Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2021-38527

CVSS 8.1 · High EPSS 3.10% · P87
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2021-38527

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR40 before 2.5.0.14, EX6100v2 before 1.0.1.98, EX6150v2 before 1.0.1.98, EX6250 before 1.0.0.132, EX6400 before 1.0.2.158, EX6400v2 before 1.0.0.132, EX6410 before 1.0.0.132, EX6420 before 1.0.0.132, EX7300 before 1.0.2.158, EX7300v2 before 1.0.0.132, EX7320 before 1.0.0.132, EX7700 before 1.0.0.216, EX8000 before 1.0.1.232, R7800 before 1.0.2.78, RBK12 before 2.6.1.44, RBR10 before 2.6.1.44, RBS10 before 2.6.1.44, RBK20 before 2.6.1.38, RBR20 before 2.6.1.36, RBS20 before 2.6.1.38, RBK40 before 2.6.1.38, RBR40 before 2.6.1.36, RBS40 before 2.6.1.38, RBK50 before 2.6.1.40, RBR50 before 2.6.1.40, RBS50 before 2.6.1.40, RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, RBS850 before 3.2.16.6, RBS40V before 2.6.2.4, RBS50Y before 2.6.1.40, RBW30 before 2.6.2.2, and XR500 before 2.3.2.114.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
多款 NETGEAR 设备命令注入漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Netgear NETGEAR EX7000等都是美国网件(Netgear)公司的产品。NETGEAR EX7000是一款无线网络信号扩展器。NETGEAR EX6200是一款无线网络信号扩展器。NETGEAR EX6150是一款无线网络信号扩展器。 多款 NETGEAR 设备存在命令注入漏洞,该漏洞源于产品未过滤用户输入数据中的特殊字符,攻击者可通过该漏洞执行系统命令。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
-n/a n/a -

II. Public POCs for CVE-2021-38527

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2021-38527

登录查看更多情报信息。

Same Patch Batch · n/a · 2021-08-11 · 91 CVEs total

CVE-2021-3851610.0 CRITICAL多款Netgear产品安全漏洞
CVE-2021-385309.6 CRITICALNetgear NETGEAR 命令注入漏洞
CVE-2021-385289.6 CRITICALNetgear NETGEAR 命令注入漏洞
CVE-2021-385139.6 CRITICALNetgear RBR750 授权问题漏洞
CVE-2021-385188.4 HIGHNetgear NETGEAR 命令注入漏洞
CVE-2021-385298.3 HIGHNetgear NETGEAR 命令注入漏洞
CVE-2021-234207.7 HIGHDeserialization of Untrusted Data
CVE-2021-385157.4 HIGHNetgear NETGEAR 安全漏洞
CVE-2021-385236.9 MEDIUMNETGEAR R6400 缓冲区错误漏洞
CVE-2021-385176.9 MEDIUMNetgear NETGEAR 缓冲区错误漏洞
CVE-2021-385256.8 MEDIUMNetgear NETGEAR 缓冲区错误漏洞
CVE-2021-385226.8 MEDIUMNETGEAR R6400 缓冲区错误漏洞
CVE-2021-385206.6 MEDIUMNetgear NETGEAR 命令注入漏洞
CVE-2021-385196.3 MEDIUMNetgear NETGEAR 命令注入漏洞
CVE-2021-385216.1 MEDIUMNetgear NETGEAR 命令注入漏洞
CVE-2021-234215.6 MEDIUMPrototype Pollution
CVE-2021-385314.7 MEDIUMNetgear NETGEAR 安全漏洞
CVE-2021-385244.5 MEDIUMNetgear多款产品缓冲区错误漏洞
CVE-2021-385264.3 MEDIUMNetgear NETGEAR 缓冲区错误漏洞
CVE-2020-25565Tecknodreams SapphireIMS 信任管理问题漏洞

Showing top 20 of 91 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: n/a
Same vendor: n/a

V. Comments for CVE-2021-38527

No comments yet

Leave a comment