CVE-2021-31726

1. CVE-2021-31726
2.  
3. > [Description]
4. > Akuvox C315 115.116.2613 allows remote command Injection via the
5. > cfgd_server service. The attack vector is sending a payload to port 189
6. > (default root 0.0.0.0).
7. >
8. > ------------------------------------------
9. >
10. > [VulnerabilityType Other]
11. > Command Injection
12. >
13. > ------------------------------------------
14. >
15. > [Vendor of Product]
16. > Akuvox
17. >
18. > ------------------------------------------
19. >
20. > [Affected Product Code Base]
21. > C315 - version affected: 115.116.2613 (last), version fix: None
22. >
23. > ------------------------------------------
24. >
25. > [Affected Component]
26. > The cfgd_server service
27. >
28. > ------------------------------------------
29. >
30. > [Attack Type]
31. > Remote
32. >
33. > ------------------------------------------
34. >
35. > [Impact Code execution]
36. > true
37. >
38. > ------------------------------------------
39. >
40. > [Attack Vectors]
41. > Send payload to port 189 (default root 0.0.0.0) of device
42. >
43. > ------------------------------------------
44. >
45. > [Reference]
46. > https://www.akuvox.com/ProductsDisp.aspx?pid=21
47. >
48. > ------------------------------------------
49. >
50. > [Has vendor confirmed or acknowledged the vulnerability?]
51. > true
52. >
53. > ------------------------------------------
54. >
55. > [Discoverer]
56. > Hà Toàn
57.  
58. CVE-2021-31726.