CVE-2021-38703

Опубликовано: 01 сент. 2021

Источник: nvd

CVSS3: 8.8

CVSS2: 9

EPSS Низкий

Описание

Wireless devices running certain Arcadyan-derived firmware (such as KPN Experia WiFi 1.00.15) do not properly sanitise user input to the syslog configuration form. An authenticated remote attacker could leverage this to alter the device configuration and achieve remote code execution. This can be exploited in conjunction with CVE-2021-20090.

Ссылки

https://7bits.nl/journal/posts/cve-2021-38703-kpn-experia-wifi-root-shell/
Exploit
Third Party Advisory
https://www.kpnwebshop.com/modems-routers/producten/experia-wifi/2
Vendor Advisory
https://7bits.nl/journal/posts/cve-2021-38703-kpn-experia-wifi-root-shell/
Exploit
Third Party Advisory
https://www.kpnwebshop.com/modems-routers/producten/experia-wifi/2
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:kpn:experia_wifi_firmware:1.00.15:*:*:*:*:*:*:*

cpe:2.3:h:kpn:experia_wifi:-:*:*:*:*:*:*:*

EPSS

Процентиль: 91%

0.06361

Низкий

8.8 High

CVSS3

9 Critical

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-c387-pvvx-p3vq