CVE-2021-42324
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
An issue was discovered on DCN (Digital China Networks) S4600-10P-SI devices before R0241.0470. Due to improper parameter validation in the console interface, it is possible for a low-privileged authenticated attacker to escape the sandbox environment and execute system commands as root via shell metacharacters in the capture command parameters. Command output will be shown on the Serial interface of the device. Exploitation requires both credentials and physical access.
Se ha detectado un problema en los dispositivos DCN (Digital China Networks) S4600-10P-SI versiones anteriores a R0241.0470. Debido a una inapropiada comprobación de parámetros en la interfaz de la consola, es posible que un atacante autenticado con pocos privilegios escape del entorno del sandbox y ejecute comandos del sistema como root por medio de meta caracteres de shell en los parámetros de los comandos de captura. La salida del comando será mostrada en la interfaz de serie del dispositivo. La explotación requiere tanto credenciales como acceso físico
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-10-12 CVE Reserved
- 2022-04-05 CVE Published
- 2023-12-08 EPSS Updated
- 2024-08-04 CVE Updated
- 2024-08-04 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CAPEC
References (2)
URL | Tag | Source |
---|---|---|
https://www.dcneurope.eu/products/switches/s4600-10p-si | Broken Link |
URL | Date | SRC |
---|---|---|
https://exatel.pl/cve-2021-42324-metacharacter-injection-w-przelacznikach-dcn-s4600-10p-si | 2024-08-04 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Dcnglobal Search vendor "Dcnglobal" | S4600-10p-si Firmware Search vendor "Dcnglobal" for product "S4600-10p-si Firmware" | >= r0241.0370 < r0241.0470 Search vendor "Dcnglobal" for product "S4600-10p-si Firmware" and version " >= r0241.0370 < r0241.0470" | - |
Affected
| in | Dcnglobal Search vendor "Dcnglobal" | S4600-10p-si Search vendor "Dcnglobal" for product "S4600-10p-si" | - | - |
Safe
|