Lucene search
K

Auerswald COMpact 5500R 7.8A and 8.0B Devices Backdoor

🗓️ 07 Jul 2026 16:50:48Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 33 Views

Auerswald COMpact 5500R backdoor on 7.8A and 8.0B device

Related
Refs
Code
ReporterTitlePublishedViews
Family
0day.today
Auerswald COMpact 8.0B - Multiple Backdoors Vulnerability
6 Dec 202100:00
zdt
GithubExploit
Exploit for CVE-2021-40859
28 Dec 202106:05
githubexploit
GithubExploit
Exploit for CVE-2021-40859
29 Dec 202115:15
githubexploit
ATTACKERKB
CVE-2021-40859
7 Dec 202119:15
attackerkb
Circl
CVE-2021-40859
7 Dec 202122:22
circl
CNNVD
Auerswald Compact 系列安全漏洞
6 Dec 202100:00
cnnvd
CNVD
Auerswald Compact has an unspecified vulnerability
8 Dec 202100:00
cnvd
CVE
CVE-2021-40859
7 Dec 202118:59
cve
Cvelist
CVE-2021-40859
7 Dec 202118:59
cvelist
Exploit DB
Auerswald COMpact 8.0B - Multiple Backdoors
6 Dec 202100:00
exploitdb
Rows per page
id: CVE-2021-40859

info:
  name: Auerswald COMpact 5500R 7.8A and 8.0B Devices Backdoor
  author: pussycat0x
  severity: critical
  description: Auerswald COMpact 5500R 7.8A and 8.0B devices contain an unauthenticated endpoint ("https://192.168.1[.]2/about_state"), enabling the bad actor to gain backdoor access to a web interface that allows for resetting the administrator password.
  impact: |
    Unauthenticated attackers can gain unauthorized access to affected devices.
  remediation: |
    Apply the latest firmware update provided by Auerswald to fix the backdoor vulnerability.
  reference:
    - https://thehackernews.com/2021/12/secret-backdoors-found-in-german-made.html
    - https://nvd.nist.gov/vuln/detail/CVE-2021-40859
    - https://www.redteam-pentesting.de/en/advisories/-advisories-publicised-vulnerability-analyses
    - https://www.redteam-pentesting.de/en/advisories/rt-sa-2021-007/-auerswald-compact-multiple-backdoors
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2021-40859
    epss-score: 0.71979
    epss-percentile: 0.99353
    cpe: cpe:2.3:o:auerswald:compact_5500r_firmware:7.8a:build002:*:*:*:*:*:*
  metadata:
    max-request: 1
    vendor: auerswald
    product: compact_5500r_firmware
    fofa-query: '"auerswald"'
  tags: cve2021,cve,iot,unauth,voip,auerswald,vuln

http:
  - method: GET
    path:
      - "{{BaseURL}}/about_state"

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - '"pbx"'
          - '"dongleStatus":0'
          - '"macaddr"'
        condition: and

      - type: word
        part: header
        words:
          - "application/json"

      - type: status
        status:
          - 200
# digest: 490a0046304402204c7d6a6347e16728fe376f4ae10906dab2aa5e2bf7e7e41c366ae908ce12e974022058aab6cfcc12e38c21de434db109ac1f26615c3ef66c6075c3e3a1069e8f3438:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
7.4High risk
Vulners AI Score7.4
CVSS 3.19.8
CVSS 210
EPSS0.71979
33