CyberSec.Space Logo
Back to CVE Browser

CVE-2021-26472

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0230%
EPSS Percentile7.16th
PublishedJun 8, 2021
Last ModifiedNov 21, 2024

Vulnerability Description

In VembuBDR before 4.2.0.1 and VembuOffsiteDR before 4.2.0.1 installed on Windows, the http API located at /consumerweb/secure/download.php. Using this command argument an unauthenticated attacker can execute arbitrary OS commands with SYSTEM privileges.

Affected Platforms (CPE)

πŸ“¦
Vembu

Bdr Suite

< 4.2.0.1
πŸ“¦
Vembu

Offsite Dr

< 4.2.0.1

References & Advisories

πŸ”— https://csirt.divd.nl/2021/05/11/Vembu-zero-days/
πŸ”— https://csirt.divd.nl/cases/DIVD-2020-00011/
πŸ”— https://csirt.divd.nl/cves/CVE-2021-26472/
πŸ”— https://www.wbsec.nl/vembu
πŸ”— https://csirt.divd.nl/2021/05/11/Vembu-zero-days/
πŸ”— https://csirt.divd.nl/cases/DIVD-2020-00011/
πŸ”— https://csirt.divd.nl/cves/CVE-2021-26472/
πŸ”— https://www.wbsec.nl/vembu

Related Vulnerabilities

CVE-2021-2124310.0

OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, a Kubernetes REST endpoint exposes two methods that deser...

CVE-2021-2124410.0

OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, There is a vulnerability that enabled pre-auth server sid...

CVE-2021-021110.0

An improper check for unusual or exceptional conditions in Juniper Networks Junos OS and Junos OS Evolved Routing Protocol Daemon ...

CVE-2021-2124210.0

OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, there is a critical vulnerability which can lead to pre-a...