Lucene search

VulDBCVELIST:CVE-2021-4242

HistoryNov 30, 2022 - 12:00 a.m.

CVE-2021-4242 Sapido BR270n/BRC76n/GR297/RB1732 syscmd.htm os command injection

2022-11-3000:00:00

CWE-707

VulDB

www.cve.org

sapido br270n

brc76n

gr297

rb1732

syscmd.htm

os command injection

remote attack

vdb-214592

CVSS3

6.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

AI Score

9.2

Confidence

High

EPSS

0.006

Percentile

79.4%

JSON

A vulnerability was found in Sapido BR270n, BRC76n, GR297 and RB1732 and classified as critical. Affected by this issue is some unknown functionality of the file ip/syscmd.htm. The manipulation leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-214592.

CNA Affected

[
  {
    "vendor": "Sapido",
    "product": "BR270n",
    "versions": [
      {
        "version": "n/a",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Sapido",
    "product": "BRC76n",
    "versions": [
      {
        "version": "n/a",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Sapido",
    "product": "GR297",
    "versions": [
      {
        "version": "n/a",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Sapido",
    "product": "RB1732",
    "versions": [
      {
        "version": "n/a",
        "status": "affected"
      }
    ]
  }
]

References

blog.csdn.net/qq_44159028/article/details/114590267

github.com/smallpiggy/Sapido--rce/blob/main/Sapido%E8%B7%AF%E7%94%B1%E5%99%A8-rce.py

vuldb.com/?id.214592