CVE-2021-37912

Beschreibung:
The HGiga OAKlouds mobile portal does not filter special characters of the Ethernet number parameter of the network interface card setting page. Remote attackers can use this vulnerability to perform command injection and execute arbitrary commands in the system without logging in.

CWE: CWE-78

CVSS-Bewertung
CVSS 2: – (Version: )
CVSS 3: CRITICAL – 9.8 (Version: 3.1)

Links:

NVD – CVE-2021-37912
CVE – CVE-2021-37912

Link (max. 20) Quelle Tags
N/A CONFIRM
https://github.com/openssh/openssh-portable/pull/270 MISC
https://rushter.com/blog/public-ssh-keys/ MISC
https://utcc.utoronto.ca/~cks/space/blog/tech/SSHKeysAreInfoLeak MISC

Quelle: NVD – CVE-2021-37912
Datum Veröffentlichung: 2021-09-15T19:15Z, Datum letzte Änderung: 2021-09-15T20:20Z