Security for everyone

CVE-2021-46704 Scanner

Detects 'OS Command Injection' vulnerability in GenieACS versions up to 1.2.8, allowing execution of arbitrary commands on the system.

SCAN NOW

Short Info


Level

Critical

Type

Single Scan

Can be used by

Asset Owner

Estimated Time

10 sec

Scan only one

Domain, Ipv4

Parent Category

CVE-2021-46704 Scanner Detail

GenieACS is an open-source Auto Configuration Server (ACS) designed for remote management of devices such as routers, switches, and home gateways in compliance with the Broadband Forum's TR-069 standard. It enables service providers to automatically configure and manage these devices, ensuring efficient service delivery and network management. The software is widely used for its flexibility, scalability, and capability to manage large deployments of networked devices, making it an essential tool for internet service providers and large enterprises.

The OS command injection vulnerability allows attackers to send specially crafted requests to the /api/ping/ endpoint. By manipulating the ping host argument, attackers can inject shell commands that the server will execute. This flaw exposes the system to significant risks, as it could be exploited to gain unauthorized access, compromise the integrity and confidentiality of the system, and execute malicious actions without the knowledge or consent of the administrator.

Successful exploitation of this vulnerability could lead to complete system compromise, unauthorized access to sensitive data, and potential lateral movement within the network. It poses a critical security risk, especially in environments where GenieACS is used to manage a large number of devices, as it could enable attackers to disrupt services, steal sensitive information, or deploy malware across the network.

Utilizing the security scanning services provided by securityforeveryone, organizations can detect vulnerabilities such as the critical OS Command Injection flaw in GenieACS. Our platform offers comprehensive security assessments, providing detailed findings and remediation guidelines to address vulnerabilities effectively. By becoming a member, you benefit from ongoing support and tools designed to enhance your security posture, ensuring your network and managed devices remain protected against emerging threats.

 

References

cyber security services for everyone one. Free security tools, continuous vulnerability scanning and many more.
Try it yourself,
control security posture