Lucene search

[email protected]NVD:CVE-2021-4242

HistoryNov 30, 2022 - 2:15 p.m.

CVE-2021-4242

2022-11-3014:15:10

CWE-707

CWE-78

[email protected]

web.nvd.nist.gov

sapido

br270n

brc76n

gr297

rb1732

critical

os command injection

remote attack

vdb-214592

file ip/syscmd.htm

cve-2021-4242

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.003 Low

EPSS

Percentile

66.2%

JSON

A vulnerability was found in Sapido BR270n, BRC76n, GR297 and RB1732 and classified as critical. Affected by this issue is some unknown functionality of the file ip/syscmd.htm. The manipulation leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-214592.

Affected configurations

NVD

Node

sapidobr270n_firmwareMatch2.1.03

AND

sapidobr270nMatch-

Node

sapidobrc76n_firmwareMatch2.1.03

AND

sapidobrc76nMatch-

Node

sapidogr297n_firmwareMatch2.1.3

AND

sapidogr297nMatch-

Node

sapidorb-1732_firmwareMatch2.0.43

AND

sapidorb-1732Match-

References

blog.csdn.net/qq_44159028/article/details/114590267

github.com/smallpiggy/Sapido--rce/blob/main/Sapido%E8%B7%AF%E7%94%B1%E5%99%A8-rce.py

vuldb.com/?id.214592

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.003 Low

EPSS

Percentile

66.2%

JSON

Related for NVD:CVE-2021-4242

cve1 prion1 cvelist1