Recently, a member of the Securityium team discovered a vulnerability in certain NETGEAR devices. NETGEAR is a company that designs and manufactures networking products for consumers, businesses, and service providers.
The vulnerability, identified as CVE-2021-29069, is a command injection vulnerability that allows an authenticated user to execute arbitrary commands. It affects the XR450 before 220.127.116.11, XR500 before 18.104.22.168, and WNR2000v5 before 22.214.171.124. According to the National Vulnerability Database (NVD), it has a CVSS 3.1 score of 8.4, which is considered a high severity. The NVD also provides a detailed description of the vulnerability, its impact, and potential solutions. The link to the NVD page for this vulnerability is https://nvd.nist.gov/vuln/detail/CVE-2021-29069.
NETGEAR values the contributions of the security research community and encourages researchers to report any potential vulnerabilities they may discover. The company is committed to ensuring the security of its products and works closely with researchers to identify and address any potential vulnerabilities. NETGEAR has also released a security advisory on their website, the link to which is https://kb.netgear.com/000063023/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Routers-PSV-2020-0595.