CHT Security Red Team Discovered Vulnerability in a Well-Known Control Library

_Summary

_{Vulnerability List}

_{[CVE-2021-36483] – Insecure Deserialization}

_Details

_{1. Insecure Deserialization}

_Description

There is a vulnerable deserialization function in Reporting control library by default.

_Impact

When server or client side calls a vulnerable function, attackers can craft malicious REPX file to trigger insecure deserialization, resulting in arbitrary code execution. This vulnerability is classified in A8 - Insecure Deserialization of OWASP TOP 10 2017.

_{Known Affected Software}

• Versions 21.1 and prior

_Credits

TsungShu Chiu (CHT Security)