What is CVE-2021-26608?

CVE-2021-26608 is a high-severity vulnerability in Handysoft Hshell.dll, classified under CWE-353. CVSS score: 8.8/10. Published 2021-09-09.

How severe is CVE-2021-26608?

High severity. CVSS v3 base score is 8.8 out of 10.

Vulnerability in Handysoft Hshell.dll

CVE-2021-26608

An arbitrary file download and execution vulnerability was found in the HShell.dll of handysoft Co., Ltd groupware ActiveX module. This issue is due to missing support for integrity check of download URL or downloaded file hash.

EPSS: 0.002 (46.3th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.8 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H.

Affected products

Handysoft Hshell.dll — versions 1.7.4.5, 2.0.3.5, 4.0.1.6

Weakness classification (CWE)

CWE-353

References

www.boho.or.kr/krcert/secNoticeView.do (x_refsource_MISC)

Frequently asked questions

What is CVE-2021-26608?: CVE-2021-26608 is a high-severity vulnerability in Handysoft Hshell.dll, classified under CWE-353. CVSS score: 8.8/10. Published 2021-09-09.
How severe is CVE-2021-26608?: High severity. CVSS v3 base score is 8.8 out of 10.