CVE-2021-20122
Last modified
CVE-2021-20122 is a high-severity vulnerability rated 7.2/10 on the CVSS scale. The Telus Wi-Fi Hub (PRV65B444A-S-TS) with firmware version 3.00.20 is affected by an authenticated command injection vulnerability in multiple parameters passed to tr69_cmd.cgi. A remote attacker connected to the router's LAN and authenticated with a super user account, or using a bypass authentication vulnerability like CVE-2021-20090 could leverage this issue to run commands or gain a shell as root on the target device.. EPSS estimates a 6.53% chance of exploitation in the next 30 days.
Description
The Telus Wi-Fi Hub (PRV65B444A-S-TS) with firmware version 3.00.20 is affected by an authenticated command injection vulnerability in multiple parameters passed to tr69_cmd.cgi. A remote attacker connected to the router's LAN and authenticated with a super user account, or using a bypass authentication vulnerability like CVE-2021-20090 could leverage this issue to run commands or gain a shell as root on the target device.
Metrics
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Telus | Prv65b444a-S-Ts Firmware | 3.00.20 |
References
- https://www.tenable.com/security/research/tra-2021-41Exploit, Third Party Advisory
- https://www.tenable.com/security/research/tra-2021-41Exploit, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2021-20122?
How severe is CVE-2021-20122?
How do I fix CVE-2021-20122?
Are you affected by CVE-2021-20122?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST