Vulnerability Description
An issue was discovered on DCN (Digital China Networks) S4600-10P-SI devices before R0241.0470. Due to improper parameter validation in the console interface, it is possible for a low-privileged authenticated attacker to escape the sandbox environment and execute system commands as root via shell metacharacters in the capture command parameters. Command output will be shown on the Serial interface of the device. Exploitation requires both credentials and physical access.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Dcnglobal | S4600-10P-Si Firmware | >= r0241.0370, < r0241.0470 |
| Dcnglobal | S4600-10P-Si | - |
Related Weaknesses (CWE)
References
- https://exatel.pl/cve-2021-42324-metacharacter-injection-w-przelacznikach-dcn-s4ExploitThird Party Advisory
- https://www.dcneurope.eu/products/switches/s4600-10p-siBroken Link
- https://exatel.pl/cve-2021-42324-metacharacter-injection-w-przelacznikach-dcn-s4ExploitThird Party Advisory
- https://www.dcneurope.eu/products/switches/s4600-10p-siBroken Link
FAQ
What is CVE-2021-42324?
CVE-2021-42324 is a vulnerability with a CVSS score of 7.4 (HIGH). An issue was discovered on DCN (Digital China Networks) S4600-10P-SI devices before R0241.0470. Due to improper parameter validation in the console interface, it is possible for a low-privileged authe...
How severe is CVE-2021-42324?
CVE-2021-42324 has been rated HIGH with a CVSS base score of 7.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-42324?
Check the references section above for vendor advisories and patch information. Affected products include: Dcnglobal S4600-10P-Si Firmware, Dcnglobal S4600-10P-Si.