1 results (0.002 seconds)
CVSS: 10.0EPSS: 97%CPEs: 1EXPL: 0
CVSS: 10.0EPSS: 97%CPEs: 1EXPL: 0CVE-2021-27561 – Yealink Device Management Server-Side Request Forgery (SSRF) Vulnerability
https://notcve.org/view.php?id=CVE-2021-27561
15 Oct 2021 — Yealink Device Management (DM) 3.6.0.20 allows command injection as root via the /sm/api/v1/firewall/zone/services URI, without authentication. Yealink Device Management (DM) 3.6.0.20 permite la inyección de comandos como root por medio del URI /sm/api/v1/firewall/zone/services, sin autenticación. Yealink Device Management contains a server-side request forgery (SSRF) vulnerability that allows for unauthenticated remote code execution. • https://ssd-disclosure.com/?p=4688 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •