Cyber Resilience

CVE-2021-47772

HighPublic PoC

Published: 15 January 2026

Published
15 January 2026
Modified
23 January 2026
KEV Added
Patch
CVSS Score v4 8.4 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0065 46.3th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2021-47772 is a high-severity Out-of-bounds Write (CWE-787) vulnerability in 10-Strike Network Inventory Explorer. Its CVSS base score is 8.4 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked at the 46.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Deeper analysis

CVE-2021-47772 is a buffer overflow vulnerability (CWE-787) affecting 10-Strike Network Inventory Explorer Pro version 9.31, specifically in its text file import functionality. This flaw enables remote code execution, as attackers can craft a malicious text file with a carefully constructed payload to trigger a reverse shell and execute arbitrary code on the target system. The vulnerability carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity due to its network accessibility, low attack complexity, lack of required privileges or user interaction, and high impacts on confidentiality, integrity, and availability.

Remote attackers require no authentication or privileges to exploit this vulnerability. By delivering a specially crafted text file—potentially via network share, email, or other means accessible to the import function—they can trigger the buffer overflow during processing. Successful exploitation results in arbitrary code execution on the target system, including the establishment of a reverse shell for full remote control.

References include the vendor site at https://www.10-strike.com/ and a public exploit at https://www.exploit-db.com/exploits/50472. No specific patch or mitigation details from advisories are provided in the available information.

EU & UK References

Vulnerability details

10-Strike Network Inventory Explorer Pro 9.31 contains a buffer overflow vulnerability in the text file import functionality that allows remote code execution. Attackers can craft a malicious text file with carefully constructed payload to trigger a reverse shell and execute…

more

arbitrary code on the target system.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1203 Exploitation for Client Execution Execution
Adversaries may exploit software vulnerabilities in client applications to execute code.
Why these techniques?

Buffer overflow in client application (Network Inventory Explorer Pro) text file import enables unauthenticated remote code execution without user interaction, directly mapping to T1203: Exploitation for Client Execution.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2021-47767Same product: 10-Strike Network Inventory Explorer
CVE-2019-25705Shared CWE-787
CVE-2019-25633Shared CWE-787
CVE-2026-0538Shared CWE-787
CVE-2016-20046Shared CWE-787
CVE-2019-25628Shared CWE-787
CVE-2019-25695Shared CWE-787
CVE-2018-25218Shared CWE-787
CVE-2026-42484Shared CWE-787
CVE-2019-25612Shared CWE-787

Affected Assets

10-strike
network inventory explorer
9.31

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Information Input Validation directly prevents buffer overflows by enforcing bounds checking and sanitization on text file imports, addressing the core cause of this CVE.

prevent

Flaw Remediation requires timely patching or removal of vulnerable software like 10-Strike Network Inventory Explorer Pro 9.31 to eliminate the buffer overflow vulnerability.

prevent

Memory Protection implements mechanisms like address space layout randomization and data execution prevention to comprehensively mitigate exploitation of buffer overflows leading to RCE.

References