← Zuruck zu CVEs
CVE-2021-45420
CRITICAL9.8
Beschreibung
Emerson Dixell XWEB-500 products are affected by arbitrary file write vulnerability in /cgi-bin/logo_extra_upload.cgi, /cgi-bin/cal_save.cgi, and /cgi-bin/lo_utils.cgi. An attacker will be able to write any file on the target system without any kind of authentication mechanism, and this can lead to denial of service and potentially remote code execution. Note: the product has not been supported since 2018 and should be removed or replaced
CVE Details
CVSS v3.1 Bewertung9.8
SchweregradCRITICAL
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienNONE
BenutzerinteraktionNONE
Veroffentlicht2/14/2022
Zuletzt geandert11/21/2024
Quellenvd
Honeypot-Sichtungen0
Betroffene Produkte
emerson:dixell_xweb-500emerson:dixell_xweb-500_firmware
Schwachen (CWE)
CWE-200CWE-306CWE-668
Referenzen
http://dixell.com(cve@mitre.org)
http://emerson.com(cve@mitre.org)
https://www.swascan.com/emerson(cve@mitre.org)
http://dixell.com(af854a3a-2127-422b-91ae-364da2661108)
http://emerson.com(af854a3a-2127-422b-91ae-364da2661108)
https://www.swascan.com/emerson(af854a3a-2127-422b-91ae-364da2661108)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.