← back
CVE-2021-27964

CVE-2021-27964

EPSS 46.0%◆ VulnCheck KEV

Patch now. exploitation observed by VulnCheck, has a working public exploit.

Vexday Risk Score
72High priority
SSVC decision (CISA)
Act
Exploitation + impact → act immediately
Exploit maturity
Functional exploit
Automatable exploit available (Nuclei/Metasploit).
CVSS EPSS 46.0%KEV nãoPoC públicaNuclei simMetasploit Patch
Lifecycle
05 Mar 2021Published on NVD
15 Mar 2021Public PoC
Weaponization speed
10 daysto first PoC
Recommendation: Patch as soon as possible — active exploitation confirmed.
SonLogger before 6.4.1 is affected by Unauthenticated Arbitrary File Upload. An attacker can send a POST request to /Config/SaveUploadedHotspotLogoFile without any authentication or session header. There is no check for the file extension or content of the uploaded file.
Affected products
n/a · n/a
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.