CVE-2021-36380 — Sunhillo SureLine OS Command Injection Vulnerablity
2024-03-05 • CISA Known Exploited Vulnerability
[event] Sunhillo SureLine contains an OS command injection vulnerability that allows an attacker to cause a denial-of-service or utilize the device for persistence on the network via shell metacharacters in ipAddr or dnsAddr in /cgi/networkDiag.cgi.
> AFFECTED SOFTWARE
| Field | Value |
|---|---|
| Vendor | Sunhillo |
| Product | SureLine |
| CWE | CWE-78 |
| CVE ID | CVE-2021-36380 |
| Date Added | 2024-03-05 |
| Due Date | 2024-03-26 |
| Ransomware Campaign | Unknown |
> MITIGATION
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Due Date: 2024-03-26