CVE-2021-42324
HIGHDCN S4600-10P-SI Firmware < R0241.0470 - Authenticated OS Command Injection via Capture Command Parameters
Title source: llmDescription
An issue was discovered on DCN (Digital China Networks) S4600-10P-SI devices before R0241.0470. Due to improper parameter validation in the console interface, it is possible for a low-privileged authenticated attacker to escape the sandbox environment and execute system commands as root via shell metacharacters in the capture command parameters. Command output will be shown on the Serial interface of the device. Exploitation requires both credentials and physical access.
References (2)
Core 2
Core References
Exploit, Third Party Advisory x_refsource_misc
https://exatel.pl/cve-2021-42324-metacharacter-injection-w-przelacznikach-dcn-s4600-10p-si/
Broken Link x_refsource_misc
https://www.dcneurope.eu/products/switches/s4600-10p-si
Scores
CVSS v3
7.4
EPSS
0.0061
EPSS Percentile
44.9%
Attack Vector
PHYSICAL
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Details
CWE
CWE-78
Status
published
Products (1)
dcnglobal/s4600-10p-si_firmware
r0241.0370 - r0241.0470
Published
Apr 05, 2022
Tracked Since
Feb 18, 2026