CNNVD-202512-5532 Information

Dec 31, 2025 cve

CNNVD ID

CNNVD-202512-5532

CVE-2021-47745

CNNVD Published: 2025-12-31

Description (Chinese)

Cypress Solutions CTM-200是Cypress Solutions公司的一款无线网关。 Cypress Solutions CTM-200 2.7.1版本存在操作系统命令注入漏洞，该漏洞源于固件升级脚本fw_url参数存在经过身份验证的命令注入，可能导致远程攻击者以root权限执行shell命令。

Description (English)

Cypress Solutions CTM-200 is a wireless gateway to Cypress Solutions. Version Cypress Solutions CTM-200 2.7.1 contains a loophole in the operating system command, which stems from the presence of an identity-verified command injection of the solid upgrade script script fw url parameter, which may result in the remote assailant executing the shell order with root authority.

Hazard Level

Medium

Vulnerability Type

操作系统命令注入

Affected Vendor

Cypress Solutions

Published

2025-12-31

Last Modified

2026-02-24

References

https://www.cypress.bc.ca https://www.exploit-db.com/exploits/50408 https://www.vulncheck.com/advisories/cypress-solutions-ctm-root-remote-os-command-injection-via-firmware-upgrade https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5687.php

Share on: