CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2021-36705

In ProLink PRC2402M V1.0.18 and older, the set_TR069 function in the adm.cgi binary, accessible with a page parameter value of TR069 contains a trivial command injection where the value of the TR069_local_port parameter is passed directly to system.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.118

EPSS Ranking 93.5%

CVSS Severity

CVSS v3 Score 9.8

CVSS v2 Score 7.5

References

https://www.ayrx.me/prolink-prc2402m-multiple-vulnerabilities/#tr069-command-injection
https://www.ayrx.me/prolink-prc2402m-multiple-vulnerabilities/#tr069-command-injection

Products affected by CVE-2021-36705

Prolink » Prc2402m » Version: N/A

cpe:2.3:h:prolink:prc2402m:-
Prolink » Prc2402m Firmware » Version: Any

cpe:2.3:o:prolink:prc2402m_firmware:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-36705

Products

Pricing

Contact Us