Vulnerability Description
PrinterLogic Web Stack versions 19.1.1.13 SP9 and below use a hardcoded APP_KEY value, leading to pre-auth remote code execution.
CVSS Score
8.1
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Printerlogic | Web Stack | < 19.1.1.13 |
| Apple | Macos | - |
| Linux | Linux Kernel | - |
Related Weaknesses (CWE)
References
- http://printerlogic.comVendor Advisory
- https://portswigger.net/daily-swig/printerlogic-vendor-addresses-triple-rce-threPress/Media CoverageThird Party Advisory
- https://securityaffairs.co/wordpress/127194/security/printerlogic-printer-manageThird Party Advisory
- https://thecyberthrone.in/2022/01/26/printerlogic-%F0%9F%96%A8-fixes-critical-vuPress/Media CoverageThird Party Advisory
- https://www.printerlogic.com/security-bulletin/Vendor Advisory
- https://www.securityweek.com/printerlogic-patches-code-execution-flaws-printer-mPress/Media CoverageThird Party Advisory
- https://www.yahooinc.com/paranoids/paranoids-vulnerability-research-printerlogicExploitPress/Media CoverageThird Party Advisory
- http://printerlogic.comVendor Advisory
- https://portswigger.net/daily-swig/printerlogic-vendor-addresses-triple-rce-threPress/Media CoverageThird Party Advisory
- https://securityaffairs.co/wordpress/127194/security/printerlogic-printer-manageThird Party Advisory
- https://thecyberthrone.in/2022/01/26/printerlogic-%F0%9F%96%A8-fixes-critical-vuPress/Media CoverageThird Party Advisory
- https://www.printerlogic.com/security-bulletin/Vendor Advisory
- https://www.securityweek.com/printerlogic-patches-code-execution-flaws-printer-mPress/Media CoverageThird Party Advisory
- https://www.yahooinc.com/paranoids/paranoids-vulnerability-research-printerlogicExploitPress/Media CoverageThird Party Advisory
FAQ
What is CVE-2021-42635?
CVE-2021-42635 is a vulnerability with a CVSS score of 8.1 (HIGH). PrinterLogic Web Stack versions 19.1.1.13 SP9 and below use a hardcoded APP_KEY value, leading to pre-auth remote code execution.
How severe is CVE-2021-42635?
CVE-2021-42635 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-42635?
Check the references section above for vendor advisories and patch information. Affected products include: Printerlogic Web Stack, Apple Macos, Linux Linux Kernel.