Vulnerability Description
FiberHome ONU GPON AN5506-04-F RP2617 is affected by an OS command injection vulnerability. This vulnerability allows the attacker, once logged in, to send commands to the operating system as the root user via the ping diagnostic tool, bypassing the IP address field, and concatenating OS commands with a semicolon.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Fiberhome | An5506-01-A Firmware | rp0509 |
| Fiberhome | An5506-01-A | - |
| Fiberhome | An5506-01-B Firmware | rp2610 |
| Fiberhome | An5506-01-B | - |
| Fiberhome | An5506-02-B Firmware | rp2520 |
| Fiberhome | An5506-02-B | - |
| Fiberhome | An5506-04-B Firmware | rp2510 |
| Fiberhome | An5506-04-B | - |
| Fiberhome | An5506-04-F Firmware | rp2617 |
| Fiberhome | An5506-04-F | - |
| Fiberhome | Aan5506-04-G2G Firmware | rp2560 |
| Fiberhome | An5506-04-G2G | - |
Related Weaknesses (CWE)
References
- http://fiberhome.comBroken Link
- http://onu.comNot Applicable
- https://medium.com/%40windsormoreira/fiberhome-an5506-os-command-injection-cve-2
- http://fiberhome.comBroken Link
- http://onu.comNot Applicable
- https://medium.com/%40windsormoreira/fiberhome-an5506-os-command-injection-cve-2
FAQ
What is CVE-2021-42912?
CVE-2021-42912 is a vulnerability with a CVSS score of 8.8 (HIGH). FiberHome ONU GPON AN5506-04-F RP2617 is affected by an OS command injection vulnerability. This vulnerability allows the attacker, once logged in, to send commands to the operating system as the root...
How severe is CVE-2021-42912?
CVE-2021-42912 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-42912?
Check the references section above for vendor advisories and patch information. Affected products include: Fiberhome An5506-01-A Firmware, Fiberhome An5506-01-A, Fiberhome An5506-01-B Firmware, Fiberhome An5506-01-B, Fiberhome An5506-02-B Firmware.