Cyber Posture

CVE-2021-47745

HighPublic PoC

Published: 31 December 2025

Published
31 December 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0030 53.4th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Description

Cypress Solutions CTM-200 2.7.1 contains an authenticated command injection vulnerability in the firmware upgrade script that allows remote attackers to execute shell commands. Attackers can exploit the 'fw_url' parameter in the ctm-config-upgrade.sh script to inject and execute arbitrary commands with…

more

root privileges.

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match
prevent

Directly requires input validation mechanisms for the 'fw_url' parameter to block OS command injection in ctm-config-upgrade.sh.

SI-2 Flaw Remediation good match
prevent

Mandates identification, reporting, and correction of the specific command injection flaw via firmware patching.

AC-6 Least Privilege partial match
prevent

Enforces least privilege on the firmware upgrade process to limit damage from injected commands even if validation fails.

Security SummaryAI

CVE-2021-47745 is an authenticated command injection vulnerability in Cypress Solutions CTM-200 version 2.7.1. The flaw exists in the firmware upgrade script, ctm-config-upgrade.sh, where the 'fw_url' parameter fails to properly sanitize input, allowing remote attackers to inject and execute arbitrary shell commands with root privileges. Classified under CWE-78 (OS Command Injection), it carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).

Attackers require low-privilege authenticated access (PR:L) to exploit this vulnerability remotely over the network (AV:N) with low attack complexity (AC:L) and no user interaction (UI:N). Successful exploitation enables execution of arbitrary commands as root, granting high-impact control over confidentiality, integrity, and availability (C:H/I:H/A:H) without changing the scope (S:U), potentially leading to full system compromise.

Advisories and related resources, including those from Cypress Solutions (https://www.cypress.bc.ca), Exploit-DB (https://www.exploit-db.com/exploits/50408), VulnCheck (https://www.vulncheck.com/advisories/cypress-solutions-ctm-root-remote-os-command-injection-via-firmware-upgrade), and Zero Science Lab (https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5687.php), provide further details on patches and mitigation strategies.

A proof-of-concept exploit is publicly available on Exploit-DB, highlighting the vulnerability's exploitability in real-world scenarios.

Details

CWE(s)
CWE-78

MITRE ATT&CK Enterprise TechniquesAI

T1210 Exploitation of Remote Services Lateral Movement
Adversaries may exploit remote services to gain unauthorized access to internal systems once inside of a network.
attack.mitre.org →
T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
attack.mitre.org →
T1059.004 Unix Shell Execution
Adversaries may abuse Unix shell commands and scripts for execution.
attack.mitre.org →
Why these techniques?

Authenticated remote OS command injection in firmware upgrade script enables exploitation of remote services (T1210) to execute arbitrary Unix shell commands (T1059.004) as root, facilitating privilege escalation (T1068).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References