What is CVE-2021-4477?

CVE-2021-4477 is a critical-severity vulnerability in Belden Hirschmann Hilcos Openbat, classified under Improper Access Control. CVSS score: 9.1/10. Published 2026-04-03.

How severe is CVE-2021-4477?

Critical severity. CVSS v3 base score is 9.1 out of 10.

Vulnerability in Belden Hirschmann Hilcos Openbat

CVE-2021-4477

Hirschmann HiLCOS OpenBAT and BAT450 products contain a firewall bypass vulnerability in IPv6 IPsec deployments that allows traffic from VPN connections to bypass configured firewall rules. Attackers can exploit this vulnerability by estab…

EPSS: 0.000 (0.1th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.1 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N.

Affected products

Belden Hirschmann Hilcos Openbat — versions 3.80-REL, 8.90-REL, 9.00-REL

Weakness classification (CWE)

CWE-284 — Improper Access Control

References

assets.belden.com/m/5fd1a50fa50cb252/original/Belden-Security-Bulletin-BSECV-1v… (vendor-advisory)
www.vulncheck.com/advisories/hirschmann-hilcos-openbat-bat450-ipv6-ipsec-firewa…

Frequently asked questions

What is CVE-2021-4477?: CVE-2021-4477 is a critical-severity vulnerability in Belden Hirschmann Hilcos Openbat, classified under Improper Access Control. CVSS score: 9.1/10. Published 2026-04-03.
How severe is CVE-2021-4477?: Critical severity. CVSS v3 base score is 9.1 out of 10.