A command injection vulnerability in the function formImportOMCIShell of C-DATA ONU4FERW V2.1.13_X139 allows attackers to execute arbitrary commands via a crafted file.
References
| Link | Resource |
|---|---|
| https://exploitwriter.wordpress.com/2021/11/19/remote-code-execution-in-c-data-onu4ferw/ | Broken Link Third Party Advisory |
| https://exploitwriter.io/2022/02/25/os-command-injection-in-c-data-onu4ferw-cve-2021-44132/ | Exploit Third Party Advisory |
| https://exploitwriter.wordpress.com/2021/11/19/remote-code-execution-in-c-data-onu4ferw/ | Broken Link Third Party Advisory |
Configurations
Configuration 1 (hide)
| AND |
|
History
21 Nov 2024, 06:30
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://exploitwriter.wordpress.com/2021/11/19/remote-code-execution-in-c-data-onu4ferw/ - Broken Link, Third Party Advisory |
08 Mar 2022, 20:33
| Type | Values Removed | Values Added |
|---|---|---|
| CVSS |
v2 : v3 : |
v2 : 6.8
v3 : 7.8 |
| CPE | cpe:2.3:o:c-data_onu4ferw_project:c-data_onu4ferw_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:c-data_onu4ferw_project:c-data_onu4ferw:-:*:*:*:*:*:*:* |
|
| References |
|
|
| References | (MISC) https://exploitwriter.wordpress.com/2021/11/19/remote-code-execution-in-c-data-onu4ferw/ - Broken Link, Third Party Advisory | |
| CWE | CWE-77 |
25 Feb 2022, 20:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2022-02-25 20:15
Updated : 2024-11-21 06:30
NVD link : CVE-2021-44132
Mitre link : CVE-2021-44132
CVE.ORG link : CVE-2021-44132
JSON object : View
Products Affected
c-data_onu4ferw_project
- c-data_onu4ferw_firmware
- c-data_onu4ferw
CWE
CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')