← voltar
CVE-2021-46422

CVE-2021-46422

EPSS 94.8%
Vexday Risk Score
60Atenção
Decisão SSVC (CISA)
Attend
PoC disponível → acompanhar de perto
CVSS EPSS 94.8%KEV nãoPoC públicaNuclei simMetasploit Patch
Ciclo de vida
27 abr 2022Publicada no NVD
17 mai 2022PoC pública
Recomendação: Planejar correção próxima — já existe PoC pública.
Telesquare SDT-CW3B1 1.1.0 is affected by an OS command injection vulnerability that allows a remote attacker to execute OS commands without any authentication.
Produtos afetados
n/a · n/a
PoCs públicas encontradas17
githubgithub.com/Chocapikk/CVE-2021-464223githubgithub.com/Awei507/CVE-RCE3githubgithub.com/yyqxi/CVE-2021-464222githubgithub.com/polerstar/CVE-2021-46422-poc1githubgithub.com/kailing0220/CVE-2021-464221githubgithub.com/nobodyatall648/CVE-2021-464221githubgithub.com/xanszZZ/SDT_CW3B1_rce1githubgithub.com/latings/CVE-2021-464221githubgithub.com/kelemaoya/CVE-2021-464220githubgithub.com/twoning/CVE-2021-46422_PoC0githubgithub.com/CJ-0107/cve-2021-464220githubgithub.com/yigexioabai/CVE-2021-46422_RCE0githubgithub.com/ZAxyr/CVE-2021-464220exploitdbwww.exploit-db.com/exploits/50948não verificadocve_referencepacketstormsecurity.com/files/167387/Telesquare-SDT-CW3B1-1.1.0-Command-Injection.htmlnão verificadoexploitdbwww.exploit-db.com/exploits/50936não verificadocve_referencepacketstormsecurity.com/files/167201/SDT-CW3B1-1.1.0-Command-Injection.htmlnão verificado
⚠ Recursos públicos, para você avaliar a exposição de sistemas que controla ou está autorizado a testar. Teste apenas com autorização.

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
http://packetstormsecurity.com/files/167201/SDT-CW3B1-1.1.0-Command-Injection.htmlhttp://packetstormsecurity.com/files/167387/Telesquare-SDT-CW3B1-1.1.0-Command-Injection.htmlhttps://drive.google.com/drive/folders/1YJlVlb4SlTEGONzIjiMwd2P7ucP_Pm7T?usp=sharing