CVE-2021-26472 | HackTesting

In VembuBDR before 4.2.0.1 and VembuOffsiteDR before 4.2.0.1 installed on Windows, the http API located at /consumerweb/secure/download.php. Using this command argument an unauthenticated attacker can execute arbitrary OS commands with SYSTEM privileges.

Credits

Discovered by Wietse Boonstra

Addional research by Frank Breedijk

References

https://csirt.divd.nl/cases/DIVD-2020-00011/

https://csirt.divd.nl/2021/05/11/Vembu-zero-days/

https://www.wbsec.nl/vembu

https://csirt.divd.nl/cves/CVE-2021-26472/