CVE-2021-4242

Published: Nov 30, 2022Modified: Nov 21, 2024

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

A vulnerability was found in Sapido BR270n, BRC76n, GR297 and RB1732 and classified as critical. Affected by this issue is some unknown functionality of the file ip/syscmd.htm. The manipulation leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-214592.

Affected (4)

Products: Sapido: Br270n Firmware, Brc76n Firmware, Gr297n Firmware, Rb 1732 Firmware

4 products

Br270n Firmware

Brc76n Firmware

Gr297n Firmware

Rb 1732 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Sapido Br270n Firmware	Version 2.1.03

Running on/with	Platform Versions
Sapido Br270n	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Sapido Brc76n Firmware	Version 2.1.03

Running on/with	Platform Versions
Sapido Brc76n	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Sapido Gr297n Firmware	Version 2.1.3

Running on/with	Platform Versions
Sapido Gr297n	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Sapido Rb 1732 Firmware	Version 2.0.43

Running on/with	Platform Versions
Sapido Rb 1732	All versions

Related CWEs

Improper Neutralization

The product does not ensure or incorrectly ensures that structured messages or data are well-formed and that certain security properties are met before being read from an upstream component or sent to a downstream component.

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

References (6)

https://blog.csdn.net/qq_44159028/article/details/114590267

Source: cna@vuldb.com

ExploitThird Party Advisory

https://github.com/smallpiggy/Sapido--rce/blob/main/Sapido%E8%B7%AF%E7%94%B1%E5%99%A8-rce.py

Source: cna@vuldb.com

ExploitThird Party Advisory

https://vuldb.com/?id.214592

Source: cna@vuldb.com

Third Party Advisory

https://blog.csdn.net/qq_44159028/article/details/114590267

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://github.com/smallpiggy/Sapido--rce/blob/main/Sapido%E8%B7%AF%E7%94%B1%E5%99%A8-rce.py

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://vuldb.com/?id.214592

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.