CVE-2021-45601 – This vulnerability allows authenticated users o... (How to Fix)

Q: What is the severity of CVE-2021-45601?

CVE-2021-45601 has a CVSS score of 8.4 (HIGH). This vulnerability allows authenticated users on certain NETGEAR WiFi systems to execute arbitrary commands through command injection. It affects specific NETGEAR CBR40, CBR750, RBK852, RBR850, and RBS850 devices running vulnerable firmware versions.

📋 TL;DR

This vulnerability allows authenticated users on certain NETGEAR WiFi systems to execute arbitrary commands through command injection. It affects specific NETGEAR CBR40, CBR750, RBK852, RBR850, and RBS850 devices running vulnerable firmware versions.

💻 Affected Systems

Products:

NETGEAR CBR40
NETGEAR CBR750
NETGEAR RBK852
NETGEAR RBR850
NETGEAR RBS850

Versions: CBR40 before 2.5.0.24, CBR750 before 4.6.3.6, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, RBS850 before 3.2.17.12

Operating Systems: Embedded firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Requires authenticated access to the device's web interface or API.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

An authenticated attacker could gain full control of the device, potentially compromising the entire network, stealing data, or using the device as a pivot point for further attacks.

🟠

Likely Case

An authenticated malicious user could execute limited commands to disrupt network services, modify device settings, or perform reconnaissance.

🟢

If Mitigated

With proper access controls limiting authenticated users to trusted individuals only, the impact is reduced to potential insider threats.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authenticated access, making it primarily an insider threat or post-compromise attack vector.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: CBR40: 2.5.0.24, CBR750: 4.6.3.6, RBK852/RBR850/RBS850: 3.2.17.12

Vendor Advisory: https://kb.netgear.com/000064147/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-WiFi-Systems-PSV-2020-0563

Restart Required: Yes

Instructions:

1. Log into the NETGEAR device web interface. 2. Navigate to Advanced > Administration > Firmware Update. 3. Check for updates and apply the latest firmware. 4. Reboot the device after update completes.

🔧 Temporary Workarounds

Restrict administrative access

all

Limit device administration to trusted IP addresses and users only.

🧯 If You Can't Patch

Implement strict access controls to limit authenticated users to trusted personnel only.
Monitor device logs for unusual command execution patterns or configuration changes.

🔍 How to Verify

Check if Vulnerable:

Check the firmware version in the device web interface under Advanced > Administration > Firmware Update.

Check Version:

No CLI command available; check via web interface at Advanced > Administration > Firmware Update.

Verify Fix Applied:

Verify the firmware version matches or exceeds the patched versions listed in the fix information.

📡 Detection & Monitoring

Log Indicators:

Unusual command execution in system logs
Multiple failed authentication attempts followed by successful login and configuration changes

Network Indicators:

Unexpected outbound connections from the device
Unusual traffic patterns to/from the device management interface

SIEM Query:

source="netgear_device" AND (event_type="command_execution" OR event_type="configuration_change")

📊 Metadata

CVE ID: CVE-2021-45601

CVSS v3 Score: 8.4 (HIGH)

CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

CWE: CWE-77

Published: December 26, 2021

Last Updated: November 21, 2024

🔗 References

https://kb.netgear.com/000064147/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-WiFi-Systems-PSV-2020-0563 Patch,Vendor Advisory
https://kb.netgear.com/000064147/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-WiFi-Systems-PSV-2020-0563 Patch,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-45601, you might also want to check these: