CVE-2021-21873

CVSS v3.1

9.1

Critical

Vector

AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Hirschmann BAT-C2 (affected versions not specified)

Description The issue exists due to the lack of measures to neutralize special elements used in the operating system command. It allows a remote attacker to execute arbitrary code by sending a specially crafted HTTP request. This can lead to arbitrary command execution in the RSA keypasswd parameter.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

OS Command Injection

Stack Overflow

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78CWE-121CWE-787

Related Identifiers

BDU:2022-07482

CVE-2021-21873

Affected Products

Hirschmann Bat-C2

CVE-2021-21873

Weakness Enumeration

Related Identifiers

Affected Products

References · 5