Vulnerability Database

319,703

Total vulnerabilities in the database

CVE-2021-26724

OS Command Injection vulnerability when changing date settings or hostname using web GUI of Nozomi Networks Guardian and CMC allows authenticated administrators to perform remote code execution. This issue affects: Nozomi Networks Guardian 20.0.7.3 version 20.0.7.3 and prior versions. Nozomi Networks CMC 20.0.7.3 version 20.0.7.3 and prior versions.

Published: Feb 22, 2021
Updated: Nov 16, 2025
CVE: CVE-2021-26724
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.2
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: High
Score: 9
AV:N/AC:L/Au:S/C:C/I:C/A:C

CWEs:

CWE-78

OWASP TOP 10:

A1 - Injection

Affected Software
References

Software	From	Fixed in
nozominetworks / guardian	20.0.0.0	20.0.7.4
nozominetworks / guardian	19.0.0	19.0.12
nozominetworks / central_management_control	19.0.0	19.0.12.x
nozominetworks / central_management_control	20.0.0.0	20.0.7.4

https://security.nozominetworks.com/NN-2021:1-01

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo