CVE-2021-21804

Published: Jul 16, 2021Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

A local file inclusion (LFI) vulnerability exists in the options.php script functionality of Advantech R-SeeNet v 2.4.12 (20.10.2020). A specially crafted HTTP request can lead to arbitrary PHP code execution. An attacker can send a crafted HTTP request to trigger this vulnerability.

Affected (1)

Products: Advantech: R Seenet

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Advantech R Seenet	Version 2.4.12

Related CWEs

Inclusion of Functionality from Untrusted Control Sphere

The product imports, requires, or includes executable functionality (such as a library) from a source that is outside of the intended control sphere.

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

The PHP application receives input from an upstream component, but it does not restrict or incorrectly restricts the input before its usage in "require," "include," or similar functions.

References (2)

https://talosintelligence.com/vulnerability_reports/TALOS-2021-1273

Source: talos-cna@cisco.com

ExploitThird Party Advisory

https://talosintelligence.com/vulnerability_reports/TALOS-2021-1273

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.