CVE-2021-37913

Summary

The HGiga OAKlouds mobile portal does not filter special characters of the IPv6 Gateway parameter of the network interface card setting page. Remote attackers can use this vulnerability to perform command injection and execute arbitrary commands in the system without logging in.

Affected Software

VendorProductVersion RangeStatus
HGigaOAKlouds OAKSv2OAKlouds-network 2.0 <= OAKlouds-network-2.0-2affected
HGigaOAKlouds OAKSv3OAKlouds-network 3.0 <= OAKlouds-network-3.0-2affected

Weaknesses

  • CWE-78: CWE-78 OS Command Injection

ADP Enrichment

CVE Program Container

Additional References

References