CVE-2021-47747
Published: 31 December 2025
Summary
CVE-2021-47747 is a high-severity OS Command Injection (CWE-78) vulnerability in Zeroscience (inferred from references). Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Unix Shell (T1059.004); ranked in the top 37.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Requires validation and sanitization of 'COMMANDx' and 'LIVECOMMANDx' POST parameters to directly prevent OS command injection in the vulnerable admin scripts.
Mandates timely remediation of the known flaw in meterN 1.2.3 through patching, input sanitization, or script removal to eliminate the RCE vulnerability.
Enforces least privilege on web application processes handling admin scripts, limiting the impact of successful command injection to below administrative privileges.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Authenticated OS command injection enables arbitrary Unix shell command execution (T1059.004) with admin privileges via remote web service exploitation (T1210), facilitating privilege escalation (T1068).
NVD Description
meterN 1.2.3 contains an authenticated remote code execution vulnerability in admin_meter2.php and admin_indicator2.php scripts. Attackers can exploit the 'COMMANDx' and 'LIVECOMMANDx' POST parameters to execute arbitrary system commands with administrative privileges.
Deeper analysisAI
CVE-2021-47747 is an authenticated remote code execution vulnerability affecting meterN version 1.2.3, a software component likely related to monitoring or metering functions based on its archived project site. The flaw resides in the admin_meter2.php and admin_indicator2.php scripts, where the 'COMMANDx' and 'LIVECOMMANDx' POST parameters fail to properly sanitize input, enabling OS command injection as described by CWE-78. This issue carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its potential for complete system compromise.
An attacker with low-privilege authenticated access (PR:L) can exploit this vulnerability over the network (AV:N) with low complexity and no user interaction required. By sending crafted POST requests to the vulnerable scripts with malicious commands in the specified parameters, the attacker achieves remote code execution with administrative privileges on the host system, potentially leading to full control including data exfiltration, persistence, or lateral movement.
Advisories from Vulncheck, ZeroScience (ZSL-2021-5690), and Exploit-DB detail the vulnerability, with the latter providing a public proof-of-concept exploit (EDB-ID 50596). The original meterN project page is archived, and no specific patches or mitigations are outlined in the core CVE details, though practitioners should review these references for remediation guidance such as input validation or script removal.
The availability of a public exploit on Exploit-DB highlights the risk of real-world exploitation against unpatched meterN 1.2.3 deployments.
Details
- CWE(s)