CVE-2021-42071

Опубликовано: 07 окт. 2021

Источник: nvd

CVSS3: 9.8

CVSS2: 10

EPSS Критический

Описание

In Visual Tools DVR VX16 4.2.28.0, an unauthenticated attacker can achieve remote command execution via shell metacharacters in the cgi-bin/slogin/login.py User-Agent HTTP header.

Ссылки

https://visual-tools.com/
Vendor Advisory
https://www.exploit-db.com/exploits/50098
Exploit
Third Party Advisory
VDB Entry
https://www.swascan.com/security-advisory-visual-tools-dvr-cve-2021-42071/
Exploit
Third Party Advisory
https://visual-tools.com/
Vendor Advisory
https://www.exploit-db.com/exploits/50098
Exploit
Third Party Advisory
VDB Entry
https://www.swascan.com/security-advisory-visual-tools-dvr-cve-2021-42071/
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:visual-tools:dvr_vx16_firmware:4.2.28.0:*:*:*:*:*:*:*

cpe:2.3:h:visual-tools:dvr_vx16:-:*:*:*:*:*:*:*

EPSS

Процентиль: 100%

0.91339

Критический

9.8 Critical

CVSS3

10 Critical

CVSS2

Дефекты

CWE-78

Связанные уязвимости

GHSA-5pjx-33j8-9h49

github

больше 3 лет назад

In Visual Tools DVR VX16 4.2.28.0, an unauthenticated attacker can achieve remote command execution via shell metacharacters in the cgi-bin/slogin/login.py Uaer-Agent HTTP header.