Vulnerability Details CVE-2021-30110
dttray.exe in Greyware Automation Products Inc Domain Time II before 5.2.b.20210331 allows remote attackers to execute arbitrary code via a URL to a malicious update in a spoofed response to the UDP query used to check for updates.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.015
EPSS Ranking 80.4%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.1
References
- https://blog.grimm-co.com/2021/04/time-for-upgrade.html
- https://www.greyware.com/software/domaintime/
- https://www.greyware.com/software/domaintime/v5/installation/v5x.asp#currentVersion
- https://blog.grimm-co.com/2021/04/time-for-upgrade.html
- https://www.greyware.com/software/domaintime/
- https://www.greyware.com/software/domaintime/v5/installation/v5x.asp#currentVersion
Products affected by CVE-2021-30110
-
cpe:2.3:a:greyware:domain_time_ii:5.2.b.20170101
-
cpe:2.3:a:greyware:domain_time_ii:5.2.b.20170331
-
cpe:2.3:a:greyware:domain_time_ii:5.2.b.20170522
-
cpe:2.3:a:greyware:domain_time_ii:5.2.b.20170922
-
cpe:2.3:a:greyware:domain_time_ii:5.2.b.20171113
-
cpe:2.3:a:greyware:domain_time_ii:5.2.b.20180101
-
cpe:2.3:a:greyware:domain_time_ii:5.2.b.20180303
-
cpe:2.3:a:greyware:domain_time_ii:5.2.b.20180606
-
cpe:2.3:a:greyware:domain_time_ii:5.2.b.20180801
-
cpe:2.3:a:greyware:domain_time_ii:5.2.b.20180805
-
cpe:2.3:a:greyware:domain_time_ii:5.2.b.20181111
-
cpe:2.3:a:greyware:domain_time_ii:5.2.b.20190101
-
cpe:2.3:a:greyware:domain_time_ii:5.2.b.20190331
-
cpe:2.3:a:greyware:domain_time_ii:5.2.b.20190701
-
cpe:2.3:a:greyware:domain_time_ii:5.2.b.20190922
-
cpe:2.3:a:greyware:domain_time_ii:5.2.b.20200101
-
cpe:2.3:a:greyware:domain_time_ii:5.2.b.20200331
-
cpe:2.3:a:greyware:domain_time_ii:5.2.b.20200630
-
cpe:2.3:a:greyware:domain_time_ii:5.2.b.20200930
-
cpe:2.3:a:greyware:domain_time_ii:5.2.b.20210103