CVE-2021-20167

CWE-77 — Command Injection6 documents6 sources

Severity

8.0HIGH

EPSS

79.4%

top 0.92%

CISA KEV

Not in KEV

Exploit

Exploited in wild

Active exploitation observed

Affected products

Netgear Rax43 Firmware

Timeline

PublishedDec 30

Latest updateAug 19

Description

Netgear RAX43 version 1.0.3.96 contains a command injection vulnerability. The readycloud cgi application is vulnerable to command injection in the name parameter.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.1 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5netgear_rax431.0.3.96

▶NVDnetgear/rax43_firmware1.0.3.96

🔴Vulnerability Details

GHSA

GHSA-8r96-wwm9-5vjv: Netgear RAX43 version 1↗2021-12-31

▶

CVEList

CVE-2021-20167: Netgear RAX43 version 1↗2021-12-30

▶

VulnCheck

NETGEAR rax43 Improper Neutralization of Special Elements used in a Command ('Command Injection')↗2021

▶

💥Exploits & PoCs

Nuclei

Netgear RAX43 1.0.3.96 - Command Injection/Authentication Bypass Buffer Overrun

▶

🕵️Threat Intelligence

Unit42

Network Security Trends: Recent Exploits Observed in the Wild Include Remote Code Execution, Cross-Site Scripting and More↗2022-08-19

▶