CVE-2021-38611
CRITICALNASCENT RemKon Device Manager 4.0.0.0 - Command Injection
Title source: llmDescription
A command-injection vulnerability in the Image Upload function of the NASCENT RemKon Device Manager 4.0.0.0 allows attackers to execute arbitrary commands, as root, via shell metacharacters in the filename parameter to assets/index.php.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_misc
https://www.nascent.com/single-post/2019/01/17/nascent-technology-releases-remkon-31-to-enhance-audio-experience
Exploit, Third Party Advisory x_refsource_misc
https://www.blacklanternsecurity.com/2021-08-23-Nascent-RemKon-CVEs/
Scores
CVSS v3
9.8
EPSS
0.0193
EPSS Percentile
77.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-77
Status
published
Products (1)
nascent/remkon_device_manager
4.0.0.0
Published
Aug 24, 2021
Tracked Since
Feb 18, 2026