#VU57645 Code Injection in EntroLink products
Published: October 26, 2021
Vulnerability identifier: #VU57645
Vulnerability risk: Critical
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Red
CVE-ID: N/A
CWE-ID: CWE-94
Exploitation vector: Remote access
Exploit availability:
The vulnerability is being exploited in the wild
Vulnerable software:
PPX-AnyLink 8000
PPX-AnyLink 6904
PPX-AnyLink 6900
PPX-AnyLink 6900F
PPX-AnyLink 6006
PPX-AnyLink 6004
PPX-AnyLink 8000
PPX-AnyLink 6904
PPX-AnyLink 6900
PPX-AnyLink 6900F
PPX-AnyLink 6006
PPX-AnyLink 6004
Software vendor:
EntroLink
EntroLink
Description
The vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation. A remote administrator can execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Note, the vulnerability is being actively exploited in the wild.Remediation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.