CVEs-PoC/2021/CVE-2021-20173.md

### [CVE-2021-20173](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20173)
![](https://img.shields.io/static/v1?label=Product&message=Netgear%20Nighthawk%20R6700&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=1.0.4.120%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=Command%20Injection&color=brightgreen)

### Description

Netgear Nighthawk R6700 version 1.0.4.120 contains a command injection vulnerability in update functionality of the device. By triggering a system update check via the SOAP interface, the device is susceptible to command injection via preconfigured values.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/ARPSyndicate/cvemon