Vulnerability Description
MitraStar GPT-2541GNAC-N1 (HGU) 100VNZ0b33 devices allow remote authenticated users to obtain root access by executing command "deviceinfo show file &&/bin/bash" because of incorrect sanitization of parameter "path".
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mitrastar | Gpt-2541Gnac-N1 Firmware | br_g3.5_100vnz0b33 |
| Mitrastar | Gpt-2541Gnac-N1 | - |
Related Weaknesses (CWE)
References
- https://github.com/leoservalli/Privilege-escalation-MitraStar/blob/main/README.mExploitThird Party Advisory
- https://packetstormsecurity.com/files/164333/Mitrastar-GPT-2541GNAC-N1-PrivilegeExploitThird Party AdvisoryVDB Entry
- https://www.exploit-db.com/exploits/50351ExploitThird Party AdvisoryVDB Entry
- https://github.com/leoservalli/Privilege-escalation-MitraStar/blob/main/README.mExploitThird Party Advisory
- https://packetstormsecurity.com/files/164333/Mitrastar-GPT-2541GNAC-N1-PrivilegeExploitThird Party AdvisoryVDB Entry
- https://www.exploit-db.com/exploits/50351ExploitThird Party AdvisoryVDB Entry
FAQ
What is CVE-2021-42165?
CVE-2021-42165 is a vulnerability with a CVSS score of 8.8 (HIGH). MitraStar GPT-2541GNAC-N1 (HGU) 100VNZ0b33 devices allow remote authenticated users to obtain root access by executing command "deviceinfo show file &&/bin/bash" because of incorrect sanitization of p...
How severe is CVE-2021-42165?
CVE-2021-42165 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-42165?
Check the references section above for vendor advisories and patch information. Affected products include: Mitrastar Gpt-2541Gnac-N1 Firmware, Mitrastar Gpt-2541Gnac-N1.