CVE-2021-42324

Published: Apr 5, 2022

Modified: Aug 4, 2024

PUBLISHED

Description

An issue was discovered on DCN (Digital China Networks) S4600-10P-SI devices before R0241.0470. Due to improper parameter validation in the console interface, it is possible for a low-privileged authenticated attacker to escape the sandbox environment and execute system commands as root via shell metacharacters in the capture command parameters. Command output will be shown on the Serial interface of the device. Exploitation requires both credentials and physical access.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://www.dcneurope.eu/products/switches/s4600-10p-si

x_refsource_MISC

https://exatel.pl/cve-2021-42324-metacharacter-injection-w-przelacznikach-dcn-s4600-10p-si/

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2021-42324

Description

Affected Products

References