Impact
The vulnerability arises when NetComm NF20MESH routers process the username field of a JSON payload in the dalStorage_addUserAccount endpoint. The username string is concatenated raw into a shell command that is executed by rut_doSystemAction, creating an OS command injection flaw. Attackers who possess administrative credentials can inject shell metacharacters into this field and cause the router to execute arbitrary commands as root, fully compromising the host operating system.
Affected Systems
The flaw affects NetComm Wireless Pty Ltd’s NF20MESH routers running firmware R6B031 and all earlier releases. Firmware R6B032 or later has not been confirmed as vulnerable according to the advisory; the lack of confirmation for R6B032 is inferred from missing data in the source documentation.
Risk and Exploitability
The CVSS score of 8.7 indicates a high severity vulnerability that is difficult to exploit under normal conditions. No EPSS score is available and the vulnerability is not listed in the CISA KEV catalog, suggesting no widespread exploitation has been reported. Because the flaw requires valid administrative credentials to access the management interface, an attacker must first authenticate. Once authenticated and the exploit is delivered, the attacker achieves full root‑level control of the device, enabling arbitrary command execution.
OpenCVE Enrichment