CVE-2021-36380
Sunhillo SureLine OS Command Injection Vulnerablity
CVSS
—
No CVSS
EPSS
97.6%
p100
KEV
YES
Mar 5, 2024
Exploit Today
80
0-100
Published: — · Last modified: —
Product
Sunhillo / SureLine
Vulnerability
Sunhillo SureLine OS Command Injection Vulnerablity
Added to KEV
Mar 5, 2024
Remediate by
Mar 26, 2024
Known ransomware use
No
Summary description
Sunhillo SureLine contains an OS command injection vulnerability that allows an attacker to cause a denial-of-service or utilize the device for persistence on the network via shell metacharacters in ipAddr or dnsAddr in /cgi/networkDiag.cgi.
Required action
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Notes
https://www.sunhillo.com/fb011/; https://nvd.nist.gov/vuln/detail/CVE-2021-36380
No related CVEs by CWE or product.