Critical severity9.8NVD Advisory· Published Aug 31, 2021· Updated Jun 17, 2026
CVE-2021-36356
CVE-2021-36356
Description
KRAMER VIAware through August 2021 allows remote attackers to execute arbitrary code because ajaxPages/writeBrowseFilePathAjax.php accepts arbitrary executable pathnames (even though browseSystemFiles.php is no longer reachable via the GUI). NOTE: this issue exists because of an incomplete fix for CVE-2019-17124.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- KRAMER/VIAwaredescription
Patches
Vulnerability mechanics
References
2- packetstormsecurity.com/files/166623/Kramer-VIAware-Remote-Code-Execution.htmlnvdExploitThird Party AdvisoryVDB Entry
- write-up.github.io/kramerav/nvdThird Party Advisory
News mentions
0No linked articles in our index yet.