2 matches found
CVE-2021-41282
diagroutes.php in pfSense 2.5.2 allows sed data injection. Authenticated users are intended to be able to view data about the routes set in the firewall. The data is retrieved by executing the netstat utility, and then its output is parsed via the sed utility. Although the common protection...
Routes behind a firewall are accessible even when not logged in
More info at https://symfony.com/blog/security-release-symfony-2-0-20-and-2-1-5-released...