9 matches found
CVE-2021-41282
diagroutes.php in pfSense 2.5.2 allows sed data injection. Authenticated users are intended to be able to view data about the routes set in the firewall. The data is retrieved by executing the netstat utility, and then its output is parsed via the sed utility. Although the common protection...
pfSense Remote Code Execution (CVE-2021-41282)
A remote code execution vulnerability exists in pfSense. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
pfSense Diag Routes Web Shell Upload
This module exploits an arbitrary file creation vulnerability in the pfSense HTTP interface CVE-2021-41282. The vulnerability affects versions use exploit/unix/http/pfsensediagrouteswebshell msf exploitpfsensediagrouteswebshell show targets ...targets... msf exploitpfsensediagrouteswebshell set...
pfSense 2.5.2 Shell Upload
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'pfSense Diag Routes Web Shell Upload', 'Description' = %q This module exploits an arbitrary file creation vulnerability in the pfSense HTTP...
pfSense 2.5.2 Shell Upload Exploit
This Metasploit module exploits an arbitrary file creation vulnerability in the pfSense HTTP interface CVE-2021-41282. The vulnerability affects versions 2.5.2 and below and can be exploited by an authenticated user if they have the "WebCfg - Diagnostics: Routing tables" privilege. This module us...
CVE-2021-41282
creationtimestamp| type| source ---|---|--- 2022-03-03 21:29:29+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/http/pfsensediagrouteswebshell.rb 2025-02-06 03:13:45+00:00| seen| MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd 2025-02-23 04:10:40+00:00| see...
CVE-2021-41282
diagroutes.php in pfSense 2.5.2 allows sed data injection. Authenticated users are intended to be able to view data about the routes set in the firewall. The data is retrieved by executing the netstat utility, and then its output is parsed via the sed utility. Although the common protection...
CVE-2021-41282
CVE-2021-41282 affects pfSense 2.5.2 where diag_routes.php uses netstat output parsed by sed. Despite escapeshellarg, an attacker with authenticated access and the required WebCfg privilege can inject sed code, enabling arbitrary file write and potential web shell execution. Descriptions across c...
CVE-2021-41282
diagroutes.php in pfSense 2.5.2 allows sed data injection. Authenticated users are intended to be able to view data about the routes set in the firewall. The data is retrieved by executing the netstat utility, and then its output is parsed via the sed utility. Although the common protection...