CVE-2021-41315
HIGHDevice42 Remote Collector < 17.05.01 - Authenticated OS Command Injection via SNMP Connectivity Utility
Title source: llmDescription
The Device42 Remote Collector before 17.05.01 does not sanitize user input in its SNMP Connectivity utility. This allows an authenticated attacker (with access to the console application) to execute arbitrary OS commands and escalate privileges.
References (2)
Core 2
Core References
Product, Vendor Advisory x_refsource_misc
https://docs.device42.com/auto-discovery/remote-collector-rc/
Vendor Advisory x_refsource_misc
https://blog.device42.com/2021/09/critical-fixes-in-17-05-01/
Scores
CVSS v3
8.8
EPSS
0.0122
EPSS Percentile
64.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-78
Status
published
Products (1)
device42/remote_collector
< 17.05.01
Published
Sep 17, 2021
Tracked Since
Feb 18, 2026