Ericsson Network Location MPS - Restrictions Bypass RCE (Meow Variant) - exploit.company

vendor:

Network Location MPS

by:

AkkuS

7.5

CVSS

HIGH

Arbitrary Command Execution

Command Injection

CWE

Product Name: Network Location MPS

Affected Version From: Unknown

Affected Version To: Unknown

Patch Exists: NO

Related CWE: CVE-2021-

CPE: a:ericsson:network_location

Metasploit: https://www.rapid7.com/db/vulnerabilities/ubuntu-cve-2021-46174/, https://www.rapid7.com/db/vulnerabilities/ubuntu-cve-2021-32292/, https://www.rapid7.com/db/vulnerabilities/amazon-linux-ami-2-cve-2021-40211/, https://www.rapid7.com/db/vulnerabilities/amazon-linux-ami-2-cve-2021-29390/, https://www.rapid7.com/db/vulnerabilities/debian-cve-2021-32292/, https://www.rapid7.com/db/vulnerabilities/xnsoft-xnview-cve-2021-28835/, https://www.rapid7.com/db/vulnerabilities/xnsoft-xnview-cve-2021-28427/, https://www.rapid7.com/db/vulnerabilities/debian-cve-2021-25786/, https://www.rapid7.com/db/vulnerabilities/amazon-linux-ami-2-cve-2021-28025/, https://www.rapid7.com/db/vulnerabilities/ffmpeg-cve-2021-28429/, https://www.rapid7.com/db/vulnerabilities/ubuntu-cve-2021-3838/, https://www.rapid7.com/db/vulnerabilities/debian-cve-2021-4317/, https://www.rapid7.com/db/vulnerabilities/debian-cve-2021-4316/, https://www.rapid7.com/db/vulnerabilities/google-chrome-cve-2021-4320/, https://www.rapid7.com/db/vulnerabilities/debian-cve-2021-4319/, https://www.rapid7.com/db/vulnerabilities/google-chrome-cve-2021-4324/, https://www.rapid7.com/db/vulnerabilities/debian-cve-2021-4320/, https://www.rapid7.com/db/vulnerabilities/google-chrome-cve-2021-4322/, https://www.rapid7.com/db/vulnerabilities/google-chrome-cve-2021-4323/, https://www.rapid7.com/db/vulnerabilities/debian-cve-2021-4321/, https://www.rapid7.com/db/?q=CVE-2021-&type=&page=2, https://www.rapid7.com/db/?q=CVE-2021-&type=&page=3, https://www.rapid7.com/db/?q=CVE-2021-&type=&page=4, https://www.rapid7.com/db/?q=CVE-2021-&type=&page=2

Other Scripts:

Platforms Tested:

2021

Ericsson Network Location MPS – Restrictions Bypass RCE (Meow Variant)

This module exploits an arbitrary command execution vulnerability in Ericsson Network Location Mobile Positioning Systems. The 'export' feature in various parts of the application is vulnerable. It allows command injection with preventions bypass operation.

Mitigation:

No official patch available. Implement strict input validation and sanitization.

Source

Exploit-DB raw data: