CVE-2021-29003

Name of the Vulnerable Software and Affected Versions: Genexis PLATINUM 4410 version 2.1 P4410-V2-1.28

Description: The issue allows remote attackers to execute arbitrary code via shell metacharacters to "sys config valid.xgi", as demonstrated by the "sys config valid.xgi?exeshell=telnetd &" URI. This can be exploited by sending a specially crafted request to the vulnerable endpoint.

Recommendations: For Genexis PLATINUM 4410 version 2.1 P4410-V2-1.28, consider disabling access to the "sys config valid.xgi" endpoint until a patch is available. Avoid using the exeshell parameter in the affected API endpoint until the issue is resolved.