CVE-2021-41315

8.8 HIGH

The Device42 Remote Collector before 17.05.01 does not sanitize user input in its SNMP Connectivity utility

Published: 2021-09-17 · Last updated: 2026-06-17

Severity and scoring

CVSS: 8.8 HIGH
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-78

Affected products

Vendor	Product
device42	remote_collector

Description

The Device42 Remote Collector before 17.05.01 does not sanitize user input in its SNMP Connectivity utility. This allows an authenticated attacker (with access to the console application) to execute arbitrary OS commands and escalate privileges.

Source: NVD

References

[NVD]https://nvd.nist.gov/vuln/detail/CVE-2021-41315
[Vendor advisory]https://blog.device42.com/2021/09/critical-fixes-in-17-05-01/
[Vendor advisory]https://docs.device42.com/auto-discovery/remote-collector-rc/
[Vendor advisory]https://blog.device42.com/2021/09/critical-fixes-in-17-05-01/
[Vendor advisory]https://docs.device42.com/auto-discovery/remote-collector-rc/

Related CVEs

Same vendor

CVE-2021-41316 — The Device42 Main Appliance before 17.05.01 does not sanitize user input in its Nmap Discovery utility (8.1 HIGH)

Same CWE

CVE-2026-22313 — The device has a webserver that exposes a REST API authenticated with a token on the management network (9.1 CRITICAL)
CVE-2026-44932 — Passing of unsanitized strings from DHCP replies into the wicked dhcp client before wicked 0.6.79 could be used by attackers operating a ... (8.8 HIGH)
CVE-2026-12398 — A command injection vulnerability was found in galaxy_ng (7.5 HIGH)
CVE-2026-5416 — Due to the improper neutralization of special elements used in a name parameter a low privileged remote attacker can exploit a command in... (8.8 HIGH)
CVE-2026-12161 — Improper input validation in the SSH Elevate Shell feature in Devolutions Remote Desktop Manager 2026.2.7 allows an authenticated user ... (8.8 HIGH)