How severe is CVE-2021-27275?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.3 out of 10.

What type of vulnerability is CVE-2021-27275?

This is classified as CWE-22, which is a common weakness in software security.

CVE-2021-27275

HIGH Year: 2021

CVSS v3 Score

8.3

High

CVSS v2 Score

6.5

Medium

Weakness Type

CWE-22

View all →

Vulnerability Description

This vulnerability allows remote attackers to disclose sensitive information and delete arbitrary files on affected installations of NETGEAR ProSAFE Network Management System 1.6.0.26. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the ConfigFileController class. When parsing the realName parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose sensitive information or to create a denial-of-service condition on the system. Was ZDI-CAN-12125.

CVE-2021-29492

HIGH

CVSS:8.3(High)

Envoy is a cloud-native edge/middle/service proxy. Envoy does not decode escaped slash sequences `%2F` and `%5C` in HTTP URL paths in versions 1.18.2 and before. A remote attacker may craft a path wit...

CWE-222021

CVE-2023-42130

HIGH

CVSS:8.3(High)

A10 Thunder ADC FileMgmtExport Directory Traversal Arbitrary File Read and Deletion Vulnerability. This vulnerability allows remote attackers to read and delete arbitrary files on affected installatio...

CWE-222023

CVE-2023-46496

HIGH

CVSS:8.3(High)

Directory Traversal vulnerability in EverShop NPM versions before v.1.0.0-rc.8 allows a remote attacker to obtain sensitive information via a crafted request to the DELETE function in api/files endpoi...

CWE-222023

CVE-2024-21677

HIGH

CVSS:8.3(High)

This High severity Path Traversal vulnerability was introduced in version 6.13.0 of Confluence Data Center. This Path Traversal vulnerability, with a CVSS Score of 8.3, allows an unauthenticated attac...

CWE-222024

CVE-2024-23468

HIGH

CVSS:8.3(High)

The SolarWinds Access Rights Manager was susceptible to a Directory Traversal and Information Disclosure Vulnerability. This vulnerability allows an unauthenticated user to perform arbitrary file dele...

CWE-222024

CVE-2024-27971

HIGH

CVSS:8.3(High)

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Premmerce Premmerce Permalink Manager for WooCommerce allows PHP Local File Inclusion.This issue affects...

CWE-222024

CVE-2021-27275

Vulnerability Description

Related Vulnerabilities

CVE-2021-29492

CVE-2023-42130

CVE-2023-46496

CVE-2024-21677

CVE-2024-23468

CVE-2024-27971