CVE-2021-41316
8.1 HIGHThe Device42 Main Appliance before 17.05.01 does not sanitize user input in its Nmap Discovery utility
Published: 2021-09-17 · Last updated: 2026-06-17
Severity and scoring
- CVSS
- 8.1 HIGH
- Vector
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
- CWE
- CWE-88
Affected products
| Vendor | Product |
|---|---|
| device42 | device42 |
Description
The Device42 Main Appliance before 17.05.01 does not sanitize user input in its Nmap Discovery utility. An attacker (with permissions to add or edit jobs run by this utility) can inject an extra argument to overwrite arbitrary files as the root user on the Remote Collector.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2021-41316
- [Vendor advisory]https://blog.device42.com/2021/09/critical-fixes-in-17-05-01/
- [Vendor advisory]https://docs.device42.com/auto-discovery/nmap-autodiscovery/
- [Vendor advisory]https://docs.device42.com/auto-discovery/remote-collector-rc/
- [Vendor advisory]https://blog.device42.com/2021/09/critical-fixes-in-17-05-01/
- [Vendor advisory]https://docs.device42.com/auto-discovery/nmap-autodiscovery/
- [Vendor advisory]https://docs.device42.com/auto-discovery/remote-collector-rc/
Related CVEs
Same vendor
- CVE-2021-41315 — The Device42 Remote Collector before 17.05.01 does not sanitize user input in its SNMP Connectivity utility (8.8 HIGH)
Same CWE
- CVE-2026-47365 — Argument injection vulnerability in WordPress Toolkit before 6.11.0 as used in cPanel & WHM, allows remote authenticated users to bypass ... (9.9 CRITICAL)
- CVE-2026-47250 — mcp-server-kubernetes is a Model Context Protocol server for Kubernetes cluster management (6.1 MEDIUM)
- CVE-2026-46529 — Atril Document Viewer is the default document reader of the MATE desktop environment for Linux
- CVE-2026-53694 — Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability in Nomachine allows Argument Injection.T...
- CVE-2026-52750 — Ghidra before 12.1 contains a command injection vulnerability in URL annotation handling on Windows where cmd.exe metacharacters are not ... (7.8 HIGH)