CVE-2021-47745

Name of the Vulnerable Software and Affected Versions Cypress Solutions CTM-200 version 2.7.1

Description The software contains an authenticated command injection issue in the firmware upgrade script that allows remote attackers to execute shell commands. Attackers can exploit the fw url parameter in the ctm-config-upgrade.sh script to inject and execute arbitrary commands with root privileges.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.