Vulnerabilities > CVE-2021-26471 - Unspecified vulnerability in Vembu BDR Suite and Offsite DR
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
In VembuBDR before 4.2.0.1 and VembuOffsiteDR before 4.2.0.1, the http API located at /sgwebservice_o.php accepts a command argument. Using this command argument an unauthenticated attacker can execute arbitrary shell commands.
Vulnerable Configurations
References
- https://csirt.divd.nl/2021/05/11/Vembu-zero-days/
- https://csirt.divd.nl/2021/05/11/Vembu-zero-days/
- https://csirt.divd.nl/cases/DIVD-2020-00011/
- https://csirt.divd.nl/cases/DIVD-2020-00011/
- https://csirt.divd.nl/cves/CVE-2021-26471/
- https://csirt.divd.nl/cves/CVE-2021-26471/
- https://www.wbsec.nl/vembu
- https://www.wbsec.nl/vembu