CVE-2021-42165
Last modified
CVE-2021-42165 is a high-severity vulnerability rated 8.8/10 on the CVSS scale. MitraStar GPT-2541GNAC-N1 (HGU) 100VNZ0b33 devices allow remote authenticated users to obtain root access by executing command "deviceinfo show file &&/bin/bash" because of incorrect sanitization of parameter "path".. EPSS estimates a 13.10% chance of exploitation in the next 30 days.
Description
MitraStar GPT-2541GNAC-N1 (HGU) 100VNZ0b33 devices allow remote authenticated users to obtain root access by executing command "deviceinfo show file &&/bin/bash" because of incorrect sanitization of parameter "path".
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Mitrastar | Gpt-2541gnac-N1 Firmware | br_g3.5_100vnz0b33 |
References
- https://github.com/leoservalli/Privilege-escalation-MitraStar/blob/main/README.mdExploit, Third Party Advisory
- https://packetstormsecurity.com/files/164333/Mitrastar-GPT-2541GNAC-N1-Privilege-Escalation.htmlExploit, Third Party Advisory, VDB Entry
- https://www.exploit-db.com/exploits/50351Exploit, Third Party Advisory, VDB Entry
- https://github.com/leoservalli/Privilege-escalation-MitraStar/blob/main/README.mdExploit, Third Party Advisory
- https://packetstormsecurity.com/files/164333/Mitrastar-GPT-2541GNAC-N1-Privilege-Escalation.htmlExploit, Third Party Advisory, VDB Entry
- https://www.exploit-db.com/exploits/50351Exploit, Third Party Advisory, VDB Entry
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2021-42165?
How severe is CVE-2021-42165?
How do I fix CVE-2021-42165?
Are you affected by CVE-2021-42165?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST