ID
VAR-202108-0483
CVE
CVE-2021-21805
TITLE
Advantech R-SeeNet In OS Command injection vulnerability
Trust: 0.8
DESCRIPTION
An OS Command Injection vulnerability exists in the ping.php script functionality of Advantech R-SeeNet v 2.4.12 (20.10.2020). A specially crafted HTTP request can lead to arbitrary OS command execution. An attacker can send a crafted HTTP request to trigger this vulnerability. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Advantech R-SeeNet is an industrial monitoring software developed by China Taiwan Advantech Company. The software monitors the platform based on the snmp protocol, and is suitable for Linux and Windows platforms
Trust: 2.34
AFFECTED PRODUCTS
| vendor: | advantech | model: | r-seenet | scope: | eq | version: | 2.4.12 | Trust: 1.0 |
| vendor: | アドバンテック株式会社 | model: | r-seenet | scope: | eq | version: | - | Trust: 0.8 |
| vendor: | アドバンテック株式会社 | model: | r-seenet | scope: | eq | version: | 2.4.12 (20.10.2020) | Trust: 0.8 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-78 | Trust: 1.1 |
| problemtype: | OS Command injection (CWE-78) [NVD Evaluation ] | Trust: 0.8 |
THREAT TYPE
remote
Trust: 0.6
TYPE
other
Trust: 0.6
PATCH
| title: | Top Page | url: | https://icr.advantech.cz/ | Trust: 0.8 |
| title: | Kenzer Templates [5170] [DEPRECATED] | url: | https://github.com/ARPSyndicate/kenzer-templates | Trust: 0.1 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2021-21805 | Trust: 3.4 |
| db: | TALOS | id: | TALOS-2021-1274 | Trust: 2.6 |
| db: | JVNDB | id: | JVNDB-2021-009475 | Trust: 0.8 |
| db: | CNNVD | id: | CNNVD-202107-1114 | Trust: 0.7 |
| db: | CS-HELP | id: | SB2021041363 | Trust: 0.6 |
| db: | CNNVD | id: | CNNVD-202104-975 | Trust: 0.6 |
| db: | CS-HELP | id: | SB2021071609 | Trust: 0.6 |
| db: | VULHUB | id: | VHN-380209 | Trust: 0.1 |
| db: | VULMON | id: | CVE-2021-21805 | Trust: 0.1 |
REFERENCES
| url: | https://talosintelligence.com/vulnerability_reports/talos-2021-1274 | Trust: 3.2 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2021-21805 | Trust: 0.8 |
| url: | https://www.cybersecurity-help.cz/vdb/sb2021041363 | Trust: 0.6 |
| url: | https://www.cybersecurity-help.cz/vdb/sb2021071609 | Trust: 0.6 |
| url: | https://cwe.mitre.org/data/definitions/78.html | Trust: 0.1 |
| url: | https://nvd.nist.gov | Trust: 0.1 |
| url: | https://github.com/arpsyndicate/kenzer-templates | Trust: 0.1 |
CREDITS
Member of the Cisco Talos team
Trust: 0.6
SOURCES
| db: | VULHUB | id: | VHN-380209 |
| db: | VULMON | id: | CVE-2021-21805 |
| db: | JVNDB | id: | JVNDB-2021-009475 |
| db: | CNNVD | id: | CNNVD-202104-975 |
| db: | CNNVD | id: | CNNVD-202107-1114 |
| db: | NVD | id: | CVE-2021-21805 |
LAST UPDATE DATE
2024-08-14T12:46:45.841000+00:00
SOURCES UPDATE DATE
| db: | VULHUB | id: | VHN-380209 | date: | 2022-09-30T00:00:00 |
| db: | VULMON | id: | CVE-2021-21805 | date: | 2022-09-30T00:00:00 |
| db: | JVNDB | id: | JVNDB-2021-009475 | date: | 2022-04-28T03:46:00 |
| db: | CNNVD | id: | CNNVD-202104-975 | date: | 2021-04-14T00:00:00 |
| db: | CNNVD | id: | CNNVD-202107-1114 | date: | 2021-08-13T00:00:00 |
| db: | NVD | id: | CVE-2021-21805 | date: | 2022-09-30T03:09:26.817 |
SOURCES RELEASE DATE
| db: | VULHUB | id: | VHN-380209 | date: | 2021-08-05T00:00:00 |
| db: | VULMON | id: | CVE-2021-21805 | date: | 2021-08-05T00:00:00 |
| db: | JVNDB | id: | JVNDB-2021-009475 | date: | 2022-04-28T00:00:00 |
| db: | CNNVD | id: | CNNVD-202104-975 | date: | 2021-04-13T00:00:00 |
| db: | CNNVD | id: | CNNVD-202107-1114 | date: | 2021-07-15T00:00:00 |
| db: | NVD | id: | CVE-2021-21805 | date: | 2021-08-05T21:15:10.683 |