How severe is CVE-2021-27250?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.5 out of 10.

What type of vulnerability is CVE-2021-27250?

This is classified as CWE-73, which is a common weakness in software security.

CVE-2021-27250

MEDIUM Year: 2021

CVSS v3 Score

6.5

Medium

CVSS v2 Score

3.3

Low

Weakness Type

CWE-73

View all →

Vulnerability Description

This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of D-Link DAP-2020 v1.01rc001 Wi-Fi access points. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of CGI scripts. When parsing the errorpage request parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-11856.

CVE-2020-2003

MEDIUM

CVSS:6.5(Medium)

An external control of filename vulnerability in the command processing of PAN-OS allows an authenticated administrator to delete arbitrary system files affecting the integrity of the system or causin...

CWE-732020

CVE-2022-0593

MEDIUM

CVSS:6.5(Medium)

The Login with phone number WordPress plugin before 1.3.7 includes a file delete.php with no form of authentication or authorization checks placed in the plugin directory, allowing unauthenticated use...

CWE-732022

CVE-2022-20789

MEDIUM

CVSS:6.5(Medium)

A vulnerability in the software upgrade process of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an...

CWE-732022

CVE-2022-23536

MEDIUM

CVSS:6.5(Medium)

Cortex provides multi-tenant, long term storage for Prometheus. A local file inclusion vulnerability exists in Cortex versions 1.13.0, 1.13.1 and 1.14.0, where a malicious actor could remotely read lo...

CWE-732022

CVE-2022-2638

MEDIUM

CVSS:6.5(Medium)

The Export All URLs WordPress plugin before 4.4 does not validate the path of the file to be removed on the system which is supposed to be the CSV file. This could allow high privilege users to delete...

CWE-732022

CVE-2022-28710

MEDIUM

CVSS:6.5(Medium)

An information disclosure vulnerability exists in the chunkFile functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to arbitrary file read. An a...

CWE-732022

CVE-2021-27250

Vulnerability Description

Related Vulnerabilities

CVE-2020-2003

CVE-2022-0593

CVE-2022-20789

CVE-2022-23536

CVE-2022-2638

CVE-2022-28710