HIGH🇵🇱 Wersja polska

CVE-2021-42372

CVSS 8.8v3.1pub. 2021-11-08upd. 2024-11-21

A shell command injection in the HW Events SNMP community in XoruX LPAR2RRD and STOR2RRD before 7.30 allows authenticated remote attackers to execute arbitrary shell commands as the user running the service.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • Xorux Lpar2rrd

    APP
    Xorux
    < 7.30
  • Xorux Stor2rrd

    APP
    Xorux
    < 7.30
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Command Injection
CWE
References

Related vulnerabilities

CVE-2021-42371CRITICAL9.8ten sam produkt

lpar2rrd is a hardcoded system account in XoruX LPAR2RRD and STOR2RRD before 7.30.

CVE-2020-24032CRITICAL9.8ten sam produkt

tz.pl on XoruX LPAR2RRD and STOR2RRD 2.70 virtual appliances allows cmd=set&tz=OS command injection via shell ...

CVE-2014-4981CRITICAL9.8ten sam produkt

LPAR2RRD in 3.5 and earlier allows remote attackers to execute arbitrary commands due to insufficient input sa...

CVE-2014-4982CRITICAL9.8ten sam produkt

LPAR2RRD ≤ 4.53 and ≤ 3.5 has arbitrary command injection on the application server.

CVE-2025-54769HIGH8.8ten sam produkt

An authenticated, read-only user can upload a file and perform a directory traversal to have the uploaded file...