CVE-2021-38306

critical

Description

Network Attached Storage on LG N1T1*** 10124 devices allows an unauthenticated attacker to gain root access via OS command injection in the en/ajp/plugins/access.ssh/checkInstall.php destServer parameter.

References

https://zerosecuritypenetrationtesting.com/?page_id=306

https://www.lg.com/us/burners-drives/lg-N1T1-network-attached-storage

https://www.lg.com/uk/support/product/lg-N1T1DD1

Details

Source: Mitre, NVD

Published: 2021-08-24

Updated: 2026-06-17

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 9.8

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H