CVE-2021-27573
published 2021-05-07CVE-2021-27573: An issue was discovered in Emote Remote Mouse through 4.0.0.0. Remote unauthenticated users can execute arbitrary code via crafted UDP packets with no prior…
PriorityP275critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
14.19%
96.1th percentile
An issue was discovered in Emote Remote Mouse through 4.0.0.0. Remote unauthenticated users can execute arbitrary code via crafted UDP packets with no prior authorization or authentication.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| remotemouse | emote_remote_mouse | <= 4.0.0.0 | — |
Detection & IOCsextracted from sources · hover to see the quote
url/lua/%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2ffind_prefs.lua.css
url/lua/.%2f.%2f.%2f.%2f.%2f.%2f.%2f.%2f.%2f.%2f.%2f.%2f.%2f.%2f.%2f.%2f.%2f.%2f.%2f.%2f.%2f.%2f.%2f.%2f.%2f.%2f.%2f.%2f.%2f.%2f.%2f.%2f.%2f.%2f.%2f.%2f.%2f.%2f.%2f.%2f.%2f.%2f.%2f.%2f.%2f.%2f.%2f.%2f.%2f.%2f.%2f.%2f.%2f.%2f.%2f.%2f.%2f.%2f.%2f.%2f.%2f.%2f.%2f.%2f.%2f.%2f.%2f.%2f.%2f.%2f.%2f.%2f.%2f.%2f.%2f.%2f.%2f.%2f.%2f.%2f.%2f.%2f.%2f.%2f.%2f.%2f.%2f.%2f.%2f.%2f.%2f.%2f.%2f.%2f.%2f.%2f.%2f.%2f.%2f.%2f.%2f.%2ffind_prefs.lua.css
pathfind_prefs.lua.css
- →Detect path-traversal authentication bypass attempts against ntopng: look for HTTP GET requests to /lua/ containing long sequences of URL-encoded dot-slash (%2e%2f or .%2f) traversal sequences terminating in find_prefs.lua.css
- →A successful exploitation response returns HTTP 200 with Content-Type header containing 'application/json' and a body containing all three of: '"results":', '"name":', '"tab":'
- ·The template metadata references CVE-2021-28073 (ntopng authentication bypass) but the NVD source URL and CVE field in the query are for CVE-2021-27573 (Emote Remote Mouse RCE via UDP). These are two distinct vulnerabilities; the Nuclei template and its IOCs apply to ntopng (CVE-2021-28073), not to Emote Remote Mouse (CVE-2021-27573). ↗
- ·The ntopng path-traversal bypass affects ntopng <= 4.2 only; versions 4.3 and later are not vulnerable.
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
Ntopng Authentication Bypass
nuclei·CVSS 9.8
CVE-2021-28073 [CRITICAL] Ntopng Authentication Bypass
Ntopng Authentication Bypass
Ntopng, a passive network monitoring tool, contains an authentication bypass vulnerability in ntopng <= 4.2
Template:
id: CVE-2021-28073
info:
name: Ntopng Authentication Bypass
author: z3bd
severity: critical
description: Ntopng, a passive network monitoring tool, contains an authentication bypass vulnerability in ntopng <= 4.2
impact: |
Successful exploitation of this vulnerability could result in unauthorized access to sensitive information and potential compromise of the affected system.
remediation: Upgrade to version 4.3 or later.
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2021-27573
- http://noahblog.360.cn/ntopng-multiple-vulnerabilities/
- https://github.com/AndreaOm/docs/blob/c27d2db8dbedb35c9e69109898aaecd0f849186a/wikipoc/PeiQi_Wiki/%E6%9
No writeups or analysis indexed.
2021-05-07
Published