본문내용 바로가기 메인메뉴 바로가기 푸터 바로가기

Security Advisory

CVE-2021-26607 | NEXACRO17 arbitrary command execution vulnerability2021.10.19
□ Overview
 o tobesoft Co.,Ltd released security update to address arbitrary command execution vulnerability in NEXACRO17. (UI/UX OSMU solution)
Vulnerability Type Impact Severity CVSS Score CVE ID
Improper input validation arbitrary command
execution
High 8.1 CVE-2021-26607

□ Description
 o An Improper input validation in execDefaultBrowser method of NEXACRO17 allows a remote attacker to execute arbitrary command
on affected systems.(CVE-2021-26607)

□ Affected Product
Product Version Platform
NEXACRO17 17.1.3.301 Windows

□ Solution
 o Update software over NEXACRO17 17.1.3.600 version or higher.

□ Reference
 [1] http://tobesoft.com/product/Nexacro.do?version=

□ Etc
 o Thanks to Jeongun Baek for reporting this vulnerability.


□ 작성 : 침해사고분석단 취약점분석팀