CVE-2021-26471

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
08/06/2021
Last modified:
22/04/2022

Description

In VembuBDR before 4.2.0.1 and VembuOffsiteDR before 4.2.0.1, the http API located at /sgwebservice_o.php accepts a command argument. Using this command argument an unauthenticated attacker can execute arbitrary shell commands.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:vembu:bdr_suite:*:*:*:*:*:*:*:* 4.2.0.1 (excluding)
cpe:2.3:a:vembu:offsite_dr:*:*:*:*:*:*:*:* 4.2.0.1 (excluding)