CVE-2021-42912
Last modified
CVE-2021-42912 is a high-severity vulnerability rated 8.8/10 on the CVSS scale. FiberHome ONU GPON AN5506-04-F RP2617 is affected by an OS command injection vulnerability. This vulnerability allows the attacker, once logged in, to send commands to the operating system as the root user via the ping diagnostic tool, bypassing the IP address field, and concatenating OS commands with a semicolon.. EPSS estimates a 13.80% chance of exploitation in the next 30 days.
Description
FiberHome ONU GPON AN5506-04-F RP2617 is affected by an OS command injection vulnerability. This vulnerability allows the attacker, once logged in, to send commands to the operating system as the root user via the ping diagnostic tool, bypassing the IP address field, and concatenating OS commands with a semicolon.
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Fiberhome | An5506-01-A Firmware | rp0509 |
| Fiberhome | An5506-01-B Firmware | rp2610 |
| Fiberhome | An5506-02-B Firmware | rp2520 |
| Fiberhome | An5506-02-B Firmware | rp2521 |
| Fiberhome | An5506-02-B Firmware | rp2603 |
| Fiberhome | An5506-04-B Firmware | rp2510 |
| Fiberhome | An5506-04-F Firmware | rp2617 |
| Fiberhome | Aan5506-04-G2g Firmware | rp2560 |
References
- http://fiberhome.comBroken Link
- http://onu.comNot Applicable
- http://fiberhome.comBroken Link
- http://onu.comNot Applicable
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2021-42912?
How severe is CVE-2021-42912?
How do I fix CVE-2021-42912?
Are you affected by CVE-2021-42912?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST