CVE-2021-36380 | Attaxion

CISA Known Exploited Vulnerability (KEV)

Name

Sunhillo SureLine OS Command Injection Vulnerablity

Exploit added

March 5, 2024

Action due

March 26, 2024

Action required

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Sunhillo SureLine before 8.7.0.1.1 allows Unauthenticated OS Command Injection via shell metacharacters in ipAddr or dnsAddr /cgi/networkDiag.cgi.

CWE-ID	CWE Name
CWE-78	Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’)

Source:
NVD

Published:
August 13, 2021

Updated:
July 3, 2024

Base score:
9.8

Severity:

CRITICAL

Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Base score:
10

Severity:

HIGH

Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C