Joel Sanchez

**Name of the Vulnerable Software and Affected Versions** NETGEAR R6020 version 1.0.0.48 **Description** The issue is related to the lack of input validation, allowing an attacker to execute arbitrary shell commands via shell metacharacters in the `ntp server` field. This can be done by exploiting the `setup.cgi` endpoint on the NETGEAR R6020 device. An admin can execute arbitrary shell commands, potentially leading to remote code execution. **Recommendations** For NETGEAR R6020 version 1.0.0.48, consider disabling the `setup.cgi` endpoint or restricting access to it until a patch is available. Avoid using shell metacharacters in the `ntp server` field to minimize the risk of exploitation.