HomePentest-Tools.com Logo

Visual Tools DVR - Remote Code Execution (CVE-2021-42071)

Severity
CVSSv3 Score
9.8
Vulnerability description

Visual Tools DVR is affected by a Remote Code Execution, located in theU ser-Agent HTTP header. The root cause of this vulnerability is that an unauthenticated remote attacker can access the Common Gateway Interface (CGI) and use a crafted User-Agent HTTP header to execute commands on the server. This vulnerability is similar to the Shellshock vulnerability (CVE-2014-6271).

Risk description

The risk exists that a remote unauthenticated attacker can fully compromise the server in order to steal confidential information, install ransomware, or pivot to the internal network.

Exploit capabilities

Sniper can gain unauthenticated Remote Code Execution on the target system and extract multiple artefacts as evidence.

Recommendation

No patches are available for this vulnerability.

Codename
Not available
Detectable with
Network Scanner
Exploitable with Sniper
Yes
Vuln date
Jul 2021
Published at
Updated at
Software Type
Monitoring system
Vendor
VisualTools
Product
DVR