CVE-2021-45420

CRITICAL EXPLOITED NUCLEI

Emerson Dixell Xweb-500 Firmware - Information Disclosure

Title source: rule

Description

Emerson Dixell XWEB-500 products are affected by arbitrary file write vulnerability in /cgi-bin/logo_extra_upload.cgi, /cgi-bin/cal_save.cgi, and /cgi-bin/lo_utils.cgi. An attacker will be able to write any file on the target system without any kind of authentication mechanism, and this can lead to denial of service and potentially remote code execution. Note: the product has not been supported since 2018 and should be removed or replaced

Nuclei Templates (1)

Emerson Dixell XWEB-500 - Arbitrary File Write

CRITICALby hackerarpan

References (3)

[Product] http://dixell.com

[Vendor Advisory] http://emerson.com

[Exploit, Third Party Advisory] https://www.swascan.com/emerson

Scores

CVSS v3 9.8

EPSS 0.8110

EPSS Percentile 99.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitation Intel

VulnCheck KEV 2024-01-21

Classification

CWE

CWE-306 CWE-200 CWE-668

Status published

Affected Products (1)

emerson/dixell_xweb-500_firmware

Timeline

Published Feb 14, 2022

Tracked Since Feb 18, 2026