CVE-2021-44132
HIGHC-DATA ONU4FERW < 2.1.13_x139 - OS Command Injection via formImportOMCIShell Function
Title source: llmDescription
A command injection vulnerability in the function formImportOMCIShell of C-DATA ONU4FERW V2.1.13_X139 allows attackers to execute arbitrary commands via a crafted file.
References (2)
Core 2
Core References
Broken Link, Third Party Advisory x_refsource_misc
https://exploitwriter.wordpress.com/2021/11/19/remote-code-execution-in-c-data-onu4ferw/
Exploit, Third Party Advisory
https://exploitwriter.io/2022/02/25/os-command-injection-in-c-data-onu4ferw-cve-2021-44132/
Scores
CVSS v3
7.8
EPSS
0.0308
EPSS Percentile
86.0%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-77
Status
published
Products (1)
c-data_onu4ferw_project/c-data_onu4ferw_firmware
< 2.1.13_x139
Published
Feb 25, 2022
Tracked Since
Feb 18, 2026