CVE-2021-3149 — HIGH (7.2) — White Hats Nepal

Vulnerability Description

On Netshield NANO 25 10.2.18 devices, /usr/local/webmin/System/manual_ping.cgi allows OS command injection (after authentication by the attacker) because the system C library function is used unsafely.

CVSS Score

7.2

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Netshieldcorp	Nano 25 Firmware	10.2.18
Netshieldcorp	Nano 25	-

Related Weaknesses (CWE)

CWE-78

References

https://kc.mcafee.com/corporate/index?page=content&id=SB10356Not ApplicableThird Party Advisory
https://www.digitaldefense.com/resources/vulnerability-research/netshield-corporThird Party Advisory
https://www.netshieldcorp.com/netshield-appliances/Vendor Advisory
https://kc.mcafee.com/corporate/index?page=content&id=SB10356Not ApplicableThird Party Advisory
https://www.digitaldefense.com/resources/vulnerability-research/netshield-corporThird Party Advisory
https://www.netshieldcorp.com/netshield-appliances/Vendor Advisory

FAQ

What is CVE-2021-3149?

CVE-2021-3149 is a vulnerability with a CVSS score of 7.2 (HIGH). On Netshield NANO 25 10.2.18 devices, /usr/local/webmin/System/manual_ping.cgi allows OS command injection (after authentication by the attacker) because the system C library function is used unsafely...

How severe is CVE-2021-3149?

CVE-2021-3149 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-3149?

Check the references section above for vendor advisories and patch information. Affected products include: Netshieldcorp Nano 25 Firmware, Netshieldcorp Nano 25.