// For flags

CVE-2021-42324

 

Severity Score

7.4
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

An issue was discovered on DCN (Digital China Networks) S4600-10P-SI devices before R0241.0470. Due to improper parameter validation in the console interface, it is possible for a low-privileged authenticated attacker to escape the sandbox environment and execute system commands as root via shell metacharacters in the capture command parameters. Command output will be shown on the Serial interface of the device. Exploitation requires both credentials and physical access.

Se ha detectado un problema en los dispositivos DCN (Digital China Networks) S4600-10P-SI versiones anteriores a R0241.0470. Debido a una inapropiada comprobación de parámetros en la interfaz de la consola, es posible que un atacante autenticado con pocos privilegios escape del entorno del sandbox y ejecute comandos del sistema como root por medio de meta caracteres de shell en los parámetros de los comandos de captura. La salida del comando será mostrada en la interfaz de serie del dispositivo. La explotación requiere tanto credenciales como acceso físico

*Credits: N/A
CVSS Scores
Attack Vector
Physical
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Local
Attack Complexity
Low
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2021-10-12 CVE Reserved
  • 2022-04-05 CVE Published
  • 2023-12-08 EPSS Updated
  • 2024-08-04 CVE Updated
  • 2024-08-04 First Exploit
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Dcnglobal
Search vendor "Dcnglobal"
S4600-10p-si Firmware
Search vendor "Dcnglobal" for product "S4600-10p-si Firmware"
>= r0241.0370 < r0241.0470
Search vendor "Dcnglobal" for product "S4600-10p-si Firmware" and version " >= r0241.0370 < r0241.0470"
-
Affected
in Dcnglobal
Search vendor "Dcnglobal"
S4600-10p-si
Search vendor "Dcnglobal" for product "S4600-10p-si"
--
Safe