Unknown
CVE-2021-27418
CVE ID
AttackerKB requires a CVE ID in order to pull vulnerability data and references from the CVE list and the National Vulnerability Database. If available, please supply below:
Add References:
CVE-2021-27418
MITRE ATT&CK
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Topic Tags
Description
GE UR firmware versions prior to version 8.1x supports web interface with read-only access. The device fails to properly validate user input, making it possible to perform cross-site scripting attacks, which may be used to send a malicious script. Also, UR Firmware web server does not perform HTML encoding of user-supplied strings.
Add Assessment
No one has assessed this topic. Be the first to add your voice to the community.
CVSS V3 Severity and Metrics
General Information
Vendors
Products
- multilin b30 firmware,
- multilin b90 firmware,
- multilin c30 firmware,
- multilin c60 firmware,
- multilin c70 firmware,
- multilin c95 firmware,
- multilin d30 firmware,
- multilin d60 firmware,
- multilin f35 firmware,
- multilin f60 firmware,
- multilin g30 firmware,
- multilin g60 firmware,
- multilin l30 firmware,
- multilin l60 firmware,
- multilin l90 firmware,
- multilin m60 firmware,
- multilin n60 firmware,
- multilin t35 firmware,
- multilin t60 firmware
References
Additional Info
Technical Analysis
Report as Emergent Threat Response
Report as Zero-day Exploit
Report as Exploited in the Wild
CVE ID
AttackerKB requires a CVE ID in order to pull vulnerability data and references from the CVE list and the National Vulnerability Database. If available, please supply below:
