CVE-2021-40222

HIGH

Rittal CMC PU III 3.11.00_2-3.17.10 - Remote Code Execution via PU-Hostname Field

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2021-40222. PoCs published by asang17.

AI-analyzed exploit summary The repository provides a detailed technical summary of CVE-2021-40222, a command injection vulnerability in Rittal CMC PU III Web management. It describes how unsanitized user input on the Network TCP/IP configuration page allows remote code execution as root, requiring admin access or a hijacked session.

Description

Rittal CMC PU III Web management Version affected: V3.11.00_2. Version fixed: V3.17.10 is affected by a remote code execution vulnerablity. It is possible to introduce shell code to create a reverse shell in the PU-Hostname field of the TCP/IP Configuration dialog. Web application fails to sanitize user input on Network TCP/IP configuration page. This allows the attacker to inject commands as root on the device which will be executed once the data is received.

Exploits (1)

nomisec WRITEUP
by asang17 · poc
https://github.com/asang17/CVE-2021-40222

The repository provides a detailed technical summary of CVE-2021-40222, a command injection vulnerability in Rittal CMC PU III Web management. It describes how unsanitized user input on the Network TCP/IP configuration page allows remote code execution as root, requiring admin access or a hijacked session.

Classification
Writeup 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Rittal CMC PU III Web management V3.11.00_2
Auth required
Prerequisites: Admin access to the device management interface · Valid or hijacked session
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (1)

Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://github.com/asang17/CVE-2021-RCE

Scores

CVSS v3 7.2
EPSS 0.0805
EPSS Percentile 92.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-78
Status published
Products (1)
rittal/cmc_pu_iii_7030.000_firmware 3.11.00_2 - 3.17.10
Published Sep 09, 2021
Tracked Since Feb 18, 2026