CVE-2021-34182 – CVE-2021-34182 is a critical vulnerability in t... (How to Fix)

Q: What is the severity of CVE-2021-34182?

CVE-2021-34182 has a CVSS score of 9.8 (CRITICAL). CVE-2021-34182 is a critical vulnerability in ttyd v1.6.3 that allows attackers to execute arbitrary code due to insecure default configuration permissions. This affects systems running ttyd with default settings, potentially giving attackers full control over affected systems. The vulnerability is particularly dangerous because it requires minimal attacker interaction.

📋 TL;DR

CVE-2021-34182 is a critical vulnerability in ttyd v1.6.3 that allows attackers to execute arbitrary code due to insecure default configuration permissions. This affects systems running ttyd with default settings, potentially giving attackers full control over affected systems. The vulnerability is particularly dangerous because it requires minimal attacker interaction.

💻 Affected Systems

Products:

ttyd

Versions: Version 1.6.3 specifically

Operating Systems: Linux, Unix-like systems

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems using default configuration; custom configurations with proper permissions may not be vulnerable.

📦 What is this software?

Ttyd by Ttyd Project

View all CVEs affecting Ttyd →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with root-level access, allowing attackers to install malware, exfiltrate data, pivot to other systems, or establish persistent backdoors.

🟠

Likely Case

Remote code execution leading to unauthorized system access, data theft, and potential lateral movement within the network.

🟢

If Mitigated

Limited impact with proper network segmentation and access controls, potentially preventing exploitation or containing damage.

🌐 Internet-Facing: HIGH - Default configuration allows remote exploitation without authentication, making internet-facing instances immediate targets.

🏢 Internal Only: HIGH - Even internal instances are vulnerable to insider threats or compromised internal systems.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation is straightforward due to default insecure permissions; public discussions and proof-of-concepts exist in GitHub issues.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Version 1.6.4 and later

Vendor Advisory: https://github.com/tsl0922/ttyd/issues/692

Restart Required: Yes

Instructions:

1. Stop ttyd service. 2. Update to ttyd v1.6.4 or later using package manager or source compilation. 3. Restart ttyd service. 4. Verify new version is running.

🔧 Temporary Workarounds

Change default permissions

linux

Modify ttyd configuration to use secure permissions instead of default insecure settings

ttyd --credential username:password --port 8080 --client-option disableResizeOverlay=true

Network isolation

linux

Restrict network access to ttyd service using firewall rules

iptables -A INPUT -p tcp --dport 8080 -s trusted_ip -j ACCEPT
iptables -A INPUT -p tcp --dport 8080 -j DROP

🧯 If You Can't Patch

Immediately disable ttyd service on all affected systems
Implement strict network access controls to limit exposure to trusted IPs only

🔍 How to Verify

Check if Vulnerable:

Check ttyd version: 'ttyd --version' should show 1.6.3. Also check if running with default insecure configuration.

Check Version:

ttyd --version

Verify Fix Applied:

Verify version is 1.6.4 or later: 'ttyd --version'. Check configuration uses secure settings like authentication.

📡 Detection & Monitoring

Log Indicators:

Unauthorized connection attempts to ttyd port
Unusual process execution from ttyd sessions
Failed authentication attempts if authentication enabled

Network Indicators:

Unexpected connections to ttyd default port (typically 8080)
Suspicious network traffic patterns from ttyd instances

SIEM Query:

source="ttyd.log" AND (event="unauthorized_access" OR event="execution_failure")

📊 Metadata

CVE ID: CVE-2021-34182

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-276

Published: February 17, 2023

Last Updated: March 18, 2025

🔗 References

https://github.com/tsl0922/ttyd/issues/692 Exploit,Issue Tracking
https://github.com/tsl0922/ttyd/issues/692 Exploit,Issue Tracking

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-34182, you might also want to check these: