Lucene search

[email protected]CVE-2021-42071

HistoryOct 07, 2021 - 5:15 p.m.

CVE-2021-42071

2021-10-0717:15:00

CWE-78

[email protected]

web.nvd.nist.gov

In Wild

cve-2021-42071

visual tools

dvr vx16

remote command execution

http header

security vulnerability

nvd

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.6 High

AI Score

Confidence

High

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.957 High

EPSS

Percentile

99.4%

JSON

In Visual Tools DVR VX16 4.2.28.0, an unauthenticated attacker can achieve remote command execution via shell metacharacters in the cgi-bin/slogin/login.py User-Agent HTTP header.

CPENameOperatorVersion
visual-tools:dvr_vx16_firmwarevisual-tools dvr vx16 firmwareeq4.2.28.0

CPE	Name	Operator	Version
visual-tools:dvr_vx16_firmware	visual-tools dvr vx16 firmware	eq	4.2.28.0

References

visual-tools.com/

www.exploit-db.com/exploits/50098

www.swascan.com/security-advisory-visual-tools-dvr-cve-2021-42071/

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.6 High

AI Score

Confidence

High

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.957 High

EPSS

Percentile

99.4%

JSON

Related for CVE-2021-42071

nuclei1 attackerkb1 prion1 exploitdb1 threatpost1