CVE-2021-43339 – Ericsson Network Location MPS GMPC21 - Remote Code Execution (RCE)
https://notcve.org/view.php?id=CVE-2021-43339
In Ericsson Network Location before 2021-07-31, it is possible for an authenticated attacker to inject commands via file_name in the export functionality. For example, a new admin user could be created. En Ericsson Network Location antes del 2021-07-31, es posible que un atacante autenticado inyecte comandos a través de file_name en la funcionalidad de exportación. Por ejemplo, se podría crear un nuevo usuario administrador. • https://www.exploit-db.com/exploits/50468 https://pentest.com.tr/blog/RCE-via-Meow-Variant-along-with-an-Example-0day-PacketHackingVillage-Defcon29.html https://www.exploit-db.com/exploits/50469 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •