CVE-2021-46704 Scanner
Detects 'OS Command Injection' vulnerability in GenieACS versions up to 1.2.8, allowing execution of arbitrary commands on the system.
Short Info
Level
Critical
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 sec
Scan only one
Domain, Ipv4
Toolbox
-
GenieACS is an open-source Auto Configuration Server (ACS) designed for remote management of devices such as routers, switches, and home gateways in compliance with the Broadband Forum's TR-069 standard. It enables service providers to automatically configure and manage these devices, ensuring efficient service delivery and network management. The software is widely used for its flexibility, scalability, and capability to manage large deployments of networked devices, making it an essential tool for internet service providers and large enterprises.
The OS command injection vulnerability allows attackers to send specially crafted requests to the /api/ping/ endpoint. By manipulating the ping host argument, attackers can inject shell commands that the server will execute. This flaw exposes the system to significant risks, as it could be exploited to gain unauthorized access, compromise the integrity and confidentiality of the system, and execute malicious actions without the knowledge or consent of the administrator.
Successful exploitation of this vulnerability could lead to complete system compromise, unauthorized access to sensitive data, and potential lateral movement within the network. It poses a critical security risk, especially in environments where GenieACS is used to manage a large number of devices, as it could enable attackers to disrupt services, steal sensitive information, or deploy malware across the network.
Utilizing the security scanning services provided by securityforeveryone, organizations can detect vulnerabilities such as the critical OS Command Injection flaw in GenieACS. Our platform offers comprehensive security assessments, providing detailed findings and remediation guidelines to address vulnerabilities effectively. By becoming a member, you benefit from ongoing support and tools designed to enhance your security posture, ensuring your network and managed devices remain protected against emerging threats.
References
control security posture