CVE-2021-42635

HIGH

PrinterLogic Web Stack <= 19.1.1.13 SP9 - Unauthenticated Remote Code Execution via Hardcoded APP_KEY

Title source: llm
STIX 2.1

Description

PrinterLogic Web Stack versions 19.1.1.13 SP9 and below use a hardcoded APP_KEY value, leading to pre-auth remote code execution.

References (7)

Core 7
Core References
Vendor Advisory x_refsource_misc
http://printerlogic.com
Exploit, Press/Media Coverage, Third Party Advisory x_refsource_misc
https://www.yahooinc.com/paranoids/paranoids-vulnerability-research-printerlogic-issues-security-alert/
Vendor Advisory x_refsource_confirm
https://www.printerlogic.com/security-bulletin/

Scores

CVSS v3 8.1
EPSS 0.0534
EPSS Percentile 91.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-798
Status published
Products (2)
printerlogic/web_stack 19.1.1.13 (4 CPE variants)
printerlogic/web_stack < 19.1.1.13
Published Jan 31, 2022
Tracked Since Feb 18, 2026