Rax43 Firmware
CVE-2021-20167
HIGH
Severity by source
AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
Netgear RAX43 version 1.0.3.96 contains a command injection vulnerability. The readycloud cgi application is vulnerable to command injection in the name parameter.
AnalysisAI
Netgear RAX43 version 1.0.3.96 contains a command injection vulnerability. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Command Injection (CWE-77), which allows attackers to inject arbitrary commands into system command execution. Netgear RAX43 version 1.0.3.96 contains a command injection vulnerability. The readycloud cgi application is vulnerable to command injection in the name parameter. Affected products include: Netgear Rax43 Firmware. Version information: version 1.0.3.96.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Use parameterized APIs, avoid shell execution, validate input with strict allowlists.
More in Rax43 Firmware
View allCertain NETGEAR devices are affected by command injection by an unauthenticated attacker. Rated critical severity (CVSS
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. Rated critical severity (CVSS
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. Rated critical severity (CVSS
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. Rated critical severity (CVSS
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. Rated critical severity (CVSS
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. Rated critical severity (CVSS
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. Rated critical severity (CVSS
Netgear RAX43 version 1.0.3.96 makes use of hardcoded credentials. Rated high severity (CVSS 8.8), this vulnerability is
Netgear RAX43 version 1.0.3.96 contains a buffer overrun vulnerability. Rated high severity (CVSS 8.8), this vulnerabili
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R640
Netgear RAX43 version 1.0.3.96 does not utilize secure communications to the web interface. Rated medium severity (CVSS
Netgear RAX43 version 1.0.3.96 does not have sufficient protections to the UART interface. Rated medium severity (CVSS 6
Same weakness CWE-77 – Command Injection
View allSame technique Command Injection
View allShare
External POC / Exploit Code
Leaving vuln.today