Vulnerability Description
Network Attached Storage on LG N1T1*** 10124 devices allows an unauthenticated attacker to gain root access via OS command injection in the en/ajp/plugins/access.ssh/checkInstall.php destServer parameter.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Lg | N1T1 Firmware | - |
| Lg | N1T1 | - |
| Lg | N1T1Dd1 | - |
Related Weaknesses (CWE)
References
- https://www.lg.com/uk/support/product/lg-N1T1DD1ProductVendor Advisory
- https://www.lg.com/us/burners-drives/lg-N1T1-network-attached-storageProductVendor Advisory
- https://zerosecuritypenetrationtesting.com/?page_id=306ExploitThird Party AdvisoryURL Repurposed
- https://www.lg.com/uk/support/product/lg-N1T1DD1ProductVendor Advisory
- https://www.lg.com/us/burners-drives/lg-N1T1-network-attached-storageProductVendor Advisory
- https://zerosecuritypenetrationtesting.com/?page_id=306ExploitThird Party AdvisoryURL Repurposed
FAQ
What is CVE-2021-38306?
CVE-2021-38306 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Network Attached Storage on LG N1T1*** 10124 devices allows an unauthenticated attacker to gain root access via OS command injection in the en/ajp/plugins/access.ssh/checkInstall.php destServer parame...
How severe is CVE-2021-38306?
CVE-2021-38306 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2021-38306?
Check the references section above for vendor advisories and patch information. Affected products include: Lg N1T1 Firmware, Lg N1T1, Lg N1T1Dd1.