← Volver a CVEs
CVE-2021-45420
CRITICAL9.8
Descripcion
Emerson Dixell XWEB-500 products are affected by arbitrary file write vulnerability in /cgi-bin/logo_extra_upload.cgi, /cgi-bin/cal_save.cgi, and /cgi-bin/lo_utils.cgi. An attacker will be able to write any file on the target system without any kind of authentication mechanism, and this can lead to denial of service and potentially remote code execution. Note: the product has not been supported since 2018 and should be removed or replaced
Detalles CVE
Puntuacion CVSS v3.19.8
SeveridadCRITICAL
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioNONE
Publicado2/14/2022
Ultima modificacion11/21/2024
Fuentenvd
Avistamientos honeypot0
Productos afectados
emerson:dixell_xweb-500emerson:dixell_xweb-500_firmware
Debilidades (CWE)
CWE-200CWE-306CWE-668
Referencias
http://dixell.com(cve@mitre.org)
http://emerson.com(cve@mitre.org)
https://www.swascan.com/emerson(cve@mitre.org)
http://dixell.com(af854a3a-2127-422b-91ae-364da2661108)
http://emerson.com(af854a3a-2127-422b-91ae-364da2661108)
https://www.swascan.com/emerson(af854a3a-2127-422b-91ae-364da2661108)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.