CVE-2021-39273

HIGH

XeroSecurity Sn1per 9.0 - Unauthenticated Arbitrary Code Execution via Insecure Default Permissions

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2021-39273. PoCs published by nikip72.

AI-analyzed exploit summary This repository provides a detailed technical analysis of CVE-2021-39273 and CVE-2021-39274, focusing on insecure permissions (0777) in XeroSecurity Sn1per 9.0, which allow arbitrary code execution with root privileges. It includes root cause analysis, installation steps, and exploitation details.

Description

In XeroSecurity Sn1per 9.0 (free version), insecure permissions (0777) are set upon application execution, allowing an unprivileged user to modify the application, modules, and configuration files. This leads to arbitrary code execution with root privileges.

Exploits (1)

nomisec WRITEUP 1 stars
by nikip72 · poc
https://github.com/nikip72/CVE-2021-39273-CVE-2021-39274

This repository provides a detailed technical analysis of CVE-2021-39273 and CVE-2021-39274, focusing on insecure permissions (0777) in XeroSecurity Sn1per 9.0, which allow arbitrary code execution with root privileges. It includes root cause analysis, installation steps, and exploitation details.

Classification
Writeup 100%
Attack Type
Lpe
Complexity
Trivial
Reliability
Reliable
Target: XeroSecurity Sn1per 9.0 (free version)
No auth needed
Prerequisites: Access to a system with XeroSecurity Sn1per 9.0 installed · Unprivileged user access
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (3)

Core 3
Core References
Release Notes, Third Party Advisory x_refsource_misc
https://github.com/1N3/Sn1per/releases
Exploit, Third Party Advisory x_refsource_misc
https://github.com/nikip72/CVE-2021-39273-CVE-2021-39274
Exploit, Third Party Advisory x_refsource_misc
https://github.com/1N3/Sn1per/issues/358

Scores

CVSS v3 8.8
EPSS 0.0267
EPSS Percentile 83.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-276
Status published
Products (1)
xerosecurity/sn1per 9.0
Published Aug 19, 2021
Tracked Since Feb 18, 2026