CVE-2021-47772
Published: 15 January 2026
Summary
CVE-2021-47772 is a critical-severity Out-of-bounds Write (CWE-787) vulnerability in 10-Strike Network Inventory Explorer. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked at the 36.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Information Input Validation directly prevents buffer overflows by enforcing bounds checking and sanitization on text file imports, addressing the core cause of this CVE.
Flaw Remediation requires timely patching or removal of vulnerable software like 10-Strike Network Inventory Explorer Pro 9.31 to eliminate the buffer overflow vulnerability.
Memory Protection implements mechanisms like address space layout randomization and data execution prevention to comprehensively mitigate exploitation of buffer overflows leading to RCE.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Buffer overflow in client application (Network Inventory Explorer Pro) text file import enables unauthenticated remote code execution without user interaction, directly mapping to T1203: Exploitation for Client Execution.
NVD Description
10-Strike Network Inventory Explorer Pro 9.31 contains a buffer overflow vulnerability in the text file import functionality that allows remote code execution. Attackers can craft a malicious text file with carefully constructed payload to trigger a reverse shell and execute…
more
arbitrary code on the target system.
Deeper analysisAI
CVE-2021-47772 is a buffer overflow vulnerability (CWE-787) affecting 10-Strike Network Inventory Explorer Pro version 9.31, specifically in its text file import functionality. This flaw enables remote code execution, as attackers can craft a malicious text file with a carefully constructed payload to trigger a reverse shell and execute arbitrary code on the target system. The vulnerability carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity due to its network accessibility, low attack complexity, lack of required privileges or user interaction, and high impacts on confidentiality, integrity, and availability.
Remote attackers require no authentication or privileges to exploit this vulnerability. By delivering a specially crafted text file—potentially via network share, email, or other means accessible to the import function—they can trigger the buffer overflow during processing. Successful exploitation results in arbitrary code execution on the target system, including the establishment of a reverse shell for full remote control.
References include the vendor site at https://www.10-strike.com/ and a public exploit at https://www.exploit-db.com/exploits/50472. No specific patch or mitigation details from advisories are provided in the available information.
Details
- CWE(s)