CVE-2021-42912
moderate-risk
Published 2021-12-16
FiberHome ONU GPON AN5506-04-F RP2617 is affected by an OS command injection vulnerability. This vulnerability allows the attacker, once logged in, to send commands to the operating system as the root user via the ping diagnostic tool, bypassing the IP address field, and concatenating OS commands with a semicolon.
Do I need to act?
-
0.10% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.8/10
High
NETWORK
/ LOW complexity
Affected Products (8)
An5506-01-A Firmware
An5506-01-B Firmware
An5506-02-B Firmware
An5506-02-B Firmware
An5506-02-B Firmware
An5506-04-B Firmware
An5506-04-F Firmware
Aan5506-04-G2G Firmware
Affected Vendors
References (6)
Broken Link
http://fiberhome.com
Not Applicable
http://onu.com
Broken Link
http://fiberhome.com
Not Applicable
http://onu.com
44
/ 100
moderate-risk
Severity
30/34 · Critical
Exploitability
0/34 · Minimal
Exposure
14/34 · Moderate