CVE-2021-21805: 
Advantech R-SeeNet vulnerability analysis and mitigation

An OS Command Injection vulnerability (CVE-2021-21805) was discovered in Advantech R-SeeNet version 2.4.12 (20.10.2020). The vulnerability exists in the ping.php script functionality of the software's web applications. R-SeeNet is a monitoring system used for Advantech routers that collects information from network routers and stores it in a SQL database (Talos Report).

The vulnerability is present in the ping.php script where the hostname parameter from HTTP requests is processed without proper sanitization. The script accepts the hostname parameter via HTTP request and is accessible without any authorization. The parameter is directly used in a popen function without sanitization, making it vulnerable to OS Command Injection. The vulnerability has received a CVSS v3.1 base score of 9.8 (CRITICAL) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, indicating high severity across confidentiality, integrity, and availability impacts (NVD, Talos Report).

A successful exploitation of this vulnerability could allow an attacker to execute arbitrary OS commands on the affected system. The attack can be triggered by sending a specially crafted HTTP request to the target system, potentially leading to complete system compromise (Talos Report).

Talos disclosed this vulnerability after the 90-day deadline passed without an official update from Advantech. Users are encouraged to update the affected products as soon as possible. Additionally, Snort rules 57290-57293, 57305-57309, 57338, and 57339 can detect exploitation attempts against this vulnerability (Talos Blog).