What is CVE-2021-41282?

CVE-2021-41282 is a vulnerability in N/a. Published 2022-03-01.

Is CVE-2021-41282 known to be exploited?

5 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2021-41282

diag_routes.php in pfSense 2.5.2 allows sed data injection. Authenticated users are intended to be able to view data about the routes set in the firewall. The data is retrieved by executing the netstat utility, and then its output is parse…

EPSS: 0.913 (99.7th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

rapid7/metasploit-framework
20142995/nuclei-templates
ARPSyndicate/cvemon
ARPSyndicate/kenzer-templates
bantahacka/pfsense_

References

www.shielder.it/advisories/ (x_refsource_MISC)
www.shielder.it/advisories/pfsense-remote-command-execution/ (x_refsource_MISC)
docs.netgate.com/pfsense/en/latest/releases/22-01_2-6-0.html (x_refsource_MISC)
packetstormsecurity.com/files/166208/pfSense-2.5.2-Shell-Upload.html (x_refsource_MISC)

Frequently asked questions

What is CVE-2021-41282?: CVE-2021-41282 is a vulnerability in N/a. Published 2022-03-01.
Is CVE-2021-41282 known to be exploited?: 5 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.