CVE-2021-42912
HIGH EXPLOITEDFiberHome ONU GPON AN5506 - Authenticated OS Command Injection via Ping Diagnostic Tool
Title source: llmExploitation Summary
CVE-2021-42912 has been observed exploited in the wild (reported by VulnCheck KEV).
Description
FiberHome ONU GPON AN5506-04-F RP2617 is affected by an OS command injection vulnerability. This vulnerability allows the attacker, once logged in, to send commands to the operating system as the root user via the ping diagnostic tool, bypassing the IP address field, and concatenating OS commands with a semicolon.
References (3)
Core 3
Core References
Broken Link x_refsource_misc
http://fiberhome.com
Not Applicable x_refsource_misc
http://onu.com
Various Sources x_refsource_misc
https://medium.com/%40windsormoreira/fiberhome-an5506-os-command-injection-cve-2021-42912-10b64fd10ce2
Scores
CVSS v3
8.8
EPSS
0.1381
EPSS Percentile
96.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
VulnCheck KEV
2024-12-20
CWE
CWE-78
Status
published
Products (8)
fiberhome/aan5506-04-g2g_firmware
rp2560
fiberhome/an5506-01-a_firmware
rp0509
fiberhome/an5506-01-b_firmware
rp2610
fiberhome/an5506-02-b_firmware
rp2520
fiberhome/an5506-02-b_firmware
rp2521
fiberhome/an5506-02-b_firmware
rp2603
fiberhome/an5506-04-b_firmware
rp2510
fiberhome/an5506-04-f_firmware
rp2617
Published
Dec 16, 2021
Tracked Since
Feb 18, 2026