CVE-2021-4242

moderate-risk

Published 2022-11-30

A vulnerability was found in Sapido BR270n, BRC76n, GR297 and RB1732 and classified as critical. Affected by this issue is some unknown functionality of the file ip/syscmd.htm. The manipulation leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-214592.

Do I need to act?

10.5% chance of exploitation in next 30 days

EPSS score — higher than 90% of all CVEs

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 6.3/10 Medium

NETWORK / LOW complexity

Affected Products (4)

Br270N Firmware

Brc76N Firmware

Gr297N Firmware

Rb-1732 Firmware

Affected Vendors

Sapido

References (6)

Exploit https://blog.csdn.net/qq_44159028/article/details/114590267

Exploit https://github.com/smallpiggy/Sapido--rce/blob/main/Sapido%E8%B7%AF%E7%94%B1%E5%...

Third Party Advisory https://vuldb.com/?id.214592

Exploit https://blog.csdn.net/qq_44159028/article/details/114590267

Exploit https://github.com/smallpiggy/Sapido--rce/blob/main/Sapido%E8%B7%AF%E7%94%B1%E5%...

Third Party Advisory https://vuldb.com/?id.214592

/ 100

moderate-risk

Severity 23/34 · High

Exploitability 11/34 · Low

Exposure 10/34 · Low