Rewterz Threat Advisory – CVE-2021-29461 – Discord-Recon Local File Include Vulnerability

Rewterz Threat Advisory – Multiple Node.js Vulnerabilities

April 20, 2021

Rewterz Threat Advisory – CVE-2021-22893 – Pulse Connect Secure RCE Vulnerability

April 21, 2021

Rewterz Threat Advisory – CVE-2021-29461 – Discord-Recon Local File Include Vulnerability

Severity

High

Analysis Summary

CVE-2021-29461

A remote authenticated attacker could send a specially-crafted URL request using the tools arguments to specify a malicious file from the local system, which could allow the attacker to read and write files on the system. In order to exploit this vulnerability to execute arbitrary code using a local file, the attacker would first be required to upload a malicious file or inject arbitrary commands into an existing file. Discord-Recon could allow a remote attacker to include arbitrary files.

Impact

Gain Unauthorized Access

Affected Vendors

Discord

Affected Products

Discord-Recon 0.0.2

Remediation

Upgrade to the latest version of Discord-Recon (0.0.3 or later), available from the discord-recon GIT Repository.

discord-recon GIT Repository

Rewterz Threat Advisory – Multiple Node.js Vulnerabilities

Rewterz Threat Advisory – CVE-2021-22893 – Pulse Connect Secure RCE Vulnerability

Rewterz Threat Advisory – CVE-2021-29461 – Discord-Recon Local File Include Vulnerability

Severity

Analysis Summary

CVE-2021-29461

Impact

Affected Vendors

Affected Products

Remediation

Security Operations Centers across the region

Saudi Arabia

UAE

Oman

Pakistan