CVE-2021-35064

CRITICAL EXPLOITED IN THE WILD NUCLEI

KramerAV VIAWare - Privilege Escalation

Title source: llm

Exploitation Summary

CVE-2021-35064 has been observed exploited in the wild (reported by VulnCheck KEV, InTheWild.io). EIP tracks 2 public exploits from researchers including Chocapikk. A Nuclei detection template is also available.

AI-analyzed exploit summary This repository contains a functional exploit for CVE-2021-35064, which targets a file write vulnerability in VIA Collaboration Hub. The exploit writes a PHP web shell to the target system and provides instructions for achieving root access via sudo rpm command execution.

Description

KramerAV VIAWare, all tested versions, allow privilege escalation through misconfiguration of sudo. Sudoers permits running of multiple dangerous commands, including unzip, systemctl and dpkg.

Exploits (2)

nomisec WORKING POC 2 stars

by Chocapikk · local

https://github.com/Chocapikk/CVE-2021-35064

View Code ZIP pw:eip

This repository contains a functional exploit for CVE-2021-35064, which targets a file write vulnerability in VIA Collaboration Hub. The exploit writes a PHP web shell to the target system and provides instructions for achieving root access via sudo rpm command execution.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: VIA Collaboration Hub

No auth needed

Prerequisites: Network access to the target system · VIA Collaboration Hub running a vulnerable version

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1505.003 - Web Shell

devstral-2 · analyzed Feb 18, 2026 Full analysis →

exploitdb WORKING POC

pythonremotehardware

https://www.exploit-db.com/exploits/50856

View Code ZIP pw:eip

This exploit demonstrates a remote code execution vulnerability in KRAMER VIAware by uploading a PHP web shell to the Apache web directory and executing commands with root privileges via sudo rpm. The exploit leverages insecure file upload and command injection techniques.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: KRAMER VIAware (all versions, tested on ViaWare Go)

No auth needed

Prerequisites: Network access to the target system · Apache web server running on the target

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1505 - Server Software Component

devstral-2 · analyzed Feb 19, 2026 Full analysis →

Nuclei Templates (1)

Kramer VIAware - Privilege Escalation and Remote Code Execution

CRITICALby ritikchaddha

FOFA: icon_hash="1521468900"

References (2)

Core 2

Core References

Exploit, Product, Vendor Advisory x_refsource_misc

https://www.kramerav.com/us/product/viaware

Exploit, Third Party Advisory, VDB Entry x_refsource_misc

http://packetstormsecurity.com/files/166623/Kramer-VIAware-Remote-Code-Execution.html

Scores

CVSS v3 9.8

EPSS 0.7075

EPSS Percentile 99.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

VulnCheck KEV 2022-05-26

InTheWild.io 2022-05-26

CWE

CWE-269

Status published

Products (1)

kramerav/viaware

Published Jul 12, 2021

Tracked Since Feb 18, 2026