CVE-2021-33527
CWE-78: IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USED IN AN OS COMMAND:
A low privileged local attacker can send a command to the service running with NT AUTHORITY\SYSTEM, that will not correctly validate the input, instructing it to execute arbitrary code execution with the privileges of the service.
Risk Information
- CVE ID
- CVE-2021-33527
- Vendor
- MB Connect Line
- Product
- mbDIALUP
- CVSS v3
- 7.8