PT-2021-13825 · NetGear · Netgear Nighthawk R6700

Jimi Sebree

Published

2021-12-30

Updated

2022-07-12

CVE-2021-20173

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Netgear Nighthawk R6700 version 1.0.4.120

Description: The issue concerns a command injection vulnerability in the update functionality of the device. This vulnerability can be triggered by initiating a system update check via the SOAP interface, allowing command injection through preconfigured values.

Recommendations: For Netgear Nighthawk R6700 version 1.0.4.120, consider disabling the update functionality via the SOAP interface until a patch is available. Restrict access to preconfigured values to minimize the risk of exploitation.

Exploit

Fix

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78

Related Identifiers

CVE-2021-20173

Affected Products

Netgear Nighthawk R6700

PT-2021-13825 · NetGear · Netgear Nighthawk R6700

CVE-2021-20173

Weakness Enumeration

Related Identifiers

Affected Products

References · 3