CVE-2021-47745
Unknown Unknown - Not Provided
Authenticated Command Injection in Cypress CTM-200 Firmware Upgrade

Publication date: 2025-12-31

Last updated on: 2025-12-31

Assigner: VulnCheck

Description
Cypress Solutions CTM-200 2.7.1 contains an authenticated command injection vulnerability in the firmware upgrade script that allows remote attackers to execute shell commands. Attackers can exploit the 'fw_url' parameter in the ctm-config-upgrade.sh script to inject and execute arbitrary commands with root privileges.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-31
Last Modified
2025-12-31
Generated
2026-06-16
AI Q&A
2025-12-31
EPSS Evaluated
2026-06-15
NVD
CVE-2021-47745
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
cypress_solutions ctm-200 2.0.5.3356-184
cypress_solutions ctm-200 2.7.1
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-78 The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2021-47745 is an authenticated command injection vulnerability in the Cypress Solutions CTM-200 firmware upgrade process. Specifically, the vulnerability exists in the 'ctm-config-upgrade.sh' script, where the 'fw_url' parameter is not properly sanitized. An attacker with valid credentials can inject arbitrary shell commands via this parameter, which are then executed with root privileges on the device. This allows the attacker to run any command on the system remotely, leading to a full compromise of the device. [1, 2, 3]

Impact Analysis

This vulnerability allows an authenticated remote attacker to execute arbitrary commands as the root user on the affected device. This can lead to full system compromise, unauthorized access to sensitive data, disruption of device functionality, and potential use of the device as a foothold for further attacks within a network. Since the device is often used in industrial or SCADA communication environments, exploitation could impact critical infrastructure or mobile fleet operations. [1, 2, 3]

Detection Guidance

This vulnerability can be detected by attempting to exploit the authenticated command injection in the firmware upgrade script. Specifically, sending a multipart/form-data POST request to the endpoint `/cgi-bin/webif/ctm-config-upgrade.sh` with the `fw_url` parameter set to a command such as `id` can confirm the vulnerability if the response shows output like `gid=0(root)/uid=0(root)`. This indicates that arbitrary commands are executed with root privileges. Detection involves verifying if the device responds to such crafted requests, which require valid authentication. Example command (using curl) to test the vulnerability: `curl -k -u <username>:<password> -X POST -F 'install_fw_url=1' -F 'fw_url=id' https://<target-ip>/cgi-bin/webif/ctm-config-upgrade.sh` and check if the response contains root user information. [1]

Mitigation Strategies

Immediate mitigation steps include restricting access to the vulnerable firmware upgrade interface to trusted administrators only, ensuring strong authentication credentials are used, and monitoring for any unauthorized attempts to access the `/cgi-bin/webif/ctm-config-upgrade.sh` script. Since the vulnerability requires authentication, limiting user privileges and network exposure reduces risk. Additionally, applying any available firmware updates or patches from Cypress Solutions that address this issue is critical. If no patch is available, consider disabling the firmware upgrade functionality remotely or isolating the device from untrusted networks until a fix is applied. [1, 2, 3]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2021-47745. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart