CVE-2021-31988
CVE-2021-31988
In short
A feature for testing SMTP email functionality accepts user input without proper validation, allowing attackers to inject CRLF characters that can be used to add fake email headers or manipulate the email content.
Technical detail
The SMTP test function fails to sanitize user-controlled parameters, enabling CRLF injection attacks. An attacker can insert carriage return and line feed characters to inject arbitrary SMTP headers, potentially leading to email header manipulation and social engineering attacks.
Summary generated and translated by AI from the official description.
A user controlled parameter related to SMTP test functionality is not correctly validated making it possible to add the Carriage Return and Line Feed (CRLF) control characters and include arbitrary SMTP headers in the generated test email.
Affected products
Axis Communications AB · AXIS OSWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →