Vulnerability Name:

CVE-2021-0176 (CCN-219052)

Assigned:2020-10-22
Published:2022-02-08
Updated:2022-02-15
Summary:Improper input validation in firmware for some Intel(R) PROSet/Wireless Wi-Fi in multiple operating systems and some Killer(TM) Wi-Fi in Windows 10 and 11 may allow a privileged user to potentially enable denial of service via local access.
CVSS v3 Severity:4.4 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)
3.9 Low (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): 
Attack Complexity (AC): 
Privileges Required (PR): 
User Interaction (UI): 
Scope:Scope (S): 
Impact Metrics:Confidentiality (C): 
Integrity (I): 
Availibility (A): 
5.1 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H)
4.5 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): 
Attack Complexity (AC): 
Privileges Required (PR): 
User Interaction (UI): 
Scope:Scope (S): 
Impact Metrics:Confidentiality (C): 
Integrity (I): 
Availibility (A): 
CVSS v2 Severity:2.1 Low (CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
5.2 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:S/C:N/I:P/A:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): Complete
Vulnerability Type:CWE-20
Vulnerability Consequences:Denial of Service
References:Source: MITRE
Type: CNA
CVE-2021-0176

Source: XF
Type: UNKNOWN
intel-cve20210176-dos(219052)

Source: CCN
Type: Lenovo Security Advisory: LEN-62745
Intel PROSet Wireless Wi-Fi, Intel AMT Wireless and Killer Wi-Fi Software Advisory

Source: CCN
Type: INTEL-SA-00539
Intel PROSet/Wireless Wi-Fi, Intel AMT Wireless and Killer Wi-Fi Software Advisory

Source: MISC
Type: Vendor Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00539.html

Vulnerable Configuration:Configuration 1:
  • cpe:/o:intel:amt_ac_8260_firmware:*:*:*:*:*:*:*:* (Version < 11.8.90)
  • AND
  • cpe:/h:intel:amt_ac_8260:-:*:*:*:*:*:*:*

    • Configuration 2:
  • cpe:/o:intel:amt_ac_8265_firmware:*:*:*:*:*:*:*:* (Version < 11.8.90)
  • AND
  • cpe:/h:intel:amt_ac_8265:-:*:*:*:*:*:*:*

    • Configuration 3:
  • cpe:/o:intel:amt_ac_9260_firmware:*:*:*:*:*:*:*:* (Version < 12.0.85)
  • AND
  • cpe:/h:intel:amt_ac_9260:-:*:*:*:*:*:*:*

    • Configuration 4:
  • cpe:/o:intel:amt_ac_9560_firmware:*:*:*:*:*:*:*:* (Version < 12.0.85)
  • AND
  • cpe:/h:intel:amt_ac_9560:-:*:*:*:*:*:*:*

    • Configuration 5:
  • cpe:/o:intel:amt_wi-fi_6_ax200_firmware:*:*:*:*:*:*:*:* (Version < 12.0.85)
  • OR cpe:/o:intel:amt_wi-fi_6_ax200_firmware:*:*:*:*:*:*:*:* (Version >= 14.0.0 and < 14.1.60)
  • OR cpe:/o:intel:amt_wi-fi_6_ax200_firmware:*:*:*:*:*:*:*:* (Version >= 15.0.0 and < 15.0.35)
  • AND
  • cpe:/h:intel:amt_wi-fi_6_ax200:-:*:*:*:*:*:*:*

    • Configuration 6:
  • cpe:/o:intel:amt_wi-fi_6_ax201_firmware:*:*:*:*:*:*:*:* (Version >= 14.0.0 and < 14.1.60)
  • OR cpe:/o:intel:amt_wi-fi_6_ax201_firmware:*:*:*:*:*:*:*:* (Version >= 15.0.0 and < 15.0.35)
  • AND
  • cpe:/h:intel:amt_wi-fi_6_ax201:-:*:*:*:*:*:*:*

    • Configuration 7:
  • cpe:/o:intel:amt_wi-fi_6_ax210_firmware:*:*:*:*:*:*:*:* (Version < 15.0.35)
  • AND
  • cpe:/h:intel:amt_wi-fi_6_ax210:-:*:*:*:*:*:*:*

    • Configuration 8:
  • cpe:/o:intel:proset_ac_3165_firmware:*:*:*:*:*:*:*:* (Version < 22.60)
  • AND
  • cpe:/h:intel:proset_ac_3165:-:*:*:*:*:*:*:*

    • Configuration 9:
  • cpe:/o:intel:proset_ac_3168_firmware:*:*:*:*:*:*:*:* (Version < 22.60)
  • AND
  • cpe:/h:intel:proset_ac_3168:-:*:*:*:*:*:*:*

    • Configuration 10:
  • cpe:/o:intel:proset_ac_8260_firmware:*:*:*:*:*:*:*:* (Version < 22.60)
  • AND
  • cpe:/h:intel:proset_ac_8260:-:*:*:*:*:*:*:*

    • Configuration 11:
  • cpe:/o:intel:proset_ac_8265_firmware:*:*:*:*:*:*:*:* (Version < 22.60)
  • AND
  • cpe:/h:intel:proset_ac_8265:-:*:*:*:*:*:*:*

    • Configuration 12:
  • cpe:/o:intel:proset_ac_9260_firmware:*:*:*:*:*:*:*:* (Version < 22.60)
  • AND
  • cpe:/h:intel:proset_ac_9260:-:*:*:*:*:*:*:*

    • Configuration 13:
  • cpe:/o:intel:proset_ac_9461_firmware:*:*:*:*:*:*:*:* (Version < 22.60)
  • AND
  • cpe:/h:intel:proset_ac_9461:-:*:*:*:*:*:*:*

    • Configuration 14:
  • cpe:/o:intel:proset_ac_9462_firmware:*:*:*:*:*:*:*:* (Version < 22.60)
  • AND
  • cpe:/h:intel:proset_ac_9462:-:*:*:*:*:*:*:*

    • Configuration 15:
  • cpe:/o:intel:proset_ac_9560_firmware:*:*:*:*:*:*:*:* (Version < 22.60)
  • AND
  • cpe:/h:intel:proset_ac_9560:-:*:*:*:*:*:*:*

    • Configuration 16:
  • cpe:/o:intel:proset_wi-fi_6_ax200_firmware:*:*:*:*:*:*:*:* (Version < 22.60)
  • AND
  • cpe:/h:intel:proset_wi-fi_6_ax200:-:*:*:*:*:*:*:*

    • Configuration 17:
  • cpe:/o:intel:proset_wi-fi_6_ax201_firmware:*:*:*:*:*:*:*:* (Version < 22.60)
  • AND
  • cpe:/h:intel:proset_wi-fi_6_ax201:-:*:*:*:*:*:*:*

    • Configuration 18:
  • cpe:/o:intel:proset_wi-fi_6e_ax210_firmware:*:*:*:*:*:*:*:* (Version < 22.60)
  • AND
  • cpe:/h:intel:proset_wi-fi_6e_ax210:-:*:*:*:*:*:*:*

    • Configuration 19:
  • cpe:/o:intel:proset_wireless_7265_(rev_d)_firmware:*:*:*:*:*:*:*:* (Version < 22.60)
  • AND
  • cpe:/h:intel:proset_wireless_7265_(rev_d):-:*:*:*:*:*:*:*

    • Configuration 20:
  • cpe:/o:intel:killer_ac_1550_firmware:*:*:*:*:*:*:*:* (Version < 3.0)
  • AND
  • cpe:/h:intel:killer_ac_1550:-:*:*:*:*:*:*:*

    • Configuration 21:
  • cpe:/o:intel:killer_wi-fi_6_ax1650_firmware:*:*:*:*:*:*:*:* (Version < 3.0)
  • AND
  • cpe:/h:intel:killer_wi-fi_6_ax1650:-:*:*:*:*:*:*:*

    • Configuration 22:
  • cpe:/o:intel:killer_wi-fi_6e_ax1675_firmware:*:*:*:*:*:*:*:* (Version < 3.0)
  • AND
  • cpe:/h:intel:killer_wi-fi_6e_ax1675:-:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/h:intel:wi-fi_6_ax201:-:*:*:*:*:*:*:*
  • OR cpe:/h:intel:wi-fi_6_ax200:-:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Vulnerability Name:

    CVE-2021-0176 (CCN-250285)

    Assigned:2020-10-22
    Published:2023-03-15
    Updated:2023-03-15
    Summary:NETGEAR devices could allow a remote attacker to execute arbitrary commands on the system, caused by a command injection vulnerability. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system.
    CVSS v3 Severity:4.4 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)
    3.9 Low (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)
    Exploitability Metrics:Attack Vector (AV): 
    Attack Complexity (AC): 
    Privileges Required (PR): 
    User Interaction (UI): 
    Scope:Scope (S): 
    Impact Metrics:Confidentiality (C): 
    Integrity (I): 
    Availibility (A): 
    6.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
    5.5 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C)
    Exploitability Metrics:Attack Vector (AV): 
    Attack Complexity (AC): 
    Privileges Required (PR): 
    User Interaction (UI): 
    Scope:Scope (S): 
    Impact Metrics:Confidentiality (C): 
    Integrity (I): 
    Availibility (A): 
    CVSS v2 Severity:2.1 Low (CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P)
    Exploitability Metrics:Access Vector (AV): Local
    Access Complexity (AC): Low
    Authentication (Au): None
    Impact Metrics:Confidentiality (C): None
    Integrity (I): None
    Availibility (A): Partial
    5.8 Medium (CCN CVSS v2 Vector: AV:A/AC:L/Au:N/C:P/I:P/A:P)
    Exploitability Metrics:Access Vector (AV): Adjacent_Network
    Access Complexity (AC): Low
    Athentication (Au): None
    Impact Metrics:Confidentiality (C): Partial
    Integrity (I): Partial
    Availibility (A): Partial
    Vulnerability Consequences:Gain Access
    References:Source: MITRE
    Type: CNA
    CVE-2021-0176

    Source: XF
    Type: UNKNOWN
    netgear-cve20210176-cmd-exec(250285)

    Source: CCN
    Type: NETGEAR Security Advisory: PSV-2021-0076
    Security Advisory for Pre-Authentication Command Injection on Some Router and Extenders

    Source: CCN
    Type: Netgear Web site
    Netgear

    Vulnerable Configuration:Configuration CCN 1:
  • cpe:/h:netgear:r6400:-:*:*:*:*:*:*:*
  • OR cpe:/h:netgear:r7000:-:*:*:*:*:*:*:*
  • OR cpe:/h:netgear:r7000p:-:*:*:*:*:*:*:*
  • OR cpe:/h:netgear:ex6130:-:*:*:*:*:*:*:*
  • OR cpe:/o:netgear:r6400v2_firmware:1.0.2.31:*:*:*:*:*:*:*
  • OR cpe:/h:netgear:rbr750:-:*:*:*:*:*:*:*
  • OR cpe:/h:netgear:rbs750:-:*:*:*:*:*:*:*
  • OR cpe:/h:netgear:rbr850:-:*:*:*:*:*:*:*
  • OR cpe:/h:netgear:rbs850:-:*:*:*:*:*:*:*
  • OR cpe:/h:netgear:mk62:-:*:*:*:*:*:*:*
  • OR cpe:/h:netgear:ms60:-:*:*:*:*:*:*:*
  • OR cpe:/h:netgear:rbk752:-:*:*:*:*:*:*:*
  • OR cpe:/h:netgear:rbk852:-:*:*:*:*:*:*:*
  • OR cpe:/h:netgear:rax15:-:*:*:*:*:*:*:*
  • OR cpe:/h:netgear:rax20:-:*:*:*:*:*:*:*
  • OR cpe:/h:netgear:rax200:-:*:*:*:*:*:*:*
  • OR cpe:/h:netgear:rax45:-:*:*:*:*:*:*:*
  • OR cpe:/h:netgear:rax75:-:*:*:*:*:*:*:*
  • OR cpe:/h:netgear:rax80:-:*:*:*:*:*:*:*
  • OR cpe:/h:netgear:rbw30:-:*:*:*:*:*:*:*
  • OR cpe:/h:netgear:eax20:-:*:*:*:*:*:*:*
  • OR cpe:/h:netgear:eax80:-:*:*:*:*:*:*:*
  • OR cpe:/h:netgear:mr60:-:*:*:*:*:*:*:*
  • OR cpe:/h:netgear:ex3800:-:*:*:*:*:*:*:*
  • OR cpe:/h:netgear:ex3700:-:*:*:*:*:*:*:*
  • OR cpe:/h:netgear:ex6120:-:*:*:*:*:*:*:*
  • OR cpe:/h:netgear:r8000p:-:*:*:*:*:*:*:*
  • OR cpe:/h:netgear:ms60:-:*:*:*:*:*:*:*
  • OR cpe:/h:netgear:rax38:-:*:*:*:*:*:*:*
  • OR cpe:/h:netgear:rax43:-:*:*:*:*:*:*:*
  • OR cpe:/h:netgear:rax40:v2:*:*:*:*:*:*:*
  • OR cpe:/h:netgear:mr80:-:*:*:*:*:*:*:*
  • OR cpe:/h:netgear:ms80:-:*:*:*:*:*:*:*
  • OR cpe:/h:netgear:mk83:-:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:101578
    P
    		Security update for kernel-firmware (Important)
    2022-03-31
    oval:org.opensuse.security:def:847
    P
    		Security update for kernel-firmware (Important)
    2022-03-31
    oval:org.opensuse.security:def:42259
    P
    		Security update for kernel-firmware (Important)
    2022-03-31
    oval:org.opensuse.security:def:119324
    P
    		Security update for kernel-firmware (Important)
    2022-03-04
    oval:org.opensuse.security:def:118829
    P
    		Security update for kernel-firmware (Important)
    2022-03-04
    oval:org.opensuse.security:def:119507
    P
    		Security update for kernel-firmware (Important)
    2022-03-04
    oval:org.opensuse.security:def:119019
    P
    		Security update for kernel-firmware (Important)
    2022-03-04
    oval:org.opensuse.security:def:119692
    P
    		Security update for kernel-firmware (Important)
    2022-03-04
    oval:org.opensuse.security:def:42207
    P
    		Security update for kernel-firmware (Important)
    2022-03-04
    oval:org.opensuse.security:def:119130
    P
    		Security update for kernel-firmware (Important)
    2022-03-04
    BACK
    intel amt ac 8260 firmware *
    intel amt ac 8260 -
    intel amt ac 8265 firmware *
    intel amt ac 8265 -
    intel amt ac 9260 firmware *
    intel amt ac 9260 -
    intel amt ac 9560 firmware *
    intel amt ac 9560 -
    intel amt wi-fi 6 ax200 firmware *
    intel amt wi-fi 6 ax200 firmware *
    intel amt wi-fi 6 ax200 firmware *
    intel amt wi-fi 6 ax200 -
    intel amt wi-fi 6 ax201 firmware *
    intel amt wi-fi 6 ax201 firmware *
    intel amt wi-fi 6 ax201 -
    intel amt wi-fi 6 ax210 firmware *
    intel amt wi-fi 6 ax210 -
    intel proset ac 3165 firmware *
    intel proset ac 3165 -
    intel proset ac 3168 firmware *
    intel proset ac 3168 -
    intel proset ac 8260 firmware *
    intel proset ac 8260 -
    intel proset ac 8265 firmware *
    intel proset ac 8265 -
    intel proset ac 9260 firmware *
    intel proset ac 9260 -
    intel proset ac 9461 firmware *
    intel proset ac 9461 -
    intel proset ac 9462 firmware *
    intel proset ac 9462 -
    intel proset ac 9560 firmware *
    intel proset ac 9560 -
    intel proset wi-fi 6 ax200 firmware *
    intel proset wi-fi 6 ax200 -
    intel proset wi-fi 6 ax201 firmware *
    intel proset wi-fi 6 ax201 -
    intel proset wi-fi 6e ax210 firmware *
    intel proset wi-fi 6e ax210 -
    intel proset wireless 7265 (rev d) firmware *
    intel proset wireless 7265 (rev d) -
    intel killer ac 1550 firmware *
    intel killer ac 1550 -
    intel killer wi-fi 6 ax1650 firmware *
    intel killer wi-fi 6 ax1650 -
    intel killer wi-fi 6e ax1675 firmware *
    intel killer wi-fi 6e ax1675 -
    intel wi-fi 6 ax201 -
    intel wi-fi 6 ax200 -
    netgear r6400 -
    netgear r7000 -
    netgear r7000p -
    netgear ex6130 -
    netgear r6400v2 firmware 1.0.2.31
    netgear rbr750 -
    netgear rbs750 -
    netgear rbr850 -
    netgear rbs850 -
    netgear mk62 -
    netgear ms60 -
    netgear rbk752 -
    netgear rbk852 -
    netgear rax15 -
    netgear rax20 -
    netgear rax200 -
    netgear rax45 -
    netgear rax75 -
    netgear rax80 -
    netgear rbw30 -
    netgear eax20 -
    netgear eax80 -
    netgear mr60 -
    netgear ex3800 -
    netgear ex3700 -
    netgear ex6120 -
    netgear r8000p -
    netgear ms60 -
    netgear rax38 -
    netgear rax43 -
    netgear rax40 v2
    netgear mr80 -
    netgear ms80 -
    netgear mk83 -