CVE-2021-23247 — CRITICAL (9.8)

Vulnerability Description

A command injection vulerability found in quick game engine allows arbitrary remote code in quick app. Allows remote attacke0rs to gain arbitrary code execution in quick game engine

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Oppo	Quick App	4.5.0

Related Weaknesses (CWE)

CWE-77

References

https://security.oppo.com/en/noticeDetail?notice_only_key=NOTICE-150144805461479Vendor Advisory
https://security.oppo.com/en/noticeDetail?notice_only_key=NOTICE-150144805461479Vendor Advisory

FAQ

What is CVE-2021-23247?

CVE-2021-23247 is a vulnerability with a CVSS score of 9.8 (CRITICAL). A command injection vulerability found in quick game engine allows arbitrary remote code in quick app. Allows remote attacke0rs to gain arbitrary code execution in quick game engine

How severe is CVE-2021-23247?

CVE-2021-23247 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2021-23247?

Check the references section above for vendor advisories and patch information. Affected products include: Oppo Quick App.