CVE-2021-3149

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in conan/openssl

Identifiers

CVE-2021-3149

Package Slug

conan/openssl

Vulnerability

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Description

On Netshield NANO 25 10.2.18 devices, /usr/local/webmin/System/manual_ping.cgi allows OS command injection (after authentication by the attacker) because the system C library function is used unsafely.

Affected Versions

All versions starting from 1.1.1 before 1.1.1k

Solution

Upgrade to version 1.1.1o or above.

Last Modified

2022-07-24

source