Vulnerability Description
TG8 Firewall contains a pre-authentication remote code execution vulnerability in the runphpcmd.php endpoint. The syscmd POST parameter is passed directly to a system command without validation and executed with root privileges. A remote, unauthenticated attacker can supply crafted values to execute arbitrary operating system commands as root, resulting in full device compromise.
Related Weaknesses (CWE)
References
- https://ssd-disclosure.com/ssd-advisory-tg8-firewall-preauth-rce-and-password-di
- https://web.archive.org/web/20211024224240/http://www.tg8security.com/
- https://www.vulncheck.com/advisories/tg8-firewall-unauthenticated-rce-via-runphp
- https://ssd-disclosure.com/ssd-advisory-tg8-firewall-preauth-rce-and-password-di
FAQ
What is CVE-2021-4470?
CVE-2021-4470 is a documented vulnerability. TG8 Firewall contains a pre-authentication remote code execution vulnerability in the runphpcmd.php endpoint. The syscmd POST parameter is passed directly to a system command without validation and ex...
How severe is CVE-2021-4470?
CVSS scoring is not yet available for CVE-2021-4470. Check NVD for updates.
Is there a patch for CVE-2021-4470?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.