Vulnerability Description
This vulnerability allows remote attackers to execute arbitrary code on affected installations of GE Reason RPV311 14A03. Authentication is not required to exploit this vulnerability. The specific flaw exists within the firmware and filesystem of the device. The firmware and filesystem contain hard-coded default credentials. An attacker can leverage this vulnerability to execute code in the context of the download user. Was ZDI-CAN-11852.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ge | Reason Rpv311 Firmware | 14a03 |
| Ge | Rpv311 | - |
Related Weaknesses (CWE)
References
- https://www.gegridsolutions.com/products/support/GES-2021-005%20-%20RPV311%20SecVendor Advisory
- https://www.zerodayinitiative.com/advisories/ZDI-21-616/Third Party AdvisoryVDB Entry
- https://www.gegridsolutions.com/products/support/GES-2021-005%20-%20RPV311%20SecVendor Advisory
- https://www.zerodayinitiative.com/advisories/ZDI-21-616/Third Party AdvisoryVDB Entry
FAQ
What is CVE-2021-31477?
CVE-2021-31477 is a vulnerability with a CVSS score of 7.3 (HIGH). This vulnerability allows remote attackers to execute arbitrary code on affected installations of GE Reason RPV311 14A03. Authentication is not required to exploit this vulnerability. The specific fla...
How severe is CVE-2021-31477?
CVE-2021-31477 has been rated HIGH with a CVSS base score of 7.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-31477?
Check the references section above for vendor advisories and patch information. Affected products include: Ge Reason Rpv311 Firmware, Ge Rpv311.