CVE-2021-46354

HIGH

Thinfinity VirtualUI <3.0 - Info Disclosure

Title source: llm
STIX 2.1

Description

Thinfinity VirtualUI 2.1.28.0, 2.1.32.1 and 2.5.26.2, fixed in version 3.0 is affected by an information disclosure vulnerability in the parameter "Addr" in cmd site. The ability to send requests to other systems can allow the vulnerable server to filtrate the real IP of the web server or increase the attack surface.

Exploits (1)

exploitdb WRITEUP
by Daniel Morales · textwebappsmultiple
https://www.exploit-db.com/exploits/50771

References (3)

Scores

CVSS v3 7.5
EPSS 0.3466
EPSS Percentile 97.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-668
Status published
Products (3)
cybelesoft/thinfinity_virtualui 2.1.28.0
cybelesoft/thinfinity_virtualui 2.1.32.1
cybelesoft/thinfinity_virtualui 2.5.26.2
Published Feb 09, 2022
Tracked Since Feb 18, 2026