Login Sign Up

CVE-2021-45678

9.8 CRITICAL
Remote Code Execution

📋 TL;DR

NETGEAR RAX200 routers running firmware before version 1.0.5.132 contain insecure code that could allow remote attackers to execute arbitrary commands or take control of the device. This affects all users of these routers who haven't updated to the patched firmware. The vulnerability is particularly dangerous because it can be exploited without authentication.

💻 Affected Systems

Products:
  • NETGEAR RAX200 Nighthawk Tri-Band WiFi 6 Router
Versions: All versions before 1.0.5.132
Operating Systems: Embedded router firmware
Default Config Vulnerable: ⚠️ Yes
Notes: All default configurations are vulnerable. No special configuration required for exploitation.

📦 What is this software?

Rax200 Firmware by Netgear

View all CVEs affecting Rax200 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device takeover allowing attacker to intercept all network traffic, install malware on connected devices, pivot to internal networks, and maintain persistent access.

🟠

Likely Case

Remote code execution leading to router compromise, DNS hijacking, credential theft from network traffic, and potential ransomware deployment.

🟢

If Mitigated

Limited impact with proper network segmentation, but still potential for router compromise affecting all connected devices.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

While no public PoC exists, the high CVSS score and unauthenticated nature make weaponization likely. Attackers can exploit this without any credentials.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.0.5.132 or later

Vendor Advisory: https://kb.netgear.com/000064171/Security-Advisory-for-Updates-on-the-RAX200-PSV-2021-0192

Restart Required: Yes

Instructions:

1. Log into router admin interface (typically 192.168.1.1 or routerlogin.net). 2. Navigate to Advanced > Administration > Firmware Update. 3. Click 'Check' for updates. 4. If update to 1.0.5.132 or later is available, click 'Yes' to install. 5. Wait for router to reboot (approximately 5-10 minutes).

🔧 Temporary Workarounds

Disable Remote Management

all

Prevents external attackers from accessing router management interface

Network Segmentation

all

Isolate router management interface to separate VLAN

🧯 If You Can't Patch

  • Replace vulnerable device with patched or different model
  • Place router behind firewall with strict inbound rules

🔍 How to Verify

Check if Vulnerable:

Check firmware version in router admin interface under Advanced > Administration > Firmware Update

Check Version:

Not applicable - check via web interface at 192.168.1.1 or routerlogin.net

Verify Fix Applied:

Confirm firmware version shows 1.0.5.132 or higher after update

📡 Detection & Monitoring

Log Indicators:

  • Unusual authentication attempts to router
  • Unexpected configuration changes
  • Unknown processes running on router

Network Indicators:

  • Unusual outbound connections from router
  • DNS queries to suspicious domains
  • Port scans originating from router

SIEM Query:

source="router" AND (event_type="config_change" OR event_type="auth_failure")

📊 Metadata

CVE ID: CVE-2021-45678
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Published: December 26, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON