Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2021-45420
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
Emerson Dixell XWEB-500 products are affected by arbitrary file write vulnerability in /cgi-bin/logo_extra_upload.cgi, /cgi-bin/cal_save.cgi, and /cgi-bin/lo_utils.cgi. An attacker will be able to write any file on the target system without any kind of authentication mechanism, and this can lead to denial of service and potentially remote code execution. Note: the product has not been supported since 2018 and should be removed or replaced
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Emerson Xweb-500 授权问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Emerson Xweb-500是美国Emerson公司的一个基于 Web 服务器技术的数据记录和远程监控系统。 Emerson Xweb-500 存在安全漏洞,该漏洞源于Emerson Dixell XWEB-500产品受到/cgi-bin/logo_extra_upload.cgi, /cgi-bin/cal_save.cgi, 和 /cgi-bin/lo_utils.cgi 任意文件写入漏洞的影响。攻击者可利用该漏洞在没有任何身份验证机制的情况下向目标系统写入任何文件,这可能导致拒绝服务和可能的远程
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
VendorProductAffected VersionsCPESubscribe
-n/a n/a -
II. Public POCs for CVE-2021-45420
#POC DescriptionSource LinkShenlong Link
1Emerson Dixell XWEB-500 products are affected by arbitrary file write vulnerabilities in /cgi-bin/logo_extra_upload.cgi, /cgi-bin/cal_save.cgi, and /cgi-bin/lo_utils.cgi. An attacker will be able to write any file on the target system without any kind of authentication mechanism, and this can lead to denial of service and potentially remote code execution. Note that this product has not been supported since 2018 and should be removed or replaced.https://github.com/projectdiscovery/nuclei-templates/blob/main/http/vulnerabilities/other/dixell-xweb500-filewrite.yamlPOC Details
2Emerson Dixell XWEB-500 contains an arbitrary file write caused by unauthenticated access to /cgi-bin/logo_extra_upload.cgi, /cgi-bin/cal_save.cgi, and /cgi-bin/lo_utils.cgi, letting attackers write any file on the system, exploit requires no authentication. https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2021/CVE-2021-45420.yamlPOC Details
AI-Generated POCPremium

No public POC found.

Login to generate AI POC
III. Intelligence Information for CVE-2021-45420
Please Login to view more intelligence information
IV. Related Vulnerabilities
Same product: n/a
Same vendor: n/a
V. Comments for CVE-2021-45420

No comments yet

Leave a comment