Vulnerabilities > CVE-2021-45420 - Exposure of Resource to Wrong Sphere vulnerability in Emerson Dixell Xweb-500 Firmware

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

emerson

CWE-668

critical

NVD

Published: 2022-02-14

Updated: 2024-04-11

Summary

Emerson Dixell XWEB-500 products are affected by arbitrary file write vulnerability in /cgi-bin/logo_extra_upload.cgi, /cgi-bin/cal_save.cgi, and /cgi-bin/lo_utils.cgi. An attacker will be able to write any file on the target system without any kind of authentication mechanism, and this can lead to denial of service and potentially remote code execution. Note: the product has not been supported since 2018 and should be removed or replaced

Vulnerable Configurations

Part	Description	Count
OS	Emerson Emerson Dixell Xweb 500 Firmware -	1
Hardware	Emerson Emerson Dixell Xweb 500 -	1

Common Weakness Enumeration (CWE)

CWE-668 - Exposure of Resource to Wrong Sphere

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References