VYPR
Unrated severityNVD Advisory· Published Mar 10, 2021· Updated Aug 3, 2024

CVE-2021-28122

CVE-2021-28122

Description

A request-validation issue was discovered in Open5GS 2.1.3 through 2.2.x before 2.2.1. The WebUI component allows an unauthenticated user to use a crafted HTTP API request to create, read, update, or delete entries in the subscriber database. For example, new administrative users can be added. The issue occurs because Express is not set up to require authentication.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Open5GS/Open5GSdescription
  • Open5gs/Open5gsllm-fuzzy
    Range: >=2.1.3 <2.2.1

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.