CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-46704

In GenieACS 1.2.x before 1.2.8, the UI interface API is vulnerable to unauthenticated OS command injection via the ping host argument (lib/ui/api.ts and lib/ping.ts). The vulnerability arises from insufficient input validation combined with a missing authorization check.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.897

EPSS Ranking 99.5%

CVSS Severity

CVSS v3 Score 9.8

CVSS v2 Score 7.5

References

Products affected by CVE-2021-46704

Genieacs » Genieacs » Version: 1.2.0

cpe:2.3:a:genieacs:genieacs:1.2.0
Genieacs » Genieacs » Version: 1.2.1

cpe:2.3:a:genieacs:genieacs:1.2.1
Genieacs » Genieacs » Version: 1.2.2

cpe:2.3:a:genieacs:genieacs:1.2.2
Genieacs » Genieacs » Version: 1.2.3

cpe:2.3:a:genieacs:genieacs:1.2.3
Genieacs » Genieacs » Version: 1.2.4

cpe:2.3:a:genieacs:genieacs:1.2.4
Genieacs » Genieacs » Version: 1.2.5

cpe:2.3:a:genieacs:genieacs:1.2.5
Genieacs » Genieacs » Version: 1.2.6

cpe:2.3:a:genieacs:genieacs:1.2.6
Genieacs » Genieacs » Version: 1.2.7

cpe:2.3:a:genieacs:genieacs:1.2.7

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-46704

Products

Pricing

Contact Us