Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2021-42912

Опубликовано: 16 дек. 2021
Источник: nvd
CVSS3: 8.8
CVSS2: 9
EPSS Низкий

Описание

FiberHome ONU GPON AN5506-04-F RP2617 is affected by an OS command injection vulnerability. This vulnerability allows the attacker, once logged in, to send commands to the operating system as the root user via the ping diagnostic tool, bypassing the IP address field, and concatenating OS commands with a semicolon.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:fiberhome:an5506-01-a_firmware:rp0509:*:*:*:*:*:*:*
cpe:2.3:h:fiberhome:an5506-01-a:-:*:*:*:*:*:*:*
Конфигурация 2

Одновременно

cpe:2.3:o:fiberhome:an5506-01-b_firmware:rp2610:*:*:*:*:*:*:*
cpe:2.3:h:fiberhome:an5506-01-b:-:*:*:*:*:*:*:*
Конфигурация 3

Одновременно

Одно из

cpe:2.3:o:fiberhome:an5506-02-b_firmware:rp2520:*:*:*:*:*:*:*
cpe:2.3:o:fiberhome:an5506-02-b_firmware:rp2521:*:*:*:*:*:*:*
cpe:2.3:o:fiberhome:an5506-02-b_firmware:rp2603:*:*:*:*:*:*:*
cpe:2.3:h:fiberhome:an5506-02-b:-:*:*:*:*:*:*:*
Конфигурация 4

Одновременно

cpe:2.3:o:fiberhome:an5506-04-b_firmware:rp2510:*:*:*:*:*:*:*
cpe:2.3:h:fiberhome:an5506-04-b:-:*:*:*:*:*:*:*
Конфигурация 5

Одновременно

cpe:2.3:o:fiberhome:an5506-04-f_firmware:rp2617:*:*:*:*:*:*:*
cpe:2.3:h:fiberhome:an5506-04-f:-:*:*:*:*:*:*:*
Конфигурация 6

Одновременно

cpe:2.3:o:fiberhome:aan5506-04-g2g_firmware:rp2560:*:*:*:*:*:*:*
cpe:2.3:h:fiberhome:an5506-04-g2g:-:*:*:*:*:*:*:*

EPSS

Процентиль: 27%
0.00097
Низкий

8.8 High

CVSS3

9 Critical

CVSS2

Дефекты

CWE-78

Связанные уязвимости

github логотип

GHSA-hcfv-5p8h-vvh5

github
около 4 лет назад

FiberHome ONU GPON AN5506-04-F RP2617 is affected by an OS command injection vulnerability. This vulnerability allows the attacker, once logged in, to send commands to the operating system as the root user via the ping diagnostic tool, bypassing the IP address field, and concatenating OS commands with a semicolon.

EPSS

Процентиль: 27%
0.00097
Низкий

8.8 High

CVSS3

9 Critical

CVSS2

Дефекты

CWE-78