CVE-2021-20167
HIGH EXPLOITED IN THE WILD NUCLEINetgear RAX43 1.0.3.96 - OS Command Injection via readycloud CGI Name Parameter
Title source: llmExploitation Summary
CVE-2021-20167 has been observed exploited in the wild (reported by VulnCheck KEV, InTheWild.io). A Nuclei detection template is also available.
Description
Netgear RAX43 version 1.0.3.96 contains a command injection vulnerability. The readycloud cgi application is vulnerable to command injection in the name parameter.
Nuclei Templates (1)
Netgear RAX43 1.0.3.96 - Command Injection/Authentication Bypass Buffer Overrun
HIGHby gy741
References (1)
Core 1
Core References
Third Party Advisory x_refsource_misc
https://www.tenable.com/security/research/tra-2021-55
Scores
CVSS v3
8.0
EPSS
0.0846
EPSS Percentile
94.3%
Attack Vector
ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
VulnCheck KEV
2022-08-19
InTheWild.io
2022-08-19
CWE
CWE-77
Status
published
Products (1)
netgear/rax43_firmware
1.0.3.96
Published
Dec 30, 2021
Tracked Since
Feb 18, 2026