CVE-2021-37913
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
The HGiga OAKlouds mobile portal does not filter special characters of the IPv6 Gateway parameter of the network interface card setting page. Remote attackers can use this vulnerability to perform command injection and execute arbitrary commands in the system without logging in.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| HGiga | OAKlouds OAKSv2 | OAKlouds-network 2.0 <= OAKlouds-network-2.0-2 | affected |
| HGiga | OAKlouds OAKSv3 | OAKlouds-network 3.0 <= OAKlouds-network-3.0-2 | affected |
Weaknesses
- CWE-78: CWE-78 OS Command Injection
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.