Vulnerability Details CVE-2021-3149
On Netshield NANO 25 10.2.18 devices, /usr/local/webmin/System/manual_ping.cgi allows OS command injection (after authentication by the attacker) because the system C library function is used unsafely.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.017
EPSS Ranking 81.5%
CVSS Severity
CVSS v3 Score 7.2
CVSS v2 Score 9.0
References
- https://kc.mcafee.com/corporate/index?page=content&id=SB10356
- https://www.digitaldefense.com/resources/vulnerability-research/netshield-corporation-nano-25/
- https://www.netshieldcorp.com/netshield-appliances/
- https://kc.mcafee.com/corporate/index?page=content&id=SB10356
- https://www.digitaldefense.com/resources/vulnerability-research/netshield-corporation-nano-25/
- https://www.netshieldcorp.com/netshield-appliances/
Products affected by CVE-2021-3149
-
cpe:2.3:h:netshieldcorp:nano_25:-
-
cpe:2.3:o:netshieldcorp:nano_25_firmware:10.2.18