CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2021-36707

In ProLink PRC2402M V1.0.18 and older, the set_ledonoff function in the adm.cgi binary, accessible with a page parameter value of ledonoff contains a trivial command injection where the value of the led_cmd parameter is passed directly to do_system.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.118

EPSS Ranking 93.5%

CVSS Severity

CVSS v3 Score 9.8

CVSS v2 Score 7.5

References

https://www.ayrx.me/prolink-prc2402m-multiple-vulnerabilities/#ledonoff-command-injection
https://www.ayrx.me/prolink-prc2402m-multiple-vulnerabilities/#ledonoff-command-injection

Products affected by CVE-2021-36707

Prolink » Prc2402m » Version: N/A

cpe:2.3:h:prolink:prc2402m:-
Prolink » Prc2402m Firmware » Version: Any

cpe:2.3:o:prolink:prc2402m_firmware:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-36707

Products

Pricing

Contact Us