CVE-2021-47795
BaseFortify
Publication date: 2026-01-16
Last updated on: 2026-01-16
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| geovision | geowebserver | to 5.3.3 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-22 | The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided resources do not explicitly discuss how CVE-2021-47795 affects compliance with common standards and regulations such as GDPR or HIPAA. However, given that the vulnerability allows unauthorized access to system files and remote code execution, it could potentially lead to data breaches or unauthorized data access, which may impact compliance with data protection regulations. GeoVision maintains comprehensive cybersecurity policies and follows recognized security standards, aiming to promptly address vulnerabilities to protect users. Still, no direct statement about regulatory compliance impact is provided. [1, 2, 3]
Can you explain this vulnerability to me?
CVE-2021-47795 is a high-severity vulnerability in GeoVision GeoWebServer version 5.3.3 and earlier. It involves multiple security issues including Local File Inclusion (LFI), Cross-Site Scripting (XSS), and Remote Code Execution (RCE) due to improper input sanitization. Attackers can exploit the WebStrings.srf endpoint by manipulating path traversal and injection parameters to access arbitrary system files and execute malicious scripts. This allows attackers to inject malicious code, steal sessions, and access sensitive files remotely without authentication. [2, 3]
How can this vulnerability impact me? :
This vulnerability can have serious impacts including unauthorized access to sensitive system files, execution of malicious scripts remotely, and theft of user sessions. Attackers can exploit these flaws to compromise the confidentiality of the system, potentially leading to data breaches, unauthorized control over the affected device, and further exploitation through chained attacks such as Host Header Poisoning and Cross-Site Request Forgery (CSRF). The vulnerability is remotely exploitable without authentication and requires low attack complexity, making it a significant risk to affected users. [2, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by sending crafted HTTP requests to the vulnerable endpoint `/Visitor/bin/WebStrings.srf` with manipulated parameters such as `file` and `obj_name` to test for Local File Inclusion (LFI). For example, using curl commands to attempt to access sensitive files like `windows/win.ini` can help detect exploitation attempts. Example command: `curl -v "http://<target-ip>/Visitor/bin/WebStrings.srf?file=../../../../windows/win.ini&obj_name=anything"`. Monitoring for unusual requests with encoded traversal sequences such as `%252e%252e%252f` can also indicate exploitation attempts. Additionally, inspecting logs for suspicious GET or POST requests to this endpoint with path traversal patterns can help detect the vulnerability. [3]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include applying any available patches or updates from GeoVision for GeoWebServer 5.3.3 or later versions. However, note that the released patch has been reported as ineffective, so additional measures such as restricting access to the vulnerable endpoint via network controls (e.g., firewall rules), disabling or isolating the GeoWebServer service from untrusted networks, and monitoring for exploitation attempts are recommended. GeoVision follows a vulnerability management process and provides updates and advisories; users should stay informed through official channels and apply security best practices to limit exposure until a fully effective fix is available. [1, 2, 3]