支持本站 — 捐款将帮助我们持续运营

目标:1000 元,已筹:736

73.6%
立即捐款
一、 漏洞 CVE-2021-47827 基础信息
漏洞信息
                                        # WebSSH 14.16.10 拒绝服务漏洞

N/A
神龙判断

是否为 Web 类漏洞: 未知

判断理由:

N/A
提示
尽管我们采用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。
神龙会尽力确保数据准确,但也请结合实际情况进行甄别与判断。
神龙祝您一切顺利!
漏洞标题
WebSSH for iOS 14.16.10 - 'mashREPL' Denial of Service
来源:美国国家漏洞数据库 NVD
漏洞描述信息
WebSSH for iOS 14.16.10 contains a denial of service vulnerability in the mashREPL tool that allows attackers to crash the application by pasting malformed input. Attackers can trigger the vulnerability by copying a 300-character buffer of repeated 'A' characters into the mashREPL input field, causing the application to crash.
来源:美国国家漏洞数据库 NVD
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
来源:美国国家漏洞数据库 NVD
漏洞类别
N/A
来源:美国国家漏洞数据库 NVD
二、漏洞 CVE-2021-47827 的公开POC
#POC 描述源链接神龙链接
三、漏洞 CVE-2021-47827 的情报信息

  • 标题: WebSSH for iOS 14.16.10 - 'mashREPL' Denial of Service (PoC) - iOS dos Exploit -- 🔗来源链接

    标签:exploit

    神龙速读:
                                            - **标题**: WebSSH for iOS 14.16.10 - 'mashREPL' Denial of Service (PoC)
- **EDB-ID**: 49883
- **CVE**: N/A
- **作者**: LUIS MARTÍNEZ
- **类型**: DoS
- **平台**: iOS
- **日期**: 2021-05-19
- **易受攻击的应用**: 无
- **漏洞细节**:
    - **测试版本**: 14.16.10
    - **漏洞类型**: 本地拒绝服务 (DoS)
    - **测试环境**: iPhone 7 iOS 14.5.1
- **产生崩溃的步骤**:
    1. 运行Python代码: `WebSSH_for_iOS_14.16.10.py`
    2. 将内容复制到剪贴板
    3. 打开 "WebSSH for iOS"
    4. 点击 -> Tools
    5. 点击 -> mashREPL
    WebSSH for iOS 14.16.10 - 'mashREPL' Denial of Service (PoC) - iOS dos Exploit

  • 标题: ‎App WebSSH - SSH, SFTP & Tools - App Store -- 🔗来源链接

    标签:product

    神龙速读:
                                            ```
- App: WebSSH - SSH, SFTP & Tools
- Version: 30.8
- Developer: MENGUS ARNAUD
- Category: For developers
- Language: Spanish and 15 more
- Size: 189.4 MB
- Last Update: Jan 13, 2023
- User Reviews: 4.9 of 5 stars from 130 ratings

## Key Vulnerability Points
- **App Store Vulnerability:** The ma운trival level of user access might lead to unauthorized app downloads or maliciouun access.
- **Privacy Concerns:** While the developer states "No data is collected," the app's network access and data transmission protocols may be exploited for sensitive data interception.
- **SFTP & Telnet Protocol Usage:** These protocols may introduce security risks if not properly secured, leading to potential data leaks or unauthorized access.
- **iCloud Integration:** If compromised, user-encrypted sensitive data stored on iCloud could be at risk.
- **App Developer Reputation:** Understanding the developer's history and community feedback is crucial for assessing the app's security and reliability.

```
    ‎App WebSSH - SSH, SFTP & Tools - App Store

  • 标题: WebSSH for iOS 14.16.10 - 'mashREPL' Denial of Service | Advisories | VulnCheck -- 🔗来源链接

    标签:third-party-advisory

    神龙速读:
                                            ### 关键信息

- **标题**: WebSSH for iOS 14.16.10 - 'mashREPL' Denial of Service
- **严重性**: 中等 (Medium)
- **日期**: 2026年1月16日
- **影响范围**: WebSSH for iOS 14.16.10
- **CVE**: CVE-2021-47827
- **CWE**: CWE-1284 - 错误验证输入中指定的数量
- **CVSS**: 4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
- **引用**:
  - ExploitDB-49883
  - WebSSH iOS App Store Page
- **发现者**: Luis Martinez
- **描述**: WebSSH for iOS 14.16.10 在 mashREPL 工具中包含一个拒绝服务漏洞,通过粘贴恶意输入,攻击者可以导致应用程序崩溃。攻击者可以通过将300个字符的缓冲区(重复的'A'字符)复制到 mashREPL 输入字段中触发此漏洞,导致应用程序崩溃。
    WebSSH for iOS 14.16.10 - 'mashREPL' Denial of Service | Advisories | VulnCheck
  • https://nvd.nist.gov/vuln/detail/CVE-2021-47827
四、漏洞 CVE-2021-47827 的评论

暂无评论

发表评论