CVE-2021-42912
published 2021-12-16CVE-2021-42912: FiberHome ONU GPON AN5506-04-F RP2617 is affected by an OS command injection vulnerability. This vulnerability allows the attacker, once logged in, to send…
PriorityP182high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
ITWVulnCheck KEV
Exploited in the wild
EPSS
13.80%
96.0th percentile
FiberHome ONU GPON AN5506-04-F RP2617 is affected by an OS command injection vulnerability. This vulnerability allows the attacker, once logged in, to send commands to the operating system as the root user via the ping diagnostic tool, bypassing the IP address field, and concatenating OS commands with a semicolon.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| fiberhome | aan5506-04-g2g_firmware | — | — |
| fiberhome | an5506-01-a_firmware | — | — |
| fiberhome | an5506-01-b_firmware | — | — |
| fiberhome | an5506-02-b_firmware | — | — |
| fiberhome | an5506-02-b_firmware | — | — |
| fiberhome | an5506-02-b_firmware | — | — |
| fiberhome | an5506-04-b_firmware | — | — |
| fiberhome | an5506-04-f_firmware | — | — |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.09.0CRITICALAV:N/AC:L/Au:S/C:C/I:C/A:C
vulncheck8.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-hcfv-5p8h-vvh5: FiberHome ONU GPON AN5506-04-F RP2617 is affected by an OS command injection vulnerability
ghsa_unreviewed·2021-12-17
CVE-2021-42912 [HIGH] CWE-78 GHSA-hcfv-5p8h-vvh5: FiberHome ONU GPON AN5506-04-F RP2617 is affected by an OS command injection vulnerability
FiberHome ONU GPON AN5506-04-F RP2617 is affected by an OS command injection vulnerability. This vulnerability allows the attacker, once logged in, to send commands to the operating system as the root user via the ping diagnostic tool, bypassing the IP address field, and concatenating OS commands with a semicolon.
VulnCheck
fiberhome an5506-01-a_firmware Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
vulncheck·2021·CVSS 8.8
CVE-2021-42912 [HIGH] fiberhome an5506-01-a_firmware Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
fiberhome an5506-01-a_firmware Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
FiberHome ONU GPON AN5506-04-F RP2617 is affected by an OS command injection vulnerability. This vulnerability allows the attacker, once logged in, to send commands to the operating system as the root user via the ping diagnostic tool, bypassing the IP address field, and concatenating OS commands with a semicolon.
Affected: fiberhome an5506-01-a_firmware
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2024-12-20&host_type=src&vulnerability=cve-2021-42912
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2021-12-16
Published
Exploited in the wild