Unrated severityNVD Advisory· Published Jun 8, 2021· Updated Sep 16, 2024

Unauthenticated remote command execution with SYSTEM privileges in Vembu products

CVE-2021-26472

Description

In VembuBDR before 4.2.0.1 and VembuOffsiteDR before 4.2.0.1 installed on Windows, the http API located at /consumerweb/secure/download.php. Using this command argument an unauthenticated attacker can execute arbitrary OS commands with SYSTEM privileges.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

Vembu/VembuBDRdescription
Vembu/VembuBDRllm-create
Range: <4.2.0.1
Vembu/VembuOffsiteDRllm-create
Range: <4.2.0.1

Patches

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

csirt.divd.nl/2021/05/11/Vembu-zero-days/mitrex_refsource_CONFIRM
csirt.divd.nl/cases/DIVD-2020-00011/mitrex_refsource_CONFIRM
csirt.divd.nl/cves/CVE-2021-26472/mitrex_refsource_CONFIRM
www.wbsec.nl/vembumitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.002
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000