CVE-2021-3355

Related Files

Geutebruck Remote Command Execution

Posted Sep 2, 2021

Authored by Titouan Lazard, Sebastien Charbonnier, Ibrahim Ayadhi | Site metasploit.com

This Metasploit module bypasses the HTTP basic authentication used to access the /uapi-cgi/ folder and exploits multiple authenticated arbitrary command execution vulnerabilities within the parameters of various pages on Geutebruck G-Cam EEC-2xxx and G-Code EBC-21xx, EFD-22xx, ETHC-22xx, and EWPC-22xx devices running firmware versions 1.12.0.27 and below as well as firmware versions 1.12.13.2 and 1.12.14.5. Successful exploitation results in remote code execution as the root user.

tags | exploit, remote, web, arbitrary, cgi, root, vulnerability, code execution

advisories | CVE-2021-33543, CVE-2021-33544, CVE-2021-33548, CVE-2021-33550, CVE-2021-33551, CVE-2021-33552, CVE-2021-33553, CVE-2021-33554

SHA-256 | cf7ad8dd0a73829d3346e2425a6d3d0e8426e0d758005a97a9748eb069e34e22

Download | Favorite | View

LightCMS 1.3.4 Cross Site Scripting

Posted Feb 26, 2021

Authored by Peithon

LightCMS version 1.3.4 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss

advisories | CVE-2021-3355

SHA-256 | 489d6c40243ba53c59b2924a4df63135bfe4159984831d388fdfb908bf301091

Download | Favorite | View