CVE-2021-25864
published 2021-01-26CVE-2021-25864: node-red-contrib-huemagic 3.0.0 is affected by hue/assets/..%2F Directory Traversal.in the res.sendFile API, used in file hue-magic.js, to fetch an arbitrary…
PriorityP179high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
9.33%
94.8th percentile
node-red-contrib-huemagic 3.0.0 is affected by hue/assets/..%2F Directory Traversal.in the res.sendFile API, used in file hue-magic.js, to fetch an arbitrary file.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| dgtl | huemagic | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Send a GET request with a URL-encoded directory traversal payload via the /hue/assets/ endpoint to attempt to read /etc/passwd. A successful exploit returns HTTP 200 with content matching 'root:.*:0:0:'.
- →Shodan/FOFA/Google dorks can be used to identify exposed Node-RED instances that may be running the vulnerable huemagic plugin.
- →The vulnerability exists in the res.sendFile API call within hue-magic.js; look for unsanitized file path parameters passed to this function in Node-RED huemagic 3.0.0.
- ·The traversal payload uses URL-encoded forward slashes (%2F) to bypass path sanitization; detection rules must account for both encoded and decoded variants of the traversal sequence.
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
vulncheck7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Path Traversal in node-red-contrib-huemagic
ghsa·2021-04-13
CVE-2021-25864 [HIGH] CWE-22 Path Traversal in node-red-contrib-huemagic
Path Traversal in node-red-contrib-huemagic
node-red-contrib-huemagic 3.0.0 is affected by `hue/assets/..%2F` Directory Traversal.in the `res.sendFile` API, used in file hue-magic.js, to fetch an arbitrary file.
OSV
Path Traversal in node-red-contrib-huemagic
osv·2021-04-13
CVE-2021-25864 [HIGH] Path Traversal in node-red-contrib-huemagic
Path Traversal in node-red-contrib-huemagic
node-red-contrib-huemagic 3.0.0 is affected by `hue/assets/..%2F` Directory Traversal.in the `res.sendFile` API, used in file hue-magic.js, to fetch an arbitrary file.
VulnCheck
dgtl huemagic Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
vulncheck·2021·CVSS 7.5
CVE-2021-25864 [HIGH] dgtl huemagic Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
dgtl huemagic Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
node-red-contrib-huemagic 3.0.0 is affected by hue/assets/..%2F Directory Traversal.in the res.sendFile API, used in file hue-magic.js, to fetch an arbitrary file.
Affected: dgtl huemagic
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2023-12-24&host_type=src&vulnerability=cve-2021-25864; https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2024-01-07&host_type=src&vulnerability=cve-2021-25864; https://dashboard.shadowserver.org/statistics/honeypot/vulnerability
No detection rules found.
Nuclei
Hue Magic 3.0.0 - Local File Inclusion
nuclei·CVSS 7.5
CVE-2021-25864 [HIGH] Hue Magic 3.0.0 - Local File Inclusion
Hue Magic 3.0.0 - Local File Inclusion
Hue Magic 3.0.0 is susceptible to local file inclusion via the res.sendFile API.
Template:
id: CVE-2021-25864
info:
name: Hue Magic 3.0.0 - Local File Inclusion
author: 0x_Akoko
severity: high
description: Hue Magic 3.0.0 is susceptible to local file inclusion via the res.sendFile API.
impact: |
The LFI vulnerability can lead to unauthorized access to sensitive files, potentially exposing sensitive information or allowing for further exploitation.
remediation: |
Apply the latest security patch or update to a non-vulnerable version of Hue Magic.
reference:
- https://github.com/Foddy/node-red-contrib-huemagic/issues/217
- https://nvd.nist.gov/vuln/detail/CVE-2021-25864
- https://github.com/ARPSyndicate/cvemon
- https://github.com/ARPSyndicate/kenzer
Nuclei
Apache Druid - Remote Code Execution
nuclei·CVSS 8.8
CVE-2021-25646 [HIGH] Apache Druid - Remote Code Execution
Apache Druid - Remote Code Execution
Apache Druid is susceptible to remote code execution because by default it lacks authorization and authentication. Attackers can send specially crafted requests to execute arbitrary code with the privileges of processes on the Druid server.
Template:
id: CVE-2021-25646
info:
name: Apache Druid - Remote Code Execution
author: pikpikcu
severity: high
description: |
Apache Druid is susceptible to remote code execution because by default it lacks authorization and authentication. Attackers can send specially crafted requests to execute arbitrary code with the privileges of processes on the Druid server.
impact: |
Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system.
remediation: |
Apply t
2021-01-26
Published
Exploited in the wild