CVE-2021-39273

8.8 HIGH

In XeroSecurity Sn1per 9.0 (free version), insecure permissions (0777) are set upon application execution, allowing an unprivileged user ...

Published: 2021-08-19 · Last updated: 2026-06-17

Severity and scoring

CVSS: 8.8 HIGH
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-276

Affected products

Vendor	Product
xerosecurity	sn1per

Description

In XeroSecurity Sn1per 9.0 (free version), insecure permissions (0777) are set upon application execution, allowing an unprivileged user to modify the application, modules, and configuration files. This leads to arbitrary code execution with root privileges.

Source: NVD

References

[NVD]https://nvd.nist.gov/vuln/detail/CVE-2021-39273
[Exploit reference]https://github.com/1N3/Sn1per/issues/358
[Other]https://github.com/1N3/Sn1per/releases
[Exploit reference]https://github.com/nikip72/CVE-2021-39273-CVE-2021-39274
[Exploit reference]https://github.com/1N3/Sn1per/issues/358
[Other]https://github.com/1N3/Sn1per/releases
[Exploit reference]https://github.com/nikip72/CVE-2021-39273-CVE-2021-39274

Related CVEs

Same vendor

CVE-2021-39274 — In XeroSecurity Sn1per 9.0 (free version), insecure directory permissions (0777) are set during installation, allowing an unprivileged us... (9.8 CRITICAL)

Same CWE

CVE-2026-50255 — Incorrect default permissions issue exists in Optical Disc Archive Software for Windows 5.5.3 and earlier (6.7 MEDIUM)
CVE-2026-11931 — Incorrect default permissions in Kiro IDE on macOS and Linux before version 0.11.133 could expose the authentication token cache file to ... (5.5 MEDIUM)
CVE-2026-49157 — Incorrect Default Permissions vulnerability in Apache ActiveMQ (8.8 HIGH)
CVE-2026-48191 — An incorrect handling of permissions in STORM powered by OTRS and in OTRS (2026.x and above) Document Search Article Meta Filters modules... (3.5 LOW)
CVE-2026-48190 — An incorrect handling of permissions in OTRS External Interface and the ConfigItem List module allows an authenticated customer to query ... (3.5 LOW)