Lucene search

[email protected]CVE-2021-42912

HistoryDec 16, 2021 - 5:15 p.m.

CVE-2021-42912

2021-12-1617:15:00

CWE-78

[email protected]

web.nvd.nist.gov

cve-2021-42912

fiberhome

onu

gpon

an5506-04-f

rp2617

os command injection

vulnerability

nvd

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.9 High

AI Score

Confidence

High

9 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

0.009 Low

EPSS

Percentile

82.2%

JSON

FiberHome ONU GPON AN5506-04-F RP2617 is affected by an OS command injection vulnerability. This vulnerability allows the attacker, once logged in, to send commands to the operating system as the root user via the ping diagnostic tool, bypassing the IP address field, and concatenating OS commands with a semicolon.

CPENameOperatorVersion
fiberhome:an5506-01-a_firmwarefiberhome an5506-01-a firmwareeqrp0509
fiberhome:an5506-01-b_firmwarefiberhome an5506-01-b firmwareeqrp2610
fiberhome:an5506-02-b_firmwarefiberhome an5506-02-b firmwareeqrp2520
fiberhome:an5506-02-b_firmwarefiberhome an5506-02-b firmwareeqrp2521
fiberhome:an5506-02-b_firmwarefiberhome an5506-02-b firmwareeqrp2603
fiberhome:an5506-04-b_firmwarefiberhome an5506-04-b firmwareeqrp2510
fiberhome:an5506-04-f_firmwarefiberhome an5506-04-f firmwareeqrp2617
fiberhome:aan5506-04-g2g_firmwarefiberhome aan5506-04-g2g firmwareeqrp2560

CPE	Name	Operator	Version
fiberhome:an5506-01-a_firmware	fiberhome an5506-01-a firmware	eq	rp0509
fiberhome:an5506-01-b_firmware	fiberhome an5506-01-b firmware	eq	rp2610
fiberhome:an5506-02-b_firmware	fiberhome an5506-02-b firmware	eq	rp2520
fiberhome:an5506-02-b_firmware	fiberhome an5506-02-b firmware	eq	rp2521
fiberhome:an5506-02-b_firmware	fiberhome an5506-02-b firmware	eq	rp2603
fiberhome:an5506-04-b_firmware	fiberhome an5506-04-b firmware	eq	rp2510
fiberhome:an5506-04-f_firmware	fiberhome an5506-04-f firmware	eq	rp2617
fiberhome:aan5506-04-g2g_firmware	fiberhome aan5506-04-g2g firmware	eq	rp2560

References

fiberhome.com

onu.com

medium.com/%40windsormoreira/fiberhome-an5506-os-command-injection-cve-2021-42912-10b64fd10ce2

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.9 High

AI Score

Confidence

High

9 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

0.009 Low

EPSS

Percentile

82.2%

JSON

Related for CVE-2021-42912

cnvd1 cvelist1 checkpoint_advisories1 prion1