cbcvebase.
CVE-2021-45466
published 2022-12-26

CVE-2021-45466: In CWP (aka Control Web Panel or CentOS Web Panel) before 0.9.8.1107, attackers can make a crafted request to api/?api=add_server&DHCP= to add an…

PriorityP268critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
55.34%
98.9th percentile
In CWP (aka Control Web Panel or CentOS Web Panel) before 0.9.8.1107, attackers can make a crafted request to api/?api=add_server&DHCP= to add an authorized_keys text file in the /resources/ folder.

Affected

1 ranges
VendorProductVersion rangeFixed in
control-webpanelwebpanel< 0.9.8.11070.9.8.1107

Detection & IOCsextracted from sources · hover to see the quote

urlapi/?api=add_server&DHCP=
path/resources/authorized_keys
ip206.189.170.136
ip185.117.73.208
ip157.230.62.113
ip180.183.132.35
  • Monitor for crafted HTTP requests targeting the CWP API endpoint api/?api=add_server&DHCP= which attempts to write an authorized_keys file into the /resources/ directory.
  • Monitor for access from known malicious IPs (206.189.170.136, 185.117.73.208, 157.230.62.113, 180.183.132.35) associated with exploitation attempts of CWP vulnerabilities including CVE-2021-45466.
  • CVE-2021-45466 is chained with CVE-2021-45467 to achieve pre-authenticated remote code execution; detection should account for both vulnerabilities being exploited together.
  • ·The vulnerability affects CWP versions before 0.9.8.1107; ensure version detection covers this specific boundary when scanning for vulnerable instances.
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.