CVE-2021-21874

Опубликовано: 22 дек. 2021

Источник: nvd

CVSS3: 9.1

CVSS2: 9

EPSS Низкий

Описание

A specially-crafted HTTP request can lead to arbitrary command execution in DSA keypasswd parameter. An attacker can make an authenticated HTTP request to trigger this vulnerability.

Ссылки

https://talosintelligence.com/vulnerability_reports/TALOS-2021-1314
Exploit
Third Party Advisory
https://talosintelligence.com/vulnerability_reports/TALOS-2021-1314
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:lantronix:premierwave_2050_firmware:8.9.0.0:r4:*:*:*:*:*:*

cpe:2.3:h:lantronix:premierwave_2050:-:*:*:*:*:*:*:*

EPSS

Процентиль: 77%

0.01024

Низкий

9.1 Critical

CVSS3

9.1 Critical

CVSS3

9 Critical

CVSS2

Дефекты

CWE-78

Связанные уязвимости

GHSA-g8hx-765h-vxcc

CVSS3: 9.1

github

около 4 лет назад

A specially-crafted HTTP request can lead to arbitrary command execution in DSA keypasswd parameter. An attacker can make an authenticated HTTP request to trigger this vulnerability.

EPSS

Процентиль: 77%

0.01024

Низкий

9.1 Critical

CVSS3

9.1 Critical

CVSS3

9 Critical

CVSS2

Дефекты

CWE-78