Directory Traversal Vulnerability in HD-Network Real-time Monitoring System
CVE-2021-45043

7.5HIGH

Key Information:

Vendor: Hd-network Real-time Monitoring System Project
Status: Hd-network Real-time Monitoring System
Vendor: CVE Published:; 15 December 2021

🔔 Create Hd-network Real-time Monitoring System Project Vulnerability Alert

Badges

👾 Exploit Exists🟡 Public PoC🟣 EPSS 33%

What is CVE-2021-45043?

The HD-Network Real-time Monitoring System 2.0 is vulnerable to a directory traversal flaw. This security issue allows attackers to exploit the /language/lang s_Language parameter, potentially leading to unauthorized access to the /etc/shadow file. Such access can expose sensitive information, including user credentials, putting system security at risk. It is crucial for users of this product to apply patches and review security configurations to mitigate the impact of this vulnerability.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

cve-2021-45043
Created by crypt0g30rgy

References

https://drive.google.com/file/d/1DlfZz0F8skWy3Mkahx_NMo-s...

x_refsource_MISC

https://drive.google.com/file/d/1bx9yCN-IHYuRpd7g3jhMb0Lc...

x_refsource_MISC

EPSS Score

33% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Dec 15, 2021
👾
Exploit known to exist
Dec 15, 2021
Vulnerability published
Dec 15, 2021
Vulnerability Reserved
Dec 14, 2021

CVE-2021-45043 Data

JSON