What is CVE-2021-46704?

CVE-2021-46704 is a vulnerability in N/a. Published 2022-03-06.

Is CVE-2021-46704 known to be exploited?

4 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2021-46704

In GenieACS 1.2.x before 1.2.8, the UI interface API is vulnerable to unauthenticated OS command injection via the ping host argument (lib/ui/api.ts and lib/ping.ts). The vulnerability arises from insufficient input validation combined wit…

EPSS: 0.869 (99.5th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

MithatGuner/CVE-2021-46704-POC
Erenlancaster/CVE-2021-46704
ARPSyndicate/cve-scores
hheeyywweellccoommee/CVE-2021-46704-POC-bsnln

References

github.com/genieacs/genieacs/releases/tag/v1.2.8 (x_refsource_MISC)
github.com/genieacs/genieacs/commit/7f295beeecc1c1f14308a93c82413bb334045af6 (x_refsource_MISC)

Frequently asked questions

What is CVE-2021-46704?: CVE-2021-46704 is a vulnerability in N/a. Published 2022-03-06.
Is CVE-2021-46704 known to be exploited?: 4 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.