1. Home
  2. Mapping Frameworks
  3. Known Exploited Vulnerabilities Home
  4. Sunhillo SureLine OS Command Injection Vulnerablity

Known Exploited Vulnerabilities CVE-2021-36380 Mappings

Sunhillo SureLine before 8.7.0.1.1 allows Unauthenticated OS Command Injection via shell metacharacters in ipAddr or dnsAddr /cgi/networkDiag.cgi.

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name Notes
CVE-2021-36380 Sunhillo SureLine OS Command Injection Vulnerablity primary_impact T1059.004 Unix Shell
Comments
To trigger this vulnerability, an attacker sends a specially crafted POST request to the webserver at the URL /cgi/networkDiag.cgi . Within this request, the attacker inserts a Linux command as part of the ipAddr or dnsAddr POST parameters. When the webserver processes the POST request, the command the attacker has inserted into the parameter will be executed.
References
  1. https://blog.sonicwall.com/en-us/2023/11/sunhillo-sureline-command-injection-vulnerability/
  2. https://www.bleepingcomputer.com/news/security/mirai-ddos-malware-variant-expands-targets-with-13-router-exploits/
  3. https://www.recordedfuture.com/vulnerability-database/CVE-2021-36380
  4. https://www.nccgroup.com/us/research-blog/technical-advisory-sunhillo-sureline-unauthenticated-os-command-injection-cve-2021-36380/
CVE-2021-36380 Sunhillo SureLine OS Command Injection Vulnerablity exploitation_technique T1190 Exploit Public-Facing Application
Comments
To trigger this vulnerability, an attacker sends a specially crafted POST request to the webserver at the URL /cgi/networkDiag.cgi . Within this request, the attacker inserts a Linux command as part of the ipAddr or dnsAddr POST parameters. When the webserver processes the POST request, the command the attacker has inserted into the parameter will be executed.
References
  1. https://blog.sonicwall.com/en-us/2023/11/sunhillo-sureline-command-injection-vulnerability/
  2. https://www.bleepingcomputer.com/news/security/mirai-ddos-malware-variant-expands-targets-with-13-router-exploits/
  3. https://www.recordedfuture.com/vulnerability-database/CVE-2021-36380
  4. https://www.nccgroup.com/us/research-blog/technical-advisory-sunhillo-sureline-unauthenticated-os-command-injection-cve-2021-36380/