CVE-2021-39273

HIGH

Xerosecurity Sn1per - Incorrect Default Permissions

Title source: rule

Description

In XeroSecurity Sn1per 9.0 (free version), insecure permissions (0777) are set upon application execution, allowing an unprivileged user to modify the application, modules, and configuration files. This leads to arbitrary code execution with root privileges.

Exploits (1)

nomisec WRITEUP 1 stars

by nikip72 · poc

https://github.com/nikip72/CVE-2021-39273-CVE-2021-39274

View Code ZIP pw:eip

References (3)

Core 3

Core References

Release Notes, Third Party Advisory x_refsource_misc

https://github.com/1N3/Sn1per/releases

Exploit, Third Party Advisory x_refsource_misc

https://github.com/nikip72/CVE-2021-39273-CVE-2021-39274

Exploit, Third Party Advisory x_refsource_misc

https://github.com/1N3/Sn1per/issues/358

Scores

CVSS v3 8.8

EPSS 0.0166

EPSS Percentile 82.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-276

Status published

Products (1)

xerosecurity/sn1per 9.0

Published Aug 19, 2021

Tracked Since Feb 18, 2026