Vulnerabilities > CVE-2021-38703 - Unspecified vulnerability in KPN Experia Wifi Firmware 1.00.15

CVSS 8.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

kpn

NVD

Published: 2021-09-01

Updated: 2024-11-21

Summary

Wireless devices running certain Arcadyan-derived firmware (such as KPN Experia WiFi 1.00.15) do not properly sanitise user input to the syslog configuration form. An authenticated remote attacker could leverage this to alter the device configuration and achieve remote code execution. This can be exploited in conjunction with CVE-2021-20090.

Vulnerable Configurations

Part	Description	Count
OS	Kpn KPN Experia Wifi Firmware 1.00.15	1
Hardware	Kpn KPN Experia Wifi -	1

References

https://7bits.nl/journal/posts/cve-2021-38703-kpn-experia-wifi-root-shell/
https://7bits.nl/journal/posts/cve-2021-38703-kpn-experia-wifi-root-shell/
https://www.kpnwebshop.com/modems-routers/producten/experia-wifi/2
https://www.kpnwebshop.com/modems-routers/producten/experia-wifi/2