|
|
|||
| Rule General Information |
|---|
| Release Date: | 2022-03-02 | |
| Rule Name: | Nettmp NNT 5.1 SQL Injection Vulnerability (CVE-2021-45814) | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | Nettmp NNT provides a ready-made solution for remote management of temperature, humidity, light, and relay controlled sensors. Nettmp NNT version 5.1 has an SQL injection vulnerability, which allows attackers to bypass authentication and access panels using management accounts. | |
| Impact: | An attacker can inject arbitrary sql commands to view or change the database of the target by exploiting the vulnerability successfully. | |
| Affected OS: | Windows, Linux, Others | |
| Reference: | ExploitDB:50627 https://drive.google.com/file/d/1WS_pa2PzLS1EplBu7pjx7hXlyBwCepP9/view https://packetstormsecurity.com/files/165438/Nettmp-NNT-5.1-SQL-Injection.html https://drive.google.com/file/d/1-WiC1RDbcUqNB5sYd2h2n4rcU873s3gM/view |
|
| Solutions |
|---|
| Refer to the announcement or patch by the vendor: https://wiki.nettemp.tk/doku.php |