cbcvebase.
CVE-2021-46704
published 2022-03-06

CVE-2021-46704: In GenieACS 1.2.x before 1.2.8, the UI interface API is vulnerable to unauthenticated OS command injection via the ping host argument (lib/ui/api.ts and…

PriorityP181critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
21.90%
97.3th percentile
In GenieACS 1.2.x before 1.2.8, the UI interface API is vulnerable to unauthenticated OS command injection via the ping host argument (lib/ui/api.ts and lib/ping.ts). The vulnerability arises from insufficient input validation combined with a missing authorization check.

Affected

2 ranges
VendorProductVersion rangeFixed in
genieacsgenieacs>= 0 < 1.2.81.2.8
genieacsgenieacs>= 1.2.0 < 1.2.81.2.8

Detection & IOCsextracted from sources · hover to see the quote

url/api/ping/;`id`
path/api/ping/
yara
regex: uid=([0-9]+)
  • Exploit requests target the unauthenticated GET endpoint /api/ping/ with OS command injection via the host argument (e.g., ;`id`). Detect GET requests to /api/ping/ containing shell metacharacters (`;`, backticks, `|`, `$()`).
  • Successful exploitation returns HTTP 500 with a plain-text body containing uid=<number>(<username>) output from the injected `id` command. Alert on HTTP 500 responses from /api/ping/ with body matching uid=\d+.
  • Response Content-Type header is text/plain on exploitation. Combine with the /api/ping/ path and 500 status for high-fidelity detection.
  • Identify exposed GenieACS UI instances via Shodan favicon hash -2098066288 or HTML keyword 'genieacs' for asset discovery and pre-emptive patching.
  • The vulnerable code paths are lib/ui/api.ts and lib/ping.ts. Audit or monitor file integrity on these paths in GenieACS deployments.
  • ·The vulnerability is unauthenticated — no session or credentials are required to reach /api/ping/, making it exploitable by any network-accessible attacker. Ensure the GenieACS UI port is not exposed to untrusted networks.
  • ·Affected versions are GenieACS 1.2.x before 1.2.8 only. Versions >= 1.2.8 are patched per the referenced commit and release tag.

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.