CVE-2021-33728

Name of the Vulnerable Software and Affected Versions: SINEC NMS versions prior to V1.0 SP2 Update 1

Description: A vulnerability has been identified that allows the upload of JSON objects which are deserialized to JAVA objects. Due to insecure deserialization of user-supplied content, a privileged attacker could exploit this vulnerability by sending a crafted serialized Java object, potentially allowing the execution of arbitrary code on the device with root privileges.

Recommendations: For versions prior to V1.0 SP2 Update 1, update to V1.0 SP2 Update 1 or later to resolve the issue. As a temporary workaround, consider restricting the upload of JSON objects to trusted sources until a patch is applied.