CVE-2021-45420
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
Emerson Dixell XWEB-500 products are affected by arbitrary file write vulnerability in /cgi-bin/logo_extra_upload.cgi, /cgi-bin/cal_save.cgi, and /cgi-bin/lo_utils.cgi. An attacker will be able to write any file on the target system without any kind of authentication mechanism, and this can lead to denial of service and potentially remote code execution. Note: the product has not been supported since 2018 and should be removed or replaced
Los productos Emerson Dixell XWEB-500 están afectados por una vulnerabilidad de escritura de archivos arbitrarios en los archivos /cgi-bin/logo_extra_upload.cgi, /cgi-bin/cal_save.cgi y /cgi-bin/lo_utils.cgi. Un atacante podrá escribir cualquier archivo en el sistema de destino sin ningún tipo de mecanismo de autenticación, y esto puede conllevar a una denegación de servicio y potencialmente una ejecución de código remota. Nota: el producto no presenta soporte desde 2018 y debe ser eliminado o reemplazado
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-12-20 CVE Reserved
- 2022-02-14 CVE Published
- 2024-08-04 CVE Updated
- 2024-08-04 First Exploit
- 2024-09-20 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
- CWE-306: Missing Authentication for Critical Function
- CWE-668: Exposure of Resource to Wrong Sphere
CAPEC
References (3)
URL | Tag | Source |
---|---|---|
http://dixell.com | Product |
URL | Date | SRC |
---|---|---|
https://www.swascan.com/emerson | 2024-08-04 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
http://emerson.com | 2024-05-17 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Emerson Search vendor "Emerson" | Dixell Xweb-500 Firmware Search vendor "Emerson" for product "Dixell Xweb-500 Firmware" | - | - |
Affected
| in | Emerson Search vendor "Emerson" | Dixell Xweb-500 Search vendor "Emerson" for product "Dixell Xweb-500" | - | - |
Safe
|