CVE-2021-38611

2021-08-2411:05:42

mitre

www.cve.org

9.8 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

52.8%

JSON

A command-injection vulnerability in the Image Upload function of the NASCENT RemKon Device Manager 4.0.0.0 allows attackers to execute arbitrary commands, as root, via shell metacharacters in the filename parameter to assets/index.php.

References

www.blacklanternsecurity.com/2021-08-23-Nascent-RemKon-CVEs/

www.nascent.com/single-post/2019/01/17/nascent-technology-releases-remkon-31-to-enhance-audio-experience