1. Home
  2. CVE Database
  3. CVE-2021-39244
HIGH · 8.8

CVE-2021-39244

Authenticated Semi-Blind Command Injection (via Parameter Injection) exists on Altus Nexto, Nexto Xpress, and Hadron Xtorm devices via the getlogs.cgi tcpdump feature. This affects Nexto NX3003 1.8.11...

Vulnerability Description

Authenticated Semi-Blind Command Injection (via Parameter Injection) exists on Altus Nexto, Nexto Xpress, and Hadron Xtorm devices via the getlogs.cgi tcpdump feature. This affects Nexto NX3003 1.8.11.0, Nexto NX3004 1.8.11.0, Nexto NX3005 1.8.11.0, Nexto NX3010 1.8.3.0, Nexto NX3020 1.8.3.0, Nexto NX3030 1.8.3.0, Nexto NX5100 1.8.11.0, Nexto NX5101 1.8.11.0, Nexto NX5110 1.1.2.8, Nexto NX5210 1.1.2.8, Nexto Xpress XP300 1.8.11.0, Nexto Xpress XP315 1.8.11.0, Nexto Xpress XP325 1.8.11.0, Nexto Xpress XP340 1.8.11.0, and Hadron Xtorm HX3040 1.7.58.0.

CVSS Score

8.8

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
AltusNexto Nx3003 Firmware1.8.11.0
AltusNexto Nx3003-
AltusNexto Nx3004 Firmware1.8.11.0
AltusNexto Nx3004-
AltusNexto Nx3005 Firmware1.8.11.0
AltusNexto Nx3005-
AltusNexto Nx3010 Firmware1.8.3.0
AltusNexto Nx3010-
AltusNexto Nx3020 Firmware1.8.3.0
AltusNexto Nx3020-
AltusNexto Nx3030 Firmware1.8.3.0
AltusNexto Nx3030-
AltusNexto Nx5100 Firmware1.8.11.0
AltusNexto Nx5100-
AltusNexto Nx5101 Firmware1.8.11.0
AltusNexto Nx5101-
AltusNexto Nx5110 Firmware1.1.2.8
AltusNexto Nx5110-
AltusNexto Nx5210 Firmware1.1.2.8
AltusNexto Nx5210-

Related Weaknesses (CWE)

CWE-78

References

FAQ

What is CVE-2021-39244?

CVE-2021-39244 is a vulnerability with a CVSS score of 8.8 (HIGH). Authenticated Semi-Blind Command Injection (via Parameter Injection) exists on Altus Nexto, Nexto Xpress, and Hadron Xtorm devices via the getlogs.cgi tcpdump feature. This affects Nexto NX3003 1.8.11...

How severe is CVE-2021-39244?

CVE-2021-39244 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-39244?

Check the references section above for vendor advisories and patch information. Affected products include: Altus Nexto Nx3003 Firmware, Altus Nexto Nx3003, Altus Nexto Nx3004 Firmware, Altus Nexto Nx3004, Altus Nexto Nx3005 Firmware.