR850: 3.2.17.12, RBS850: 3.2.17.12

Vendor Advisory: https://kb.netgear.com/000064142/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-WiFi-Systems-PSV-2020-0539

Restart Required: Yes

Instructions:

1. Log into NETGEAR router web interface. 2. Navigate to Advanced > Administration > Firmware Update. 3. Check for updates or manually download firmware from NETGEAR support site. 4. Upload and install the patched firmware version. 5. Reboot the device after installation.

🔧 Temporary Workarounds

Restrict web interface access

all

Limit access to the router's web management interface to trusted IP addresses only.

Change default credentials

all

Ensure strong, unique passwords are set for all administrative accounts.

🧯 If You Can't Patch

  • Segment affected devices on isolated network VLANs
  • Implement strict access controls and monitor for suspicious authentication attempts

🔍 How to Verify

Check if Vulnerable:

Check firmware version in router web interface under Advanced > Administration > Firmware Update

Check Version:

Login to router web interface and navigate to Advanced > Administration > Firmware Update to view current version

Verify Fix Applied:

Verify firmware version matches or exceeds patched versions: CBR40: 2.5.0.24+, CBR750: 4.6.3.6+, RBR850: 3.2.17.12+, RBS850: 3.2.17.12+

📡 Detection & Monitoring

Log Indicators:

  • Unusual command execution in system logs
  • Multiple failed authentication attempts followed by successful login
  • Unexpected configuration changes

Network Indicators:

  • Unusual outbound connections from router
  • Traffic patterns suggesting command and control activity

SIEM Query:

source="router_logs" AND (event="command_injection" OR event="shell_execution")

📊 Metadata

CVE ID: CVE-2021-45597
CVSS v3 Score: 8.4 (HIGH)
CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
CWE: CWE-77
Published: December 26, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-45597, you might also want to check these:

CVE-2024-48841 10.0

This critical vulnerability in FLXEON software allows remote attackers to execute arbitrary code wit...

Same vulnerability type (CWE-77)
CVE-2025-59818 10.0

This vulnerability allows authenticated attackers to execute arbitrary system commands by manipulati...

Same vulnerability type (CWE-77)
CVE-2024-28354 10.0

This is a critical command injection vulnerability in TRENDnet TEW-827DRU routers that allows remote...

Same vulnerability type (CWE-77)