CVE-2021-45420 — CRITICAL (9.8)

Vulnerability Description

Emerson Dixell XWEB-500 products are affected by arbitrary file write vulnerability in /cgi-bin/logo_extra_upload.cgi, /cgi-bin/cal_save.cgi, and /cgi-bin/lo_utils.cgi. An attacker will be able to write any file on the target system without any kind of authentication mechanism, and this can lead to denial of service and potentially remote code execution. Note: the product has not been supported since 2018 and should be removed or replaced

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Emerson	Dixell Xweb-500 Firmware	-
Emerson	Dixell Xweb-500	-

Related Weaknesses (CWE)

CWE-668 CWE-306 CWE-200

References

http://dixell.comProduct
http://emerson.comVendor Advisory
https://www.swascan.com/emersonExploitThird Party Advisory
http://dixell.comProduct
http://emerson.comVendor Advisory
https://www.swascan.com/emersonExploitThird Party Advisory

FAQ

What is CVE-2021-45420?

CVE-2021-45420 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Emerson Dixell XWEB-500 products are affected by arbitrary file write vulnerability in /cgi-bin/logo_extra_upload.cgi, /cgi-bin/cal_save.cgi, and /cgi-bin/lo_utils.cgi. An attacker will be able to wri...

How severe is CVE-2021-45420?

CVE-2021-45420 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2021-45420?

Check the references section above for vendor advisories and patch information. Affected products include: Emerson Dixell Xweb-500 Firmware, Emerson Dixell Xweb-500.