Rewterz Threat Alert – Malicious Covid-19 URLs
April 29, 2021Rewterz Threat Advisory – CVE-2021-29472 – PHP vulnerability allows supply-chain attacks
April 30, 2021Rewterz Threat Alert – Malicious Covid-19 URLs
April 29, 2021Rewterz Threat Advisory – CVE-2021-29472 – PHP vulnerability allows supply-chain attacks
April 30, 2021Severity
High
Analysis Summary
CVE-2021-3156
The affected product calculates or uses an incorrect maximum or minimum value that is one more or one less than the correct value. This error can result in a heap-based buffer overflow, which allows privilege escalation to root via “sudoedit -s” and a command-line argument that ends with a single backslash character.
Impact
Privilege escalation
Affected Vendors
Exacq Technologies
Inc.
Affected Products
- Linux based Z-Series and A-Series
- Q-Series
- G-Series
- Legacy LC-Series
- Legacy ELP-Series
- exacqVision Network Video Recorders (NVR)
- Linux based C-Series Workstations
- S-Series Storage Servers
Remediation
Refer to vendor advisory for the complete list of affected products and their respective patches.