CVE-2021-37913

CRITICAL

HGiga OAKlouds Portal 2.0-2.0-2 - Unauthenticated OS Command Injection via IPv6 Gateway Parameter

Title source: llm
STIX 2.1

Description

The HGiga OAKlouds mobile portal does not filter special characters of the IPv6 Gateway parameter of the network interface card setting page. Remote attackers can use this vulnerability to perform command injection and execute arbitrary commands in the system without logging in.

References (1)

Core 1
Core References
Third Party Advisory x_refsource_misc
https://www.twcert.org.tw/tw/cp-132-5092-f88e2-1.html

Scores

CVSS v3 9.8
EPSS 0.0283
EPSS Percentile 84.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-78
Status published
Products (1)
hgiga/oaklouds_portal 2.0 - 2.0-2
Published Sep 15, 2021
Tracked Since Feb 18, 2026