Arbitrary Command Execution Vulnerability in NETGEAR R6020
CVE-2021-41383

7.2HIGH

Key Information:

Vendor: Netgear
Status: R6020 Firmware
Vendor: CVE Published:; 17 September 2021

What is CVE-2021-41383?

The setup.cgi script on NETGEAR R6020 devices version 1.0.0.48 is vulnerable to arbitrary command execution. An authenticated administrator can exploit this vulnerability by injecting shell metacharacters into the ntp_server input field, allowing them to execute unrestricted shell commands on the underlying system. This can lead to potential unauthorized access or control over the device, posing significant security risks.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://j-o-e-l-s.github.io/2021/09/15/Hacking-The-Netgea...

x_refsource_MISC

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 17, 2021
Vulnerability Reserved
Sep 17, 2021

JSON

Netgear

What is CVE-2021-41383?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.