Command-Injection Vulnerability in NASCENT RemKon Device Manager 4.0.0.0 Image Upload Function

Command-Injection Vulnerability in NASCENT RemKon Device Manager 4.0.0.0 Image Upload Function

CVE-2021-38611 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

A command-injection vulnerability in the Image Upload function of the NASCENT RemKon Device Manager 4.0.0.0 allows attackers to execute arbitrary commands, as root, via shell metacharacters in the filename parameter to assets/index.php.

Learn more about our Web Application Penetration Testing UK.