CVE-2021-35402 | THREATINT

Description

PROLiNK PRC2402M 20190909 before 2021-06-13 allows live_api.cgi?page=satellite_list OS command injection via shell metacharacters in the ip parameter (for satellite_status).

PUBLISHED Reserved 2021-06-23 | Published 2026-02-20 | Updated 2026-02-23 | Assigner mitre

CRITICAL: 10.0CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Problem types

CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Product status

Default status

unknown

20190909 (custom) before 2021-06-13

affected

References

starlabs.sg/advisories/21/21-35402/

cve.org (CVE-2021-35402)

nvd.nist.gov (CVE-2021-35402)

Download JSON