Command Injection Vulnerability in HGiga OAKlouds Mobile Portal

Command Injection Vulnerability in HGiga OAKlouds Mobile Portal

CVE-2021-37913 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

The HGiga OAKlouds mobile portal does not filter special characters of the IPv6 Gateway parameter of the network interface card setting page. Remote attackers can use this vulnerability to perform command injection and execute arbitrary commands in the system without logging in.

Learn more about our Mobile App Penetration Testing.