CVE-2021-36380

CVSS 9.8 CRITICALEPSS 97.6%● KEVCWE-78

In short

Sunhillo SureLine devices before version 8.7.0.1.1 allow anyone to run arbitrary system commands on the device through a network diagnostic tool, without needing to log in. An attacker can exploit this by inserting special characters into network settings to execute malicious commands.

Technical detail

The /cgi/networkDiag.cgi endpoint in Sunhillo SureLine before 8.7.0.1.1 fails to sanitize the ipAddr and dnsAddr parameters, enabling unauthenticated OS command injection via shell metacharacters (CWE-78). An attacker can craft a malicious request with embedded shell commands to achieve remote code execution with device privileges.

Summary generated and translated by AI from the official description.

Sunhillo SureLine before 8.7.0.1.1 allows Unauthenticated OS Command Injection via shell metacharacters in ipAddr or dnsAddr /cgi/networkDiag.cgi.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://research.nccgroup.com/2021/07/26/technical-advisory-sunhillo-sureline-unauthenticated-os-command-injection-cve-2021-36380/https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-36380 https://www.sunhillo.com/product/sureline/