CVE-2021-31477
HIGHGE Reason RPV311 Firmware 14A03 - Unauthenticated Remote Code Execution via Hard-coded Credentials
Title source: llmDescription
This vulnerability allows remote attackers to execute arbitrary code on affected installations of GE Reason RPV311 14A03. Authentication is not required to exploit this vulnerability. The specific flaw exists within the firmware and filesystem of the device. The firmware and filesystem contain hard-coded default credentials. An attacker can leverage this vulnerability to execute code in the context of the download user. Was ZDI-CAN-11852.
References (2)
Core 2
Core References
Third Party Advisory, VDB Entry x_refsource_misc
https://www.zerodayinitiative.com/advisories/ZDI-21-616/
Vendor Advisory x_refsource_misc
https://www.gegridsolutions.com/products/support/GES-2021-005%20-%20RPV311%20Security%20Notice.pdf
Scores
CVSS v3
7.3
EPSS
0.0264
EPSS Percentile
83.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Details
CWE
CWE-798
Status
published
Products (1)
ge/reason_rpv311_firmware
14a03
Published
Jun 16, 2021
Tracked Since
Feb 18, 2026