Vulnerability Description
Cradlepoint IBR900-600 devices running versions < 7.21.10 are vulnerable to a restricted shell escape sequence that provides an attacker the capability to simultaneously deny availability to the device's NetCloud Manager console, local console and SSH command-line.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cradlepoint | Ibr600C Firmware | < 7.21.0 |
| Cradlepoint | Ibr600C | - |
| Cradlepoint | Ibr600 Firmware | < 7.21.0 |
| Cradlepoint | Ibr600 | - |
| Cradlepoint | Ibr900 Firmware | < 7.21.0 |
| Cradlepoint | Ibr900 | - |
References
- https://cradlepoint.com/product/endpoints/ibr900/ProductVendor Advisory
- https://securitybytes.me/posts/cve-2021-37471/ExploitThird Party Advisory
- https://cradlepoint.com/product/endpoints/ibr900/ProductVendor Advisory
- https://securitybytes.me/posts/cve-2021-37471/ExploitThird Party Advisory
FAQ
What is CVE-2021-37471?
CVE-2021-37471 is a vulnerability with a CVSS score of 7.5 (HIGH). Cradlepoint IBR900-600 devices running versions < 7.21.10 are vulnerable to a restricted shell escape sequence that provides an attacker the capability to simultaneously deny availability to the devic...
How severe is CVE-2021-37471?
CVE-2021-37471 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-37471?
Check the references section above for vendor advisories and patch information. Affected products include: Cradlepoint Ibr600C Firmware, Cradlepoint Ibr600C, Cradlepoint Ibr600 Firmware, Cradlepoint Ibr600, Cradlepoint Ibr900 Firmware.