Remote Command Execution Vulnerability in SolarView Compact by Contec
CVE-2021-20658

9.8CRITICAL

Key Information:

Vendor

Contec Co., Ltd.

Status
Solarview Compact
Vendor
CVE Published:
24 February 2021

What is CVE-2021-20658?

The SolarView Compact SV-CPT-MC310, prior to version 6.5, is vulnerable to a remote command execution issue that allows an attacker to execute arbitrary OS commands with the privileges of the web server. This vulnerability arises from unspecified vectors, posing a significant security risk to users. Immediate updates and remedial actions are recommended to mitigate the potential for exploitation.

Affected Version(s)

SolarView Compact SV-CPT-MC310 prior to Ver.6.5

References

https://www.contec.com/jp/api/downloadlogger?download=htt...
x_refsource_MISC
https://www.contec.com/jp/download/contract/contract2/?it...
x_refsource_MISC
https://jvn.jp/en/jp/JVN37417423/index.html
x_refsource_MISC

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.