Endian Firewall Community (aka EFW) 3.3.2 allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in a backup comment.
References
Link | Resource |
---|---|
https://github.com/MucahitSaratar/endian_firewall_authenticated_rce | Exploit Third Party Advisory |
https://www.endian.com/company/news/endian-community-releases-new-version-332-148/ | Release Notes Vendor Advisory |
https://sourceforge.net/projects/efw/files/Development/EFW-3.3.2/ | Release Notes Third Party Advisory |
Configurations
Information
Published : 2021-02-15 11:15
Updated : 2022-07-12 10:42
NVD link : CVE-2021-27201
Mitre link : CVE-2021-27201
JSON object : View
CWE
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Products Affected
endian
- firewall_community