Arbitrary Command Execution in EC Keypasswd Parameter via Specially-Crafted HTTP Request
CVE-2021-21875 · CRITICAL Severity
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
A specially-crafted HTTP request can lead to arbitrary command execution in EC keypasswd parameter. An attacker can make an authenticated HTTP request to trigger this vulnerability.
Learn more about our Web Application Penetration Testing UK.