CVE-2021-44793

8.6 HIGH
Published: January 27, 2022 Modified: May 18, 2026
View on NVD

Description

Single Connect does not perform an authorization check when using the sc-reports-ui" module. A remote attacker could exploit this vulnerability to access the device configuration page and export the data to an external file. The exploitation of this vulnerability might allow a remote attacker to obtain sensitive information including the database credentials. Since the database runs with high privileges it is possible to execute commands with the attained credentials.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

CVSS v3.x Details

0.0 Low Medium High Critical 10.0
Vector String
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
https://www.usom.gov.tr/bildirim/tr-22-0093
Source: iletisim@usom.gov.tr
Third Party Advisory
https://www.usom.gov.tr/bildirim/tr-22-0093
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory

3 reference(s) from NVD

Quick Stats

CVSS v3 Score
8.6 / 10.0
EPSS (Exploit Probability)
1.4%
68th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

Affected Vendors

krontech