Vulnerability Description
Cypress Solutions CTM-200 2.7.1 contains an authenticated command injection vulnerability in the firmware upgrade script that allows remote attackers to execute shell commands. Attackers can exploit the 'fw_url' parameter in the ctm-config-upgrade.sh script to inject and execute arbitrary commands with root privileges.
CVSS Score
HIGH
Related Weaknesses (CWE)
References
- https://www.cypress.bc.ca
- https://www.exploit-db.com/exploits/50408
- https://www.vulncheck.com/advisories/cypress-solutions-ctm-root-remote-os-comman
- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5687.php
FAQ
What is CVE-2021-47745?
CVE-2021-47745 is a vulnerability with a CVSS score of 8.8 (HIGH). Cypress Solutions CTM-200 2.7.1 contains an authenticated command injection vulnerability in the firmware upgrade script that allows remote attackers to execute shell commands. Attackers can exploit t...
How severe is CVE-2021-47745?
CVE-2021-47745 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-47745?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.