CVE-2021-20173: OS Command Injection
First published: Thu Dec 30 2021(Updated: )
Netgear Nighthawk R6700 version 1.0.4.120 contains a command injection vulnerability in update functionality of the device. By triggering a system update check via the SOAP interface, the device is susceptible to command injection via preconfigured values.
Credit: vulnreport@tenable.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Netgear R6700 Firmware | =1.0.4.120 | |
| NETGEAR R6700 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2021-20173?
CVE-2021-20173 is a command injection vulnerability in the update functionality of Netgear Nighthawk R6700 version 1.0.4.120.
How does CVE-2021-20173 work?
CVE-2021-20173 can be exploited by triggering a system update check via the SOAP interface, allowing an attacker to inject commands through preconfigured values.
What is the severity of CVE-2021-20173?
The severity rating of CVE-2021-20173 is high, with a CVSS score of 8.8.
Which software versions are affected by CVE-2021-20173?
Netgear Nighthawk R6700 version 1.0.4.120 is affected by CVE-2021-20173.
How can I mitigate CVE-2021-20173?
To mitigate CVE-2021-20173, update the firmware of the Netgear Nighthawk R6700 device to a version that does not contain the vulnerability.
- collector/nvd-index
- agent/weakness
- agent/severity
- agent/author
- agent/references
- agent/type
- agent/description
- agent/event
- agent/softwarecombine
- agent/last-modified-date
- agent/tags
- vendor/netgear
- canonical/netgear r6700 firmware
- version/netgear r6700 firmware/1.0.4.120
- canonical/netgear r6700