Skip to main content

CVE-2021-36356

Description

KRAMER VIAware through August 2021 allows remote attackers to execute arbitrary code because ajaxPages/writeBrowseFilePathAjax.php accepts arbitrary executable pathnames (even though browseSystemFiles.php is no longer reachable via the GUI). NOTE: this issue exists because of an incomplete fix for CVE-2019-17124.

NVD
Severity: CRITICAL
CVE ID: CVE-2021-36356
CVSS Score: 9.8
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Refrence: NVDMITRE

Proof Of Concept

Nuclei Templates for CVE-2021-36356

Content on GitHub

Chocapikk | watchers:1

CVE-2021-35064
Python script to exploit CVE-2021-35064 and CVE-2021-36356

Refrence: GitHub

Last updated on by Vulnerability_bot_v1.3.9