CVE-2021-46704
published 2022-03-06CVE-2021-46704: In GenieACS 1.2.x before 1.2.8, the UI interface API is vulnerable to unauthenticated OS command injection via the ping host argument (lib/ui/api.ts and…
PriorityP181critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
21.90%
97.3th percentile
In GenieACS 1.2.x before 1.2.8, the UI interface API is vulnerable to unauthenticated OS command injection via the ping host argument (lib/ui/api.ts and lib/ping.ts). The vulnerability arises from insufficient input validation combined with a missing authorization check.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| genieacs | genieacs | >= 0 < 1.2.8 | 1.2.8 |
| genieacs | genieacs | >= 1.2.0 < 1.2.8 | 1.2.8 |
Detection & IOCsextracted from sources · hover to see the quote
yara↗
regex: uid=([0-9]+)
- →Exploit requests target the unauthenticated GET endpoint /api/ping/ with OS command injection via the host argument (e.g., ;`id`). Detect GET requests to /api/ping/ containing shell metacharacters (`;`, backticks, `|`, `$()`). ↗
- →Successful exploitation returns HTTP 500 with a plain-text body containing uid=<number>(<username>) output from the injected `id` command. Alert on HTTP 500 responses from /api/ping/ with body matching uid=\d+. ↗
- →Response Content-Type header is text/plain on exploitation. Combine with the /api/ping/ path and 500 status for high-fidelity detection. ↗
- →Identify exposed GenieACS UI instances via Shodan favicon hash -2098066288 or HTML keyword 'genieacs' for asset discovery and pre-emptive patching. ↗
- →The vulnerable code paths are lib/ui/api.ts and lib/ping.ts. Audit or monitor file integrity on these paths in GenieACS deployments. ↗
- ·The vulnerability is unauthenticated — no session or credentials are required to reach /api/ping/, making it exploitable by any network-accessible attacker. Ensure the GenieACS UI port is not exposed to untrusted networks. ↗
- ·Affected versions are GenieACS 1.2.x before 1.2.8 only. Versions >= 1.2.8 are patched per the referenced commit and release tag. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
OS Command Injection in GenieACS
osv·2022-03-07
CVE-2021-46704 [CRITICAL] OS Command Injection in GenieACS
OS Command Injection in GenieACS
In GenieACS 1.2.x before 1.2.8, the UI interface API is vulnerable to unauthenticated OS command injection via the ping host argument (lib/ui/api.ts and lib/ping.ts). The vulnerability arises from insufficient input validation combined with a missing authorization check.
GHSA
OS Command Injection in GenieACS
ghsa·2022-03-07
CVE-2021-46704 [CRITICAL] CWE-78 OS Command Injection in GenieACS
OS Command Injection in GenieACS
In GenieACS 1.2.x before 1.2.8, the UI interface API is vulnerable to unauthenticated OS command injection via the ping host argument (lib/ui/api.ts and lib/ping.ts). The vulnerability arises from insufficient input validation combined with a missing authorization check.
No detection rules found.
Nuclei
GenieACS => 1.2.8 - OS Command Injection
nuclei·CVSS 9.8
CVE-2021-46704 [CRITICAL] GenieACS => 1.2.8 - OS Command Injection
GenieACS => 1.2.8 - OS Command Injection
In GenieACS 1.2.x before 1.2.8, the UI interface API is vulnerable to unauthenticated OS command injection via the ping host argument (lib/ui/api.ts and lib/ping.ts). The vulnerability arises from insufficient input validation combined with a missing authorization check.
Template:
id: CVE-2021-46704
info:
name: GenieACS => 1.2.8 - OS Command Injection
author: DhiyaneshDK
severity: critical
description: |
In GenieACS 1.2.x before 1.2.8, the UI interface API is vulnerable to unauthenticated OS command injection via the ping host argument (lib/ui/api.ts and lib/ping.ts). The vulnerability arises from insufficient input validation combined with a missing authorization check.
impact: |
Successful exploitation of this vulnerability could allow an atta
2022-03-06
Published