Arbitrary Command Execution Vulnerability in NETGEAR R6020
CVE-2021-41383

7.2HIGH

Key Information:

Vendor: Netgear
Status: R6020 Firmware
Vendor: CVE Published:; 17 September 2021

Summary

The setup.cgi script on NETGEAR R6020 devices version 1.0.0.48 is vulnerable to arbitrary command execution. An authenticated administrator can exploit this vulnerability by injecting shell metacharacters into the ntp_server input field, allowing them to execute unrestricted shell commands on the underlying system. This can lead to potential unauthorized access or control over the device, posing significant security risks.

References

https://j-o-e-l-s.github.io/2021/09/15/Hacking-The-Netgea...

x_refsource_MISC

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 17, 2021
Vulnerability Reserved
Sep 17, 2021