← back
CVE-2021-40856

CVE-2021-40856

EPSS 51.1%
Vexday Risk Score
30Low
SSVC decision (CISA)
Attend
PoC available → attend closely
CVSS EPSS 51.1%KEV nãoPoC Nuclei simMetasploit Patch
Lifecycle
13 Dec 2021Published on NVD
Recommendation: Plan a near-term fix — a public PoC already exists.
Auerswald COMfortel 1400 IP and 2600 IP before 2.8G devices allow Authentication Bypass via the /about/../ substring.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://packetstormsecurity.com/files/165162/Auerswald-COMfortel-1400-2600-3600-IP-2.8F-Authentication-Bypass.htmlhttps://www.redteam-pentesting.de/en/advisories/-advisories-publicised-vulnerability-analyseshttps://www.redteam-pentesting.de/en/advisories/rt-sa-2021-004/-auerswald-comfortel-1400-2600-3600-ip-authentication-bypass