CVE-2021-42071

Sažetak

In Visual Tools DVR VX16 4.2.28.0, an unauthenticated attacker can achieve remote command execution via shell metacharacters in the cgi-bin/slogin/login.py User-Agent HTTP header.

Reference

https://visual-tools.com/
https://www.exploit-db.com/exploits/50098
https://www.swascan.com/security-advisory-visual-tools-dvr-cve-2021-42071/

CVSS

Base:	10.0
Impact:	10.0
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

15-10-2021 - 16:11

Objavljeno

07-10-2021 - 17:15