CVE-2021-4470
published 2025-11-14CVE-2021-4470: TG8 Firewall contains a pre-authentication remote code execution vulnerability in the runphpcmd.php endpoint. The syscmd POST parameter is passed directly to a…
PriorityP275critical9.3CVSS 4.0
AVNACLATNPRNUINVCHVIHVAHSCNSINSANEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
EPSS
0.92%
55.8th percentile
TG8 Firewall contains a pre-authentication remote code execution vulnerability in the runphpcmd.php endpoint. The syscmd POST parameter is passed directly to a system command without validation and executed with root privileges. A remote, unauthenticated attacker can supply crafted values to execute arbitrary operating system commands as root, resulting in full device compromise.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| msrc | microsoft_exchange_server_2013_cumulative_update_23 | — | — |
| msrc | microsoft_exchange_server_2016_cumulative_update_19 | — | — |
| msrc | microsoft_exchange_server_2016_cumulative_update_20 | — | — |
| msrc | microsoft_exchange_server_2019_cumulative_update_8 | — | — |
| msrc | microsoft_exchange_server_2019_cumulative_update_9 | — | — |
| tg8 | tg8_firewall | — | — |
CVSS provenance
nvdv4.09.3CRITICALCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vendor_msrc9.8CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-vqv4-pwx4-w694: TG8 Firewall contains a pre-authentication remote code execution vulnerability in the runphpcmd
ghsa_unreviewed·2025-11-15
CVE-2021-4470 [CRITICAL] CWE-78 GHSA-vqv4-pwx4-w694: TG8 Firewall contains a pre-authentication remote code execution vulnerability in the runphpcmd
TG8 Firewall contains a pre-authentication remote code execution vulnerability in the runphpcmd.php endpoint. The syscmd POST parameter is passed directly to a system command without validation and executed with root privileges. A remote, unauthenticated attacker can supply crafted values to execute arbitrary operating system commands as root, resulting in full device compromise.
Microsoft
Microsoft Exchange Server Elevation of Privilege Vulnerability
vendor_msrc·2021-07-13·CVSS 9.0
CVE-2021-34523 [CRITICAL] Microsoft Exchange Server Elevation of Privilege Vulnerability
Microsoft Exchange Server Elevation of Privilege Vulnerability
Microsoft Exchange Server: Microsoft Exchange Server
Microsoft: Microsoft
Impact: Elevation of Privilege
Exploit Status: Publicly Disclosed:Yes;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A
Reference: http://www.microsoft.com/download/details.aspx?familyid=f827ff3b-194c-4470-aa8f-6cedc0d95d07
Reference: https://support.microsoft.com/help/5001779
Reference: http://www.microsoft.com/download/details.aspx?familyid=5aa2aaf7-860d-4977-acd4-82096c83c5f0
Reference: http://www.microsoft.com/download/details.aspx?familyid=b13f23a9-5603-4b13-8e16-6d35b5b33524
Reference: http://www.microsoft.com/download/details.aspx?familyid=52da6d67-e0c4-4af0-a133-1e47217b6
Microsoft
Microsoft Exchange Server Remote Code Execution Vulnerability
vendor_msrc·2021-07-13·CVSS 9.1
CVE-2021-34473 [CRITICAL] Microsoft Exchange Server Remote Code Execution Vulnerability
Microsoft Exchange Server Remote Code Execution Vulnerability
Microsoft Exchange Server: Microsoft Exchange Server
Microsoft: Microsoft
Impact: Remote Code Execution
Exploit Status: Publicly Disclosed:Yes;Exploited:No;Latest Software Release:Exploitation More Likely;Older Software Release:Exploitation More Likely;DOS:N/A
Reference: http://www.microsoft.com/download/details.aspx?familyid=f827ff3b-194c-4470-aa8f-6cedc0d95d07
Reference: https://support.microsoft.com/help/5001779
Reference: http://www.microsoft.com/download/details.aspx?familyid=5aa2aaf7-860d-4977-acd4-82096c83c5f0
Reference: http://www.microsoft.com/download/details.aspx?familyid=b13f23a9-5603-4b13-8e16-6d35b5b33524
Reference: http://www.microsoft.com/download/details.aspx?familyid=52da6d67-e0c4-4af0-a133-1e47217b630
Microsoft
Microsoft Exchange Server Remote Code Execution Vulnerability
vendor_msrc·2021-04-13·CVSS 9.8
CVE-2021-28480 [CRITICAL] Microsoft Exchange Server Remote Code Execution Vulnerability
Microsoft Exchange Server Remote Code Execution Vulnerability
FAQ: Where can I find more information about protecting myself from this vulnerability?
Please see the MSRC Blog Post April 2021 Update Tuesday packages now available for more information.
Microsoft Exchange Server: Microsoft Exchange Server
Microsoft: Microsoft
Impact: Remote Code Execution
Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;Older Software Release:Exploitation More Likely;DOS:N/A
Reference: http://www.microsoft.com/download/details.aspx?familyid=f827ff3b-194c-4470-aa8f-6cedc0d95d07
Reference: https://support.microsoft.com/help/5001779
Reference: http://www.microsoft.com/download/details.aspx?familyid=52da6d67-e0c4-4af0-a133-1e47217b6309
Reference: http://
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://ssd-disclosure.com/ssd-advisory-tg8-firewall-preauth-rce-and-password-disclosure/https://web.archive.org/web/20211024224240/http://www.tg8security.com/https://www.vulncheck.com/advisories/tg8-firewall-unauthenticated-rce-via-runphpcmd-phphttps://ssd-disclosure.com/ssd-advisory-tg8-firewall-preauth-rce-and-password-disclosure/
2025-11-14
Published