cbcvebase.
CVE-2021-42912
published 2021-12-16

CVE-2021-42912: FiberHome ONU GPON AN5506-04-F RP2617 is affected by an OS command injection vulnerability. This vulnerability allows the attacker, once logged in, to send…

PriorityP182high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
ITWVulnCheck KEV
Exploited in the wild
EPSS
13.80%
96.0th percentile
FiberHome ONU GPON AN5506-04-F RP2617 is affected by an OS command injection vulnerability. This vulnerability allows the attacker, once logged in, to send commands to the operating system as the root user via the ping diagnostic tool, bypassing the IP address field, and concatenating OS commands with a semicolon.

Affected

8 ranges
VendorProductVersion rangeFixed in
fiberhomeaan5506-04-g2g_firmware
fiberhomean5506-01-a_firmware
fiberhomean5506-01-b_firmware
fiberhomean5506-02-b_firmware
fiberhomean5506-02-b_firmware
fiberhomean5506-02-b_firmware
fiberhomean5506-04-b_firmware
fiberhomean5506-04-f_firmware

CVSS provenance

nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.09.0CRITICALAV:N/AC:L/Au:S/C:C/I:C/A:C
vulncheck8.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.