CVE-2021-35402
published 2026-02-20CVE-2021-35402: PROLiNK PRC2402M 20190909 before 2021-06-13 allows live_api.cgi?page=satellite_list OS command injection via shell metacharacters in the ip parameter (for…
PriorityP184critical10CVSS 3.1
AVNACLPRNUINSCCHIHAH
ITWVulnCheck KEV
Exploited in the wild
EPSS
0.95%
56.9th percentile
PROLiNK PRC2402M 20190909 before 2021-06-13 allows live_api.cgi?page=satellite_list OS command injection via shell metacharacters in the ip parameter (for satellite_status).
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| prolink | prc2402m | >= 20190909 < 2021-06-13 | 2021-06-13 |
CVSS provenance
nvdv3.110.0CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
vulncheck10.0CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-68g8-2724-hq79: PROLiNK PRC2402M 20190909 before 2021-06-13 allows live_api
ghsa_unreviewed·2026-02-20
CVE-2021-35402 [CRITICAL] CWE-78 GHSA-68g8-2724-hq79: PROLiNK PRC2402M 20190909 before 2021-06-13 allows live_api
PROLiNK PRC2402M 20190909 before 2021-06-13 allows live_api.cgi?page=satellite_list OS command injection via shell metacharacters in the ip parameter (for satellite_status).
VulnCheck
Prolink PRC2402M 'satellist_list' Command Injection Vulnerability
vulncheck·2021·CVSS 10.0
CVE-2021-35402 [CRITICAL] Prolink PRC2402M 'satellist_list' Command Injection Vulnerability
Prolink PRC2402M 'satellist_list' Command Injection Vulnerability
A vulnerability is present in Prolink PRC2402M that could allow unauthenticated remote adversaries to inject commands due to improper checks on input supplied to 'live_api.cgi'.
Affected: Prolink PRC2402M
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://api.vulncheck.com/v3/index/sans-dshield?cve=CVE-2021-35402
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-02-20
Published
Exploited in the wild