CVE-2021-47772

CriticalPublic PoC

Published: 15 January 2026

Published

15 January 2026

Modified

23 January 2026

KEV Added

—

Patch

—

CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0014 32.8th percentile

Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Description

10-Strike Network Inventory Explorer Pro 9.31 contains a buffer overflow vulnerability in the text file import functionality that allows remote code execution. Attackers can craft a malicious text file with carefully constructed payload to trigger a reverse shell and execute…

arbitrary code on the target system.

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

Information Input Validation directly prevents buffer overflows by enforcing bounds checking and sanitization on text file imports, addressing the core cause of this CVE.

SI-2 Flaw Remediation good match

prevent

Flaw Remediation requires timely patching or removal of vulnerable software like 10-Strike Network Inventory Explorer Pro 9.31 to eliminate the buffer overflow vulnerability.

SI-16 Memory Protection good match

prevent

Memory Protection implements mechanisms like address space layout randomization and data execution prevention to comprehensively mitigate exploitation of buffer overflows leading to RCE.

Security SummaryAI

CVE-2021-47772 is a buffer overflow vulnerability (CWE-787) affecting 10-Strike Network Inventory Explorer Pro version 9.31, specifically in its text file import functionality. This flaw enables remote code execution, as attackers can craft a malicious text file with a carefully constructed payload to trigger a reverse shell and execute arbitrary code on the target system. The vulnerability carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity due to its network accessibility, low attack complexity, lack of required privileges or user interaction, and high impacts on confidentiality, integrity, and availability.

Remote attackers require no authentication or privileges to exploit this vulnerability. By delivering a specially crafted text file—potentially via network share, email, or other means accessible to the import function—they can trigger the buffer overflow during processing. Successful exploitation results in arbitrary code execution on the target system, including the establishment of a reverse shell for full remote control.

References include the vendor site at https://www.10-strike.com/ and a public exploit at https://www.exploit-db.com/exploits/50472. No specific patch or mitigation details from advisories are provided in the available information.

Details

CWE(s): CWE-787

Affected Products

10-strike

network inventory explorer

9.31

MITRE ATT&CK Enterprise TechniquesAI

T1203 Exploitation for Client Execution Execution

Adversaries may exploit software vulnerabilities in client applications to execute code.

attack.mitre.org →

Why these techniques?

Buffer overflow in client application (Network Inventory Explorer Pro) text file import enables unauthenticated remote code execution without user interaction, directly mapping to T1203: Exploitation for Client Execution.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References

https://www.10-strike.com/
Product · disclosure@vulncheck.com
https://www.exploit-db.com/exploits/50472
Exploit, Third Party Advisory · disclosure@vulncheck.com
https://www.exploit-db.com/exploits/50472
Exploit, Third Party Advisory · 134c704f-9b21-4f2e-91b3-4a467353bcc0