CVE-2021-41552
High
Published: 15 February 2022
Published
15 February 2022
Modified
21 November 2024
KEV Added
—
Patch
—
CVSS Score v3.1
8.8
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
0.0126
79.8th percentile
Risk Priority
18
60% EPSS · 20% KEV · 20% CVSS
Summary
CVE-2021-41552 is a high-severity Command Injection (CWE-77) vulnerability in Commscope Arris Surfboard Sbg6950Ac2 Firmware. Its CVSS base score is 8.8 (High).
Operationally, ranked in the top 20.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2021-28570
Vulnerability details
CommScope SURFboard SBG6950AC2 9.1.103AA23 devices allow Command Injection.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
commscope
arris surfboard sbg6950ac2 firmware
9.1.103aa23
commscope
arris surfboard sbg7400ac2 firmware
all versions
commscope
arris surfboard sbg7580ac firmware
all versions
commscope
arris surfboard sbg7600ac2 firmware
all versions
commscope
arris surfboard sbg10 firmware
all versions
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.