CVE-2021-46422

EPSS 94.8%

Vexday Risk Score

60Atención

Decisión SSVC (CISA)

Attend

PoC disponible → seguir de cerca

CVSS —EPSS 94.8%KEV nãoPoC públicaNuclei simMetasploit —Patch —

Ciclo de vida

27 abr 2022Publicada en NVD

17 may 2022PoC pública

Recomendación: Planificar corrección próxima — ya existe PoC pública.

Telesquare SDT-CW3B1 1.1.0 is affected by an OS command injection vulnerability that allows a remote attacker to execute OS commands without any authentication.

Productos afectados

n/a · n/a

PoCs públicas encontradas — 17

githubgithub.com/Chocapikk/CVE-2021-46422★ 3 githubgithub.com/Awei507/CVE-RCE★ 3 githubgithub.com/yyqxi/CVE-2021-46422★ 2 githubgithub.com/polerstar/CVE-2021-46422-poc★ 1 githubgithub.com/kailing0220/CVE-2021-46422★ 1 githubgithub.com/nobodyatall648/CVE-2021-46422★ 1 githubgithub.com/xanszZZ/SDT_CW3B1_rce★ 1 githubgithub.com/latings/CVE-2021-46422★ 1 githubgithub.com/kelemaoya/CVE-2021-46422★ 0 githubgithub.com/twoning/CVE-2021-46422_PoC★ 0 githubgithub.com/CJ-0107/cve-2021-46422★ 0 githubgithub.com/yigexioabai/CVE-2021-46422_RCE★ 0 githubgithub.com/ZAxyr/CVE-2021-46422★ 0 exploitdbwww.exploit-db.com/exploits/50948no verificado cve_referencepacketstormsecurity.com/files/167387/Telesquare-SDT-CW3B1-1.1.0-Command-Injection.htmlno verificado exploitdbwww.exploit-db.com/exploits/50936no verificado cve_referencepacketstormsecurity.com/files/167201/SDT-CW3B1-1.1.0-Command-Injection.htmlno verificado

⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

http://packetstormsecurity.com/files/167201/SDT-CW3B1-1.1.0-Command-Injection.html http://packetstormsecurity.com/files/167387/Telesquare-SDT-CW3B1-1.1.0-Command-Injection.html https://drive.google.com/drive/folders/1YJlVlb4SlTEGONzIjiMwd2P7ucP_Pm7T?usp=sharing