module
pfSense Diag Routes Web Shell Upload
| Disclosed |
|---|
| Feb 23, 2022 |
Disclosed
Feb 23, 2022
Description
This module exploits an arbitrary file creation vulnerability in the pfSense
HTTP interface (CVE-2021-41282). The vulnerability affects versions
and can be exploited by an authenticated user if they have the
"WebCfg - Diagnostics: Routing tables" privilege.
This module uses the vulnerability to create a web shell and execute payloads
with root privileges.
HTTP interface (CVE-2021-41282). The vulnerability affects versions
and can be exploited by an authenticated user if they have the
"WebCfg - Diagnostics: Routing tables" privilege.
This module uses the vulnerability to create a web shell and execute payloads
with root privileges.
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.