CVE-2021-39244

8.8 HIGH

Authenticated Semi-Blind Command Injection (via Parameter Injection) exists on Altus Nexto, Nexto Xpress, and Hadron Xtorm devices via th...

Published: 2021-08-23 · Last updated: 2026-06-17

Severity and scoring

CVSS: 8.8 HIGH
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-78

Affected products

Vendor	Product
altus	hadron_xtorm_hx3040_firmware, nexto_nx3003_firmware, nexto_nx3004_firmware

Description

Authenticated Semi-Blind Command Injection (via Parameter Injection) exists on Altus Nexto, Nexto Xpress, and Hadron Xtorm devices via the getlogs.cgi tcpdump feature. This affects Nexto NX3003 1.8.11.0, Nexto NX3004 1.8.11.0, Nexto NX3005 1.8.11.0, Nexto NX3010 1.8.3.0, Nexto NX3020 1.8.3.0, Nexto NX3030 1.8.3.0, Nexto NX5100 1.8.11.0, Nexto NX5101 1.8.11.0, Nexto NX5110 1.1.2.8, Nexto NX5210 1.1.2.8, Nexto Xpress XP300 1.8.11.0, Nexto Xpress XP315 1.8.11.0, Nexto Xpress XP325 1.8.11.0, Nexto Xpress XP340 1.8.11.0, and Hadron Xtorm HX3040 1.7.58.0.

Source: NVD

References

[NVD]https://nvd.nist.gov/vuln/detail/CVE-2021-39244
[Exploit reference]https://seclists.org/fulldisclosure/2021/Aug/21
[Vendor advisory]https://www.altus.com.br/
[Exploit reference]https://seclists.org/fulldisclosure/2021/Aug/21
[Vendor advisory]https://www.altus.com.br/

Related CVEs

Same vendor

CVE-2021-39245 — Hardcoded .htaccess Credentials for getlogs.cgi exist on Altus Nexto, Nexto Xpress, and Hadron Xtorm devices (7.5 HIGH)
CVE-2021-39243 — Cross-Site Request Forgery (CSRF) exists on Altus Nexto, Nexto Xpress, and Hadron Xtorm devices via any CGI endpoint (6.5 MEDIUM)

Same CWE

CVE-2026-22313 — The device has a webserver that exposes a REST API authenticated with a token on the management network (9.1 CRITICAL)
CVE-2026-44932 — Passing of unsanitized strings from DHCP replies into the wicked dhcp client before wicked 0.6.79 could be used by attackers operating a ... (8.8 HIGH)
CVE-2026-12398 — A command injection vulnerability was found in galaxy_ng (7.5 HIGH)
CVE-2026-5416 — Due to the improper neutralization of special elements used in a name parameter a low privileged remote attacker can exploit a command in... (8.8 HIGH)
CVE-2026-12161 — Improper input validation in the SSH Elevate Shell feature in Devolutions Remote Desktop Manager 2026.2.7 allows an authenticated user ... (8.8 HIGH)