CVE-2021-42372
HIGHXoruX LPAR2RRD and STOR2RRD < 7.30 - Authenticated OS Command Injection via HW Events SNMP Community
Title source: llmDescription
A shell command injection in the HW Events SNMP community in XoruX LPAR2RRD and STOR2RRD before 7.30 allows authenticated remote attackers to execute arbitrary shell commands as the user running the service.
References (3)
Core 3
Core References
Release Notes, Vendor Advisory x_refsource_confirm
https://stor2rrd.com/note730.php
Release Notes, Vendor Advisory x_refsource_confirm
https://lpar2rrd.com/note730.php
Exploit, Third Party Advisory x_refsource_misc
https://github.com/orangecertcc/security-research/security/advisories/GHSA-xfw3-pgp3-5j2p
Scores
CVSS v3
8.8
EPSS
0.0606
EPSS Percentile
92.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-78
Status
published
Products (2)
xorux/lpar2rrd
< 7.30
xorux/stor2rrd
< 7.30
Published
Nov 08, 2021
Tracked Since
Feb 18, 2026