CVE-2021-29071

CRITICAL Year: 2021
CVSS v3 Score
9.0
Critical
CVSS v2 Score
5.2
Medium
Weakness Type
CWE-77
View all →

Vulnerability Description

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK852 before 3.2.17.12, RBK853 before 3.2.17.12, RBK854 before 3.2.17.12, RBR850 before 3.2.17.12, RBS850 before 3.2.17.12, RBR752 before 3.2.17.12, RBR753 before 3.2.17.12, RBR753S before 3.2.17.12, RBR754 before 3.2.17.12, RBR750 before 3.2.17.12, and RBS750 before 3.2.17.12.

Related Vulnerabilities

CVE-2018-3963

CRITICAL
CVSS:9.0(Critical)

An exploitable command injection vulnerability exists in the DHCP daemon configuration of the CUJO Smart Firewall. When adding a new static DHCP address, its corresponding hostname is inserted into th...

CWE-772018

CVE-2023-6940

CRITICAL
CVSS:9.0(Critical)

with only one user interaction(download a malicious config), attackers can gain full command execution on the victim system.

CWE-772023

CVE-2024-2366

CRITICAL
CVSS:9.0(Critical)

A remote code execution vulnerability exists in the parisneo/lollms-webui application, specifically within the reinstall_binding functionality in lollms_core/lollms/server/endpoints/lollms_binding_inf...

CWE-772024

CVE-2024-29385

CRITICAL
CVSS:9.0(Critical)

DIR-845L router <= v1.01KRb03 has an Unauthenticated remote code execution vulnerability in the cgibin binary via soapcgi_main function.

CWE-772024

CVE-2024-47460

CRITICAL
CVSS:9.0(Critical)

Command injection vulnerability in the underlying CLI service could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point manage...

CWE-772024

CVE-2016-8628

CRITICAL
CVSS:9.1(Critical)

Ansible before version 2.2.0 fails to properly sanitize fact variables sent from the Ansible controller. An attacker with the ability to create special variables on the controller could execute arbitr...

CWE-772016