CVE-2021-42912: Command Injection
First published: Thu Dec 16 2021(Updated: )
FiberHome ONU GPON AN5506-04-F RP2617 is affected by an OS command injection vulnerability. This vulnerability allows the attacker, once logged in, to send commands to the operating system as the root user via the ping diagnostic tool, bypassing the IP address field, and concatenating OS commands with a semicolon.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| Fiberhome An5506-01-a | =rp0509 | |
| Fiberhome An5506-01-a Firmware | ||
| All of | ||
| Fiberhome An5506-01-b | =rp2610 | |
| Fiberhome An5506-01-b Firmware | ||
| All of | ||
| Any of | ||
| FiberHome AN5506-02-B | =rp2520 | |
| FiberHome AN5506-02-B | =rp2521 | |
| FiberHome AN5506-02-B | =rp2603 | |
| FiberHome AN5506-02-B | ||
| All of | ||
| Fiberhome AN5506-04-B Firmware | =rp2510 | |
| Fiberhome AN5506-04-B Firmware | ||
| All of | ||
| Fiberhome AN5506-04-F | =rp2617 | |
| Fiberhome AN5506-04-F | ||
| All of | ||
| Fiberhome AN5506-04-G2G | =rp2560 | |
| Fiberhome AN5506-04-G2G | ||
| Fiberhome An5506-01-a | =rp0509 | |
| Fiberhome An5506-01-a Firmware | ||
| Fiberhome An5506-01-b | =rp2610 | |
| Fiberhome An5506-01-b Firmware | ||
| FiberHome AN5506-02-B | =rp2520 | |
| FiberHome AN5506-02-B | =rp2521 | |
| FiberHome AN5506-02-B | =rp2603 | |
| FiberHome AN5506-02-B | ||
| Fiberhome AN5506-04-B Firmware | =rp2510 | |
| Fiberhome AN5506-04-B Firmware | ||
| Fiberhome AN5506-04-F | =rp2617 | |
| Fiberhome AN5506-04-F | ||
| Fiberhome AN5506-04-G2G | =rp2560 | |
| Fiberhome AN5506-04-G2G |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this vulnerability?
The vulnerability ID for this vulnerability is CVE-2021-42912.
What is the severity of CVE-2021-42912?
The severity of CVE-2021-42912 is critical with a severity value of 8.8.
How does CVE-2021-42912 affect the FiberHome ONU GPON AN5506-04-F RP2617?
CVE-2021-42912 affects the FiberHome ONU GPON AN5506-04-F RP2617 by allowing the attacker to send OS commands to the operating system as the root user.
How can the attacker exploit CVE-2021-42912?
The attacker can exploit CVE-2021-42912 by logging in and using the ping diagnostic tool to bypass the IP address field and concatenate OS commands.
Are there any known fixes or patches for CVE-2021-42912?
There are currently no known fixes or patches for CVE-2021-42912. It is recommended to contact the vendor for further information.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/references
- agent/first-publish-date
- agent/description
- agent/last-modified-date
- agent/author
- agent/event
- agent/softwarecombine
- agent/source
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-index
- agent/weakness
- vendor/fiberhome
- canonical/fiberhome an5506-01-a
- version/fiberhome an5506-01-a/rp0509
- canonical/fiberhome an5506-01-a firmware
- canonical/fiberhome an5506-01-b
- version/fiberhome an5506-01-b/rp2610
- canonical/fiberhome an5506-01-b firmware
- canonical/fiberhome an5506-02-b
- version/fiberhome an5506-02-b/rp2520
- version/fiberhome an5506-02-b/rp2521
- version/fiberhome an5506-02-b/rp2603
- canonical/fiberhome an5506-04-b firmware
- version/fiberhome an5506-04-b firmware/rp2510
- canonical/fiberhome an5506-04-f
- version/fiberhome an5506-04-f/rp2617
- canonical/fiberhome an5506-04-g2g
- version/fiberhome an5506-04-g2g/rp2560