CVE-2021-27964
CVE-2021-27964
Patch now. exploitation observed by VulnCheck, has a working public exploit.
Vexday Risk Score
72High priority
SSVC decision (CISA)
Act
Exploitation + impact → act immediately
Exploit maturity
Functional exploit
Automatable exploit available (Nuclei/Metasploit).
CVSS —EPSS 46.0%KEV nãoPoC públicaNuclei simMetasploit —Patch —
Lifecycle
05 Mar 2021Published on NVD
15 Mar 2021Public PoC
Weaponization speed
10 daysto first PoC
Recommendation: Patch as soon as possible — active exploitation confirmed.
SonLogger before 6.4.1 is affected by Unauthenticated Arbitrary File Upload. An attacker can send a POST request to /Config/SaveUploadedHotspotLogoFile without any authentication or session header. There is no check for the file extension or content of the uploaded file.
Affected products
n/a · n/apublic PoCs found — 2
cve_referencepacketstormsecurity.com/files/161793/SonLogger-4.2.3.3-Shell-Upload.htmlunverifiedexploitdbwww.exploit-db.com/exploits/49651unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.