Lucene search
K

9 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 9:21 p.m.10 views

CVE-2021-41282

diagroutes.php in pfSense 2.5.2 allows sed data injection. Authenticated users are intended to be able to view data about the routes set in the firewall. The data is retrieved by executing the netstat utility, and then its output is parsed via the sed utility. Although the common protection...

9CVSS7.7AI score0.87113EPSS
Exploits4
Check Point Advisories
Check Point Advisories
added 2022/05/12 12:0 a.m.16 views

pfSense Remote Code Execution (CVE-2021-41282)

A remote code execution vulnerability exists in pfSense. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

9CVSS5.5AI score0.87113EPSS
Exploits4
Metasploit
Metasploit
added 2022/03/04 5:43 p.m.397 views

pfSense Diag Routes Web Shell Upload

This module exploits an arbitrary file creation vulnerability in the pfSense HTTP interface CVE-2021-41282. The vulnerability affects versions use exploit/unix/http/pfsensediagrouteswebshell msf exploitpfsensediagrouteswebshell show targets ...targets... msf exploitpfsensediagrouteswebshell set...

9CVSS8.7AI score0.87113EPSS
Exploits4
Packet Storm
Packet Storm
added 2022/03/04 12:0 a.m.381 views

pfSense 2.5.2 Shell Upload

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'pfSense Diag Routes Web Shell Upload', 'Description' = %q This module exploits an arbitrary file creation vulnerability in the pfSense HTTP...

8.8AI score0.87113EPSS
Exploits4
0day.today
0day.today
added 2022/03/04 12:0 a.m.495 views

pfSense 2.5.2 Shell Upload Exploit

This Metasploit module exploits an arbitrary file creation vulnerability in the pfSense HTTP interface CVE-2021-41282. The vulnerability affects versions 2.5.2 and below and can be exploited by an authenticated user if they have the "WebCfg - Diagnostics: Routing tables" privilege. This module us...

9CVSS0.6AI score0.87113EPSS
Exploits4
Circl
Circl
added 2022/03/03 9:29 p.m.14 views

CVE-2021-41282

creationtimestamp| type| source ---|---|--- 2022-03-03 21:29:29+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/http/pfsensediagrouteswebshell.rb 2025-02-06 03:13:45+00:00| seen| MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd 2025-02-23 04:10:40+00:00| see...

9CVSS8.6AI score0.87113EPSS
Exploits4References1
OSV
OSV
added 2022/03/01 11:15 p.m.27 views

CVE-2021-41282

diagroutes.php in pfSense 2.5.2 allows sed data injection. Authenticated users are intended to be able to view data about the routes set in the firewall. The data is retrieved by executing the netstat utility, and then its output is parsed via the sed utility. Although the common protection...

8.8CVSS7.6AI score
Exploits0References4
CVE
CVE
added 2022/03/01 10:45 p.m.164 views

CVE-2021-41282

CVE-2021-41282 affects pfSense 2.5.2 where diag_routes.php uses netstat output parsed by sed. Despite escapeshellarg, an attacker with authenticated access and the required WebCfg privilege can inject sed code, enabling arbitrary file write and potential web shell execution. Descriptions across c...

9CVSS9AI score0.87113EPSS
Exploits4References4Affected Software1
Cvelist
Cvelist
added 2022/03/01 10:45 p.m.57 views

CVE-2021-41282

diagroutes.php in pfSense 2.5.2 allows sed data injection. Authenticated users are intended to be able to view data about the routes set in the firewall. The data is retrieved by executing the netstat utility, and then its output is parsed via the sed utility. Although the common protection...

9.3AI score0.87113EPSS
Exploits4References4
Rows per page
Query Builder