In Visual Tools DVR VX16 4.2.28.0, an unauthenticated attacker can achieve remote command execution via shell metacharacters in the cgi-bin/slogin/login.py User-Agent HTTP header.
References
Link | Resource |
---|---|
https://visual-tools.com/ | Vendor Advisory |
https://www.exploit-db.com/exploits/50098 | Exploit Third Party Advisory VDB Entry |
https://www.swascan.com/security-advisory-visual-tools-dvr-cve-2021-42071/ | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2021-10-07T16:15:14
Updated: 2021-10-15T13:05:35
Reserved: 2021-10-07T00:00:00
Link: CVE-2021-42071
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-10-07T17:15:08.453
Modified: 2021-10-15T16:11:36.727
Link: CVE-2021-42071
JSON object: View
Redhat Information
No data.
CWE