CVE-2021-35402
CRITICAL EXPLOITEDPROLiNK PRC2402M <2021-06-13 - Command Injection
Title source: llmExploitation Summary
CVE-2021-35402 has been observed exploited in the wild (reported by VulnCheck KEV).
Description
PROLiNK PRC2402M 20190909 before 2021-06-13 allows live_api.cgi?page=satellite_list OS command injection via shell metacharacters in the ip parameter (for satellite_status).
References (1)
Core 1
Core References
Various Sources
https://starlabs.sg/advisories/21/21-35402/
Scores
CVSS v3
10.0
EPSS
0.0095
EPSS Percentile
56.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
yes
Technical Impact
total
Details
VulnCheck KEV
2025-03-25
CWE
CWE-78
Status
published
Products (1)
PROLiNK/PRC2402M
20190909 - 2021-06-13
Published
Feb 20, 2026
Tracked Since
Feb 21, 2026