CVE-2021-31314 – This vulnerability in ejinshan v8+ terminal sec... (How to Fix)

Q: What is the severity of CVE-2021-31314?

CVE-2021-31314 has a CVSS score of 9.8 (CRITICAL). This vulnerability in ejinshan v8+ terminal security system allows attackers to upload arbitrary files to arbitrary server locations due to insufficient file upload validation. It affects organizations using this security software, potentially compromising their endpoint protection systems. Attackers can exploit this to achieve remote code execution or system takeover.

📋 TL;DR

This vulnerability in ejinshan v8+ terminal security system allows attackers to upload arbitrary files to arbitrary server locations due to insufficient file upload validation. It affects organizations using this security software, potentially compromising their endpoint protection systems. Attackers can exploit this to achieve remote code execution or system takeover.

💻 Affected Systems

Products:

ejinshan terminal security system

Versions: v8 and later versions

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the web management interface component of the security system.

📦 What is this software?

Terminal Security System by Ejinshan

View all CVEs affecting Terminal Security System →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise leading to ransomware deployment, data exfiltration, or establishment of persistent backdoors across the network.

🟠

Likely Case

Web shell upload leading to lateral movement, credential theft, and installation of additional malware on affected systems.

🟢

If Mitigated

File upload attempts are blocked or logged, preventing successful exploitation while maintaining system functionality.

🌐 Internet-Facing: HIGH - If the vulnerable component is exposed to the internet, attackers can directly exploit it without network access.

🏢 Internal Only: HIGH - Even internally, this vulnerability allows attackers with initial access to escalate privileges and move laterally.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authentication to the web interface, but the vulnerability is straightforward to exploit once authenticated.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Specific version not publicly documented in references

Vendor Advisory: Not provided in references

Restart Required: Yes

Instructions:

1. Contact ejinshan vendor for latest security patches. 2. Apply the patch to all affected systems. 3. Restart the security service or system. 4. Verify the patch is applied correctly.

🔧 Temporary Workarounds

Restrict File Upload Types

all

Configure the web application to only accept specific, safe file types and validate file extensions server-side.

Implement Web Application Firewall Rules

all

Deploy WAF rules to block suspicious file upload patterns and malicious file types.

🧯 If You Can't Patch

Isolate affected systems from critical network segments and internet access
Implement strict network segmentation and monitor for unusual file upload activities

🔍 How to Verify

Check if Vulnerable:

Test if the web interface allows uploading files with dangerous extensions (e.g., .jsp, .php, .aspx) to arbitrary directories.

Check Version:

Check the software version through the web interface or system documentation.

Verify Fix Applied:

Attempt to upload malicious files after patching; successful blocking indicates the fix is working.

📡 Detection & Monitoring

Log Indicators:

Unusual file uploads to non-standard directories
Multiple failed upload attempts
Uploads of executable file types

Network Indicators:

HTTP POST requests with file uploads to vulnerable endpoints
Traffic to newly created web shells

SIEM Query:

source="web_logs" AND (uri CONTAINS "/upload" OR method="POST") AND (file_extension IN ("jsp", "php", "aspx", "exe"))

📊 Metadata

CVE ID: CVE-2021-31314

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-434

Published: January 20, 2024

Last Updated: June 20, 2025

🔗 References

https://github.com/huahaiYa/jinshansoft/blob/main/Kingsoft%20Security%20Arbitrary%20File%20Upload%20%2B%20File%20Contains%20Vulnerabilities.md Exploit,Third Party Advisory
https://github.com/huahaiYa/jinshansoft/blob/main/Kingsoft%20Security%20Arbitrary%20File%20Upload%20%2B%20File%20Contains%20Vulnerabilities.md Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-31314, you might also want to check these: