CVE-2021-21578
Description
Dell EMC iDRAC9 versions prior to 4.40.40.00 contain an open redirect vulnerability. A remote unauthenticated attacker may exploit this vulnerability to redirect users to arbitrary web URLs by tricking the victim users to click on maliciously crafted links.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Open redirect in Dell EMC iDRAC9 prior to 4.40.40.00 allows remote attackers to redirect victims to arbitrary URLs via crafted links.
Vulnerability
Dell EMC iDRAC9 versions prior to 4.40.40.00 contain an open redirect vulnerability [1]. An attacker can craft a malicious URL that, when visited by a victim, redirects the victim's browser to an arbitrary external website [1].
Exploitation
A remote unauthenticated attacker can exploit this vulnerability by tricking a victim into clicking a specially crafted link [1]. No authentication or network position beyond standard web access is required; the victim must perform the click action.
Impact
Successful exploitation allows an attacker to redirect a victim to an arbitrary web URL, potentially facilitating phishing attacks or delivering malicious content [1]. The CVSS base score is 6.1, indicating medium severity with low confidentiality and integrity impact, and scope change (C: low, I: low, A: none) [1].
Mitigation
The vulnerability is fixed in iDRAC9 version 4.40.40.00 [1]. Users should update to this or later versions. No workarounds are documented in the reference.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: unspecified
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- www.dell.com/support/kbdoc/000189193mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.