CVEs-PoC/2021/CVE-2021-40222.md

### [CVE-2021-40222](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40222)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)

### Description

Rittal CMC PU III Web management Version affected: V3.11.00_2. Version fixed: V3.17.10 is affected by a remote code execution vulnerablity. It is possible to introduce shell code to create a reverse shell in the PU-Hostname field of the TCP/IP Configuration dialog. Web application fails to sanitize user input on Network TCP/IP configuration page. This allows the attacker to inject commands as root on the device which will be executed once the data is received.

### POC

#### Reference
- https://github.com/asang17/CVE-2021-RCE

#### Github
- https://github.com/ARPSyndicate/cvemon
- https://github.com/Live-Hack-CVE/CVE-2021-4022
- https://github.com/asang17/CVE-2021-40222