CVE-2021-39474 — HIGH (7.2)

Vulnerability Description

Vulnerability in the product Docsis 3.0 UBC1319BA00 Router supported affected version 1319010201r009. The vulnerability allows an attacker with privileges and network access through the ping.cmd component to execute commands on the device.

CVSS Score

7.2

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Ubeeinteractive	Ubc1319 Firmware	1319010201r009
Ubeeinteractive	Ubc1319	-

Related Weaknesses (CWE)

CWE-78

References

https://saikotwolf.medium.com/f9ed24e14e51ExploitThird Party Advisory
https://www.ubeeinteractive.com/?product=ubc1319ProductVendor Advisory
https://saikotwolf.medium.com/f9ed24e14e51ExploitThird Party Advisory
https://www.ubeeinteractive.com/?product=ubc1319ProductVendor Advisory

FAQ

What is CVE-2021-39474?

CVE-2021-39474 is a vulnerability with a CVSS score of 7.2 (HIGH). Vulnerability in the product Docsis 3.0 UBC1319BA00 Router supported affected version 1319010201r009. The vulnerability allows an attacker with privileges and network access through the ping.cmd compo...

How severe is CVE-2021-39474?

CVE-2021-39474 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-39474?

Check the references section above for vendor advisories and patch information. Affected products include: Ubeeinteractive Ubc1319 Firmware, Ubeeinteractive Ubc1319.