CVE-2021-40859

EPSS 72.0%

Vexday Risk Score

60Attention

SSVC decision (CISA)

Attend

PoC available → attend closely

CVSS —EPSS 72.0%KEV nãoPoC públicaNuclei simMetasploit —Patch —

Lifecycle

06 Dec 2021Public PoC

07 Dec 2021Published on NVD

Recommendation: Plan a near-term fix — a public PoC already exists.

Backdoors were discovered in Auerswald COMpact 5500R 7.8A and 8.0B devices, that allow attackers with access to the web based management application full administrative access to the device.

Affected products

n/a · n/a

public PoCs found — 3

githubgithub.com/419066074/CVE-2021-40859★ 5 githubgithub.com/pussycat0x/CVE-2021-40859★ 4 exploitdbwww.exploit-db.com/exploits/50569unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.redteam-pentesting.de/en/advisories/-advisories-publicised-vulnerability-analyses https://www.redteam-pentesting.de/en/advisories/rt-sa-2021-007/-auerswald-compact-multiple-backdoors