Sapido BR270n/BRC76n/GR297/RB1732 syscmd.htm os command injection
CVE-2021-4242

6.3MEDIUM

Key Information:

Vendor: SAPido
Status: Br270n; Brc76n; Gr297; Rb1732
Vendor: CVE Published:; 30 November 2022

What is CVE-2021-4242?

A vulnerability was found in Sapido BR270n, BRC76n, GR297 and RB1732 and classified as critical. Affected by this issue is some unknown functionality of the file ip/syscmd.htm. The manipulation leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-214592.

Affected Version(s)

BR270n

BRC76n

GR297

References

https://blog.csdn.net/qq_44159028/article/details/114590267

https://github.com/smallpiggy/Sapido--rce/blob/main/Sapid...

https://vuldb.com/?id.214592

EPSS Score

10% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

6.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 30, 2022
Vulnerability Reserved
Nov 30, 2022

JSON