Details of VAR-202112-1760

ID

VAR-202112-1760

CVE

CVE-2021-42912

TITLE

FiberHome ONU GPON AN5506-04-F In OS Command injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2021-016400

DESCRIPTION

FiberHome ONU GPON AN5506-04-F RP2617 is affected by an OS command injection vulnerability. This vulnerability allows the attacker, once logged in, to send commands to the operating system as the root user via the ping diagnostic tool, bypassing the IP address field, and concatenating OS commands with a semicolon. (DoS) It may be in a state. Fiberhome FiberHome ONU GPON is a router from Fiberhome in China

Trust: 2.16

sources: NVD: CVE-2021-42912 // JVNDB: JVNDB-2021-016400 // CNVD: CNVD-2022-08928

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2022-08928

AFFECTED PRODUCTS

vendor:	fiberhome	model:	an5506-01-a	scope:	eq	version:	rp0509	Trust: 1.0
vendor:	fiberhome	model:	aan5506-04-g2g	scope:	eq	version:	rp2560	Trust: 1.0
vendor:	fiberhome	model:	an5506-02-b	scope:	eq	version:	rp2603	Trust: 1.0
vendor:	fiberhome	model:	an5506-01-b	scope:	eq	version:	rp2610	Trust: 1.0
vendor:	fiberhome	model:	an5506-04-f	scope:	eq	version:	rp2617	Trust: 1.0
vendor:	fiberhome	model:	an5506-02-b	scope:	eq	version:	rp2521	Trust: 1.0
vendor:	fiberhome	model:	an5506-02-b	scope:	eq	version:	rp2520	Trust: 1.0
vendor:	fiberhome	model:	an5506-04-b	scope:	eq	version:	rp2510	Trust: 1.0
vendor:	fiberhome group	model:	an5506-01-b	scope:	-	version:	-	Trust: 0.8
vendor:	fiberhome group	model:	an5506-04-b	scope:	-	version:	-	Trust: 0.8
vendor:	fiberhome group	model:	an5506-04-f	scope:	-	version:	-	Trust: 0.8
vendor:	fiberhome group	model:	an5506-01-a	scope:	-	version:	-	Trust: 0.8
vendor:	fiberhome group	model:	aan5506-04-g2g	scope:	-	version:	-	Trust: 0.8
vendor:	fiberhome group	model:	an5506-02-b	scope:	-	version:	-	Trust: 0.8
vendor:	fiberhome	model:	onu gpon an5506-04-f rp2617	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2022-08928 // JVNDB: JVNDB-2021-016400 // NVD: CVE-2021-42912

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-42912
value:	HIGH
Trust: 1.0
NVD:	CVE-2021-42912
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2022-08928
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-202112-1407
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2021-42912
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2022-08928
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2021-42912
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2021-42912
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2022-08928 // JVNDB: JVNDB-2021-016400 // CNNVD: CNNVD-202112-1407 // NVD: CVE-2021-42912

PROBLEMTYPE DATA

problemtype:	CWE-78	Trust: 1.0
problemtype:	OS Command injection (CWE-78) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-016400 // NVD: CVE-2021-42912

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202112-1407

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-202112-1407

PATCH

title:

Top Page

url:

https://www.fiberhome.com/

Trust: 0.8

sources: JVNDB: JVNDB-2021-016400

EXTERNAL IDS

db:	NVD	id:	CVE-2021-42912	Trust: 3.8
db:	JVNDB	id:	JVNDB-2021-016400	Trust: 0.8
db:	CNVD	id:	CNVD-2022-08928	Trust: 0.6
db:	CNNVD	id:	CNNVD-202112-1407	Trust: 0.6

sources: CNVD: CNVD-2022-08928 // JVNDB: JVNDB-2021-016400 // CNNVD: CNNVD-202112-1407 // NVD: CVE-2021-42912

REFERENCES

url:	http://fiberhome.com	Trust: 1.6
url:	http://onu.com	Trust: 1.6
url:	https://nvd.nist.gov/vuln/detail/cve-2021-42912	Trust: 1.4
url:	https://medium.com/@windsormoreira/fiberhome-an5506-os-command-injection-cve-2021-42912-10b64fd10ce2	Trust: 1.4
url:	https://medium.com/%40windsormoreira/fiberhome-an5506-os-command-injection-cve-2021-42912-10b64fd10ce2	Trust: 1.0

sources: JVNDB: JVNDB-2021-016400 // CNNVD: CNNVD-202112-1407 // NVD: CVE-2021-42912

SOURCES

db:	CNVD	id:	CNVD-2022-08928
db:	JVNDB	id:	JVNDB-2021-016400
db:	CNNVD	id:	CNNVD-202112-1407
db:	NVD	id:	CVE-2021-42912

LAST UPDATE DATE

2024-11-23T22:57:50.674000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2022-08928	date:	2022-02-09T00:00:00
db:	JVNDB	id:	JVNDB-2021-016400	date:	2022-12-14T05:08:00
db:	CNNVD	id:	CNNVD-202112-1407	date:	2021-12-23T00:00:00
db:	NVD	id:	CVE-2021-42912	date:	2024-11-21T06:28:17.887

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2022-08928	date:	2022-02-09T00:00:00
db:	JVNDB	id:	JVNDB-2021-016400	date:	2022-12-14T00:00:00
db:	CNNVD	id:	CNNVD-202112-1407	date:	2021-12-16T00:00:00
db:	NVD	id:	CVE-2021-42912	date:	2021-12-16T17:15:07.980