← Voltar para CVEs
CVE-2021-45420
CRITICAL9.8
Descricao
Emerson Dixell XWEB-500 products are affected by arbitrary file write vulnerability in /cgi-bin/logo_extra_upload.cgi, /cgi-bin/cal_save.cgi, and /cgi-bin/lo_utils.cgi. An attacker will be able to write any file on the target system without any kind of authentication mechanism, and this can lead to denial of service and potentially remote code execution. Note: the product has not been supported since 2018 and should be removed or replaced
Detalhes CVE
Pontuacao CVSS v3.19.8
SeveridadeCRITICAL
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosNONE
Interacao do usuarioNONE
Publicado2/14/2022
Ultima modificacao11/21/2024
Fontenvd
Avistamentos honeypot0
Produtos afetados
emerson:dixell_xweb-500emerson:dixell_xweb-500_firmware
Fraquezas (CWE)
CWE-200CWE-306CWE-668
Referencias
http://dixell.com(cve@mitre.org)
http://emerson.com(cve@mitre.org)
https://www.swascan.com/emerson(cve@mitre.org)
http://dixell.com(af854a3a-2127-422b-91ae-364da2661108)
http://emerson.com(af854a3a-2127-422b-91ae-364da2661108)
https://www.swascan.com/emerson(af854a3a-2127-422b-91ae-364da2661108)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.