CVE-2021-20172
HIGHNetgear Genie Installer - Local Privilege Escalation via Insecure File Handling
Title source: llmDescription
All known versions of the Netgear Genie Installer for macOS contain a local privilege escalation vulnerability. The installer of the macOS version of Netgear Genie handles certain files in an insecure way. A malicious actor who has local access to the endpoint on which the software is going to be installed may overwrite certain files to obtain privilege escalation to root.
References (1)
Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://www.tenable.com/security/research/tra-2021-56
Scores
CVSS v3
7.8
EPSS
0.0029
EPSS Percentile
20.4%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-732
Status
published
Products (1)
netgear/genie_installer
Published
Dec 30, 2021
Tracked Since
Feb 18, 2026