CVE-2021-38519
6.3 MEDIUMCertain NETGEAR devices are affected by command injection by an authenticated user
Published: 2021-08-11 · Last updated: 2026-06-17
Severity and scoring
- CVSS
- 6.3 MEDIUM
- Vector
- CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L
- CWE
- CWE-77
Affected products
| Vendor | Product |
|---|---|
| netgear | r6250_firmware, r6300_firmware, r6400_firmware |
Description
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects R6250 before 1.0.4.36, R6300v2 before 1.0.4.36, R6400 before 1.0.1.50, R6400v2 before 1.0.2.66, R6700v3 before 1.0.2.66, R6700 before 1.0.2.8, R6900 before 1.0.2.8, R7000 before 1.0.9.88, R6900P before 1.3.2.132, R7100LG before 1.0.0.52, R7900 before 1.0.3.10, R8000 before 1.0.4.46, R7900P before 1.4.1.50, R8000P before 1.4.1.50, and RAX80 before 1.0.1.40.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2021-38519
- [Vendor advisory]https://kb.netgear.com/000063762/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Routers-PSV-2018-0564
- [Vendor advisory]https://kb.netgear.com/000063762/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Routers-PSV-2018-0564
Related CVEs
Same vendor
- CVE-2021-40847 — The update process of the Circle Parental Control Service on various NETGEAR routers allows remote attackers to achieve remote code execu... (8.1 HIGH)
- CVE-2021-41383 — setup.cgi on NETGEAR R6020 1.0.0.48 devices allows an admin to execute arbitrary shell commands via shell metacharacters in the ntp_serve... (7.2 HIGH)
- CVE-2021-41314 — Certain NETGEAR smart switches are affected by a \n injection in the web UI's password field, which - due to several faulty aspects of th... (8.8 HIGH)
- CVE-2021-40867 — Certain NETGEAR smart switches are affected by an authentication hijacking race-condition vulnerability by an unauthenticated attacker wh... (7.8 HIGH)
- CVE-2021-40866 — Certain NETGEAR smart switches are affected by a remote admin password change by an unauthenticated attacker via the (disabled by default... (9.8 CRITICAL)
Same CWE
- CVE-2024-24909 — Dell OpenManage Integration with Microsoft Windows Admin Center contains a Remote Code Execution vulnerability in the gateway plugin (8.8 HIGH)
- CVE-2025-56814 — A code injection vulnerability in the wxExecute() function of OpenCPN v5.12.0 allows attackers to execute arbitrary code via embedding sh... (7.8 HIGH)
- CVE-2026-12223 — A vulnerability was identified in Yealink SIP-T46U 108.86.0.118 (5.5 MEDIUM)
- CVE-2026-12219 — A flaw has been found in Yealink SIP-T46U 108.86.0.118 (6.3 MEDIUM)
- CVE-2026-12197 — A security flaw has been discovered in Ruijie EG105G-P 2.340 (7.2 HIGH)