CyberSec.Space Logo
CVEブラウザに戻る

CVE-2021-26472

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0230%
EPSS Percentile7.16th
Published2021年6月8日
Last Modified2024年11月21日

Vulnerability Description

In VembuBDR before 4.2.0.1 and VembuOffsiteDR before 4.2.0.1 installed on Windows, the http API located at /consumerweb/secure/download.php. Using this command argument an unauthenticated attacker can execute arbitrary OS commands with SYSTEM privileges.

Affected Platforms (CPE)

📦
Vembu

Bdr Suite

< 4.2.0.1
📦
Vembu

Offsite Dr

< 4.2.0.1

References & Advisories

🔗 https://csirt.divd.nl/2021/05/11/Vembu-zero-days/
🔗 https://csirt.divd.nl/cases/DIVD-2020-00011/
🔗 https://csirt.divd.nl/cves/CVE-2021-26472/
🔗 https://www.wbsec.nl/vembu
🔗 https://csirt.divd.nl/2021/05/11/Vembu-zero-days/
🔗 https://csirt.divd.nl/cases/DIVD-2020-00011/
🔗 https://csirt.divd.nl/cves/CVE-2021-26472/
🔗 https://www.wbsec.nl/vembu

関連する脆弱性情報

CVE-2021-443410.0

The Social Warfare plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 3.5.2 via the 'sw...

CVE-2021-2196110.0

A stack-based buffer overflow vulnerability exists in the NBNS functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. A ...

CVE-2021-2196010.0

A stack-based buffer overflow vulnerability exists in both the LLMNR functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3....

CVE-2021-4766710.0

An OS command injection vulnerability in lib/NSSDropoff.php in ZendTo 5.24-3 through 6.x before 6.10-7 allows unauthenticated remo...