CVE-2021-20173

CWE-78OS Command InjectionCWE-77Command Injection3 documents3 sources
Severity
8.8HIGH
EPSS
11.5%
top 6.37%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Netgear R6700 Firmware
Timeline
PublishedDec 30
Latest updateDec 31

Description

Netgear Nighthawk R6700 version 1.0.4.120 contains a command injection vulnerability in update functionality of the device. By triggering a system update check via the SOAP interface, the device is susceptible to command injection via preconfigured values.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5netgear_nighthawk_r67001.0.4.120
NVDnetgear/r6700_firmware1.0.4.120

🔴Vulnerability Details

2
GHSA
GHSA-x3v5-8924-rm83: Netgear Nighthawk R6700 version 12021-12-31
CVEList
CVE-2021-20173: Netgear Nighthawk R6700 version 12021-12-30
CVE-2021-20173 (HIGH CVSS 8.8) | Netgear Nighthawk R6700 version 1.0 | cvebase.io