CyberSec.Space Logo
CVEブラウザに戻る

CVE-2021-27514

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1840%
EPSS Percentile21.27th
Published2021年2月22日
Last Modified2024年11月21日

Vulnerability Description

EyesOfNetwork 5.3-10 uses an integer of between 8 and 10 digits for the session ID, which might be leveraged for brute-force authentication bypass (such as in CVE-2021-27513 exploitation).

Affected Platforms (CPE)

📦
Eyesofnetwork

Eyesofnetwork

= 5.3-10

References & Advisories

🔗 https://github.com/ArianeBlow/exploit-eyesofnetwork5.3.10/blob/main/PoC-BruteForceID-arbitraty-file-upload-RCE-PrivEsc.py
🔗 https://github.com/EyesOfNetworkCommunity/eonweb/issues/87
🔗 https://github.com/ArianeBlow/exploit-eyesofnetwork5.3.10/blob/main/PoC-BruteForceID-arbitraty-file-upload-RCE-PrivEsc.py
🔗 https://github.com/EyesOfNetworkCommunity/eonweb/issues/87

関連する脆弱性情報

CVE-2020-94659.8

An issue was discovered in EyesOfNetwork eonweb 5.1 through 5.3 before 5.3-3. The eonweb web interface is prone to a SQL injection...

CVE-2020-86579.8

An issue was discovered in EyesOfNetwork 5.3. The installation uses the same API key (hardcoded as EONAPI_KEY in include/api_funct...

CVE-2020-86569.8

An issue was discovered in EyesOfNetwork 5.3. The EyesOfNetwork API 2.4.2 is prone to SQL injection, allowing an unauthenticated a...

CVE-2020-278869.8

An issue was discovered in EyesOfNetwork eonweb 5.3-7 through 5.3-8. The eonweb web interface is prone to a SQL injection, allowin...