{"api_version":"1","generated_at":"2026-06-05T08:53:17+00:00","cve":"CVE-2021-4105","urls":{"html":"https://cve.report/CVE-2021-4105","api":"https://cve.report/api/cve/CVE-2021-4105.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2021-4105","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2021-4105"},"summary":{"title":"Unauthenticated Remote Code Execution on COSLAT Firewall","description":"Improper Handling of Parameters vulnerability in BG-TEK COSLAT Firewall allows Remote Code Inclusion.\n\nThis issue affects COSLAT Firewall: from 5.24.0.R.20180630 before 5.24.0.R.20210727.","state":"PUBLISHED","assigner":"TR-CERT","published_at":"2023-02-24 12:15:30","updated_at":"2026-05-18 13:16:31"},"problem_types":["CWE-755","NVD-CWE-Other","CWE-755 CWE-755 Improper Handling of Exceptional Conditions"],"metrics":[{"version":"3.1","source":"nvd@nist.gov","type":"Primary","score":"9.8","severity":"CRITICAL","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"}},{"version":"3.1","source":"iletisim@usom.gov.tr","type":"Secondary","score":"9.8","severity":"CRITICAL","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"}},{"version":"3.1","source":"CNA","type":"CVSS","score":"9.8","severity":"CRITICAL","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","data":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":9.8,"baseSeverity":"CRITICAL","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","version":"3.1"}}],"references":[{"url":"http://blog.coslat.com/2021/07/onemli-kritik-guncelleme-2021-07-27.html","name":"http://blog.coslat.com/2021/07/onemli-kritik-guncelleme-2021-07-27.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"],"title":"ÖNEMLİ: Kritik Güncelleme - 27-07-2021 tarihinde yayınlanan güncelleme içeriği\n        ~ \n        Coslat Firewall Blog","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.usom.gov.tr/bildirim/tr-23-0108","name":"https://www.usom.gov.tr/bildirim/tr-23-0108","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"Ulusal Siber Olaylara Müdahale Merkezi - USOM","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-23-0108","name":"https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-23-0108","refsource":"iletisim@usom.gov.tr","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2021-4105","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-4105","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"BG-TEK","product":"COSLAT Firewall","version":"affected 5.24.0.r.20180630 5.24.0.r.20210727 custom","platforms":[]}],"timeline":[{"source":"CNA","time":"2021-07-26T21:00:00.000Z","lang":"en","value":"Vendor patched the vulnerability."}],"solutions":[{"source":"CNA","title":"","value":"Update the version to >=\n\n5.24.0.r.20210727","time":"","lang":"en"}],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2021","cve_id":"4105","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"bg-tek","cpe5":"coslat_bx5s1d3","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"4105","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"bg-tek","cpe5":"coslat_bx5s1d3_firmware","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"4105","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"bg-tek","cpe5":"coslat_bx5s1d4","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"4105","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"bg-tek","cpe5":"coslat_bx5s1d4_firmware","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"4105","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"bg-tek","cpe5":"coslat_bx5s1d5","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"4105","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"bg-tek","cpe5":"coslat_bx5s1d5_firmware","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"4105","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"bg-tek","cpe5":"coslat_rm1ds1000","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"4105","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"bg-tek","cpe5":"coslat_rm1ds1000_firmware","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"4105","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"bg-tek","cpe5":"coslat_rm2ds2000","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"4105","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"bg-tek","cpe5":"coslat_rm2ds2000_firmware","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"4105","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"bg-tek","cpe5":"coslat_rm2s200","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"4105","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"bg-tek","cpe5":"coslat_rm2s200_firmware","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"4105","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"bg-tek","cpe5":"coslat_rm3s300","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"4105","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"bg-tek","cpe5":"coslat_rm3s300_firmware","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"4105","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"bg-tek","cpe5":"coslat_rm4s500","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"4105","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"bg-tek","cpe5":"coslat_rm4s500_firmware","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2021","cve_id":"4105","cve":"CVE-2021-4105","epss":"0.007250000","percentile":"0.728010000","score_date":"2026-05-25","updated_at":"2026-05-26 00:10:59"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-03T17:16:04.180Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"tags":["vendor-advisory","x_transferred"],"url":"http://blog.coslat.com/2021/07/onemli-kritik-guncelleme-2021-07-27.html"},{"tags":["government-resource","x_transferred"],"url":"https://www.usom.gov.tr/bildirim/tr-23-0108"}],"title":"CVE Program Container"},{"metrics":[{"other":{"content":{"id":"CVE-2021-4105","options":[{"Exploitation":"none"},{"Automatable":"yes"},{"Technical Impact":"total"}],"role":"CISA Coordinator","timestamp":"2025-03-11T15:46:22.107439Z","version":"2.0.3"},"type":"ssvc"}}],"providerMetadata":{"dateUpdated":"2025-03-11T15:46:27.196Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"title":"CISA ADP Vulnrichment"}],"cna":{"affected":[{"defaultStatus":"unaffected","product":"COSLAT Firewall","vendor":"BG-TEK","versions":[{"lessThan":"5.24.0.r.20210727","status":"affected","version":"5.24.0.r.20180630","versionType":"custom"}]}],"datePublic":"2023-02-24T11:00:00.000Z","descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"Improper Handling of Parameters vulnerability in BG-TEK COSLAT Firewall allows Remote Code Inclusion.<p>This issue affects COSLAT Firewall: from 5.24.0.R.20180630 before 5.24.0.R.20210727.</p>"}],"value":"Improper Handling of Parameters vulnerability in BG-TEK COSLAT Firewall allows Remote Code Inclusion.\n\nThis issue affects COSLAT Firewall: from 5.24.0.R.20180630 before 5.24.0.R.20210727."}],"impacts":[{"capecId":"CAPEC-253","descriptions":[{"lang":"en","value":"CAPEC-253 Remote Code Inclusion"}]}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":9.8,"baseSeverity":"CRITICAL","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-755","description":"CWE-755 Improper Handling of Exceptional Conditions","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-05-18T12:08:00.909Z","orgId":"ca940d4e-fea4-4aa2-9a58-591a58b1ce21","shortName":"TR-CERT"},"references":[{"tags":["vendor-advisory"],"url":"http://blog.coslat.com/2021/07/onemli-kritik-guncelleme-2021-07-27.html"},{"tags":["government-resource","broken-link"],"url":"https://www.usom.gov.tr/bildirim/tr-23-0108"},{"tags":["government-resource"],"url":"https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-23-0108"}],"solutions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"Update the version to &gt;=\n\n5.24.0.r.20210727"}],"value":"Update the version to >=\n\n5.24.0.r.20210727"}],"source":{"advisory":"TR-23-0108","defect":["TR-23-0108"],"discovery":"UNKNOWN"},"timeline":[{"lang":"en","time":"2021-07-26T21:00:00.000Z","value":"Vendor patched the vulnerability."}],"title":"Unauthenticated Remote Code Execution on COSLAT Firewall","x_generator":{"engine":"Vulnogram 0.1.0-dev"}}},"cveMetadata":{"assignerOrgId":"ca940d4e-fea4-4aa2-9a58-591a58b1ce21","assignerShortName":"TR-CERT","cveId":"CVE-2021-4105","datePublished":"2023-02-24T11:09:46.710Z","dateReserved":"2021-12-13T12:15:35.293Z","dateUpdated":"2026-05-18T12:08:00.909Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2023-02-24 12:15:30","lastModifiedDate":"2026-05-18 13:16:31","problem_types":["CWE-755","NVD-CWE-Other","CWE-755 CWE-755 Improper Handling of Exceptional Conditions"],"metrics":{"cvssMetricV31":[{"source":"iletisim@usom.gov.tr","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:bg-tek:coslat_bx5s1d3_firmware:*:*:*:*:*:*:*:*","versionStartIncluding":"5.24.0.r.20180630","versionEndExcluding":"5.24.0.r.20210727","matchCriteriaId":"C839CDB1-D5E8-4F19-82C8-CE6629118278"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:bg-tek:coslat_bx5s1d3:-:*:*:*:*:*:*:*","matchCriteriaId":"2850DC15-4B6F-4E79-B028-9FD2CF455078"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:bg-tek:coslat_bx5s1d4_firmware:*:*:*:*:*:*:*:*","versionStartIncluding":"5.24.0.r.20180630","versionEndExcluding":"5.24.0.r.20210727","matchCriteriaId":"DDA8A01B-9A69-420A-A128-7E4FA316940D"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:bg-tek:coslat_bx5s1d4:-:*:*:*:*:*:*:*","matchCriteriaId":"2F47FA7F-7151-4372-AB77-B5D30A008757"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:bg-tek:coslat_bx5s1d5_firmware:*:*:*:*:*:*:*:*","versionStartIncluding":"5.24.0.r.20180630","versionEndExcluding":"5.24.0.r.20210727","matchCriteriaId":"C655BF89-788B-4353-93CB-2D73EE6B0E91"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:bg-tek:coslat_bx5s1d5:-:*:*:*:*:*:*:*","matchCriteriaId":"78099EBC-BFBE-4A6B-A97F-9EAF26E611A7"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:bg-tek:coslat_rm1ds1000_firmware:*:*:*:*:*:*:*:*","versionStartIncluding":"5.24.0.r.20180630","versionEndExcluding":"5.24.0.r.20210727","matchCriteriaId":"806727A2-456B-4A12-9CD2-354358309892"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:bg-tek:coslat_rm1ds1000:-:*:*:*:*:*:*:*","matchCriteriaId":"BD474143-126B-4097-8B4A-66DF562ACADB"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:bg-tek:coslat_rm2ds2000_firmware:*:*:*:*:*:*:*:*","versionStartIncluding":"5.24.0.r.20180630","versionEndExcluding":"5.24.0.r.20210727","matchCriteriaId":"2014519C-53FB-4429-B8EB-3E2F13735567"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:bg-tek:coslat_rm2ds2000:-:*:*:*:*:*:*:*","matchCriteriaId":"5566AD59-5CCA-41B1-8B30-3BD70EDEFB9F"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:bg-tek:coslat_rm2s200_firmware:*:*:*:*:*:*:*:*","versionStartIncluding":"5.24.0.r.20180630","versionEndExcluding":"5.24.0.r.20210727","matchCriteriaId":"41162D57-35D5-42CA-A8BE-833785A3C6D7"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:bg-tek:coslat_rm2s200:-:*:*:*:*:*:*:*","matchCriteriaId":"9FD17E3F-7692-45B5-B87A-7B8783413A95"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:bg-tek:coslat_rm3s300_firmware:*:*:*:*:*:*:*:*","versionStartIncluding":"5.24.0.r.20180630","versionEndExcluding":"5.24.0.r.20210727","matchCriteriaId":"FD855956-B215-4104-86C8-9E5768F48B53"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:bg-tek:coslat_rm3s300:-:*:*:*:*:*:*:*","matchCriteriaId":"6987EFB5-6CBB-423D-A660-7EBAB2BE0E24"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:bg-tek:coslat_rm4s500_firmware:*:*:*:*:*:*:*:*","versionStartIncluding":"5.24.0.r.20180630","versionEndExcluding":"5.24.0.r.20210727","matchCriteriaId":"CB92D173-E495-443B-915B-D5060A80BB47"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:bg-tek:coslat_rm4s500:-:*:*:*:*:*:*:*","matchCriteriaId":"9EA26FE5-27A7-48D5-83A2-F972F0EC9975"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2021","CveId":"4105","Ordinal":"1","Title":"Unauthenticated Remote Code Execution on COSLAT Firewall","CVE":"CVE-2021-4105","Year":"2021"},"notes":[{"CveYear":"2021","CveId":"4105","Ordinal":"1","NoteData":"Improper Handling of Parameters vulnerability in BG-TEK COSLAT Firewall allows Remote Code Inclusion.\n\nThis issue affects COSLAT Firewall: from 5.24.0.R.20180630 before 5.24.0.R.20210727.","Type":"Description","Title":"Unauthenticated Remote Code Execution on COSLAT Firewall"}]}}}