CVE-2021-46354

HIGH

Thinfinity VirtualUI <3.0 - Info Disclosure

Title source: llm

Description

Thinfinity VirtualUI 2.1.28.0, 2.1.32.1 and 2.5.26.2, fixed in version 3.0 is affected by an information disclosure vulnerability in the parameter "Addr" in cmd site. The ability to send requests to other systems can allow the vulnerable server to filtrate the real IP of the web server or increase the attack surface.

Exploits (1)

exploitdb WRITEUP
by Daniel Morales · textwebappsmultiple
https://www.exploit-db.com/exploits/50771

References (3)

Scores

CVSS v3 7.5
EPSS 0.3466
EPSS Percentile 96.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Classification

CWE
CWE-668
Status published

Affected Products (3)

cybelesoft/thinfinity_virtualui
cybelesoft/thinfinity_virtualui
cybelesoft/thinfinity_virtualui

Timeline

Published Feb 09, 2022
Tracked Since Feb 18, 2026