CVE-2021-40378

high-risk

Published 2021-09-01

An issue was discovered on Compro IP70 2.08_7130218, IP570 2.08_7130520, IP60, and TN540 devices. /cgi-bin/support/killps.cgi deletes all data from the device.

Do I need to act?

40.6% chance of exploitation in next 30 days

EPSS score — higher than 59% of all CVEs

Not on CISA KEV list

No confirmed active exploitation reported to CISA

1 public exploit available

50250

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 8.1/10 High

NETWORK / LOW complexity

Affected Products (4)

Ip70 Firmware

Ip570 Firmware

Ip60 Firmware

Tn540 Firmware

Affected Vendors

Comprotech

References (4)

Exploit http://packetstormsecurity.com/files/164024/Compro-Technology-IP-Camera-Denial-O...

Broken Link https://github.com/icekam/0day/blob/main/Compro-Technology-Camera-has-multiple-v...

Exploit http://packetstormsecurity.com/files/164024/Compro-Technology-IP-Camera-Denial-O...

Broken Link https://github.com/icekam/0day/blob/main/Compro-Technology-Camera-has-multiple-v...

/ 100

high-risk

Severity 28/34 · Critical

Exploitability 17/34 · Moderate

Exposure 10/34 · Low