Login Sign Up

CVE-2021-41408

9.8 CRITICAL
SQL Injection

📋 TL;DR

This vulnerability allows attackers to execute arbitrary SQL commands through the VoIPmonitor WEB GUI's api.php file via the 'user' parameter. It affects VoIPmonitor WEB GUI installations up to version 24.61. Attackers can potentially access, modify, or delete database content.

💻 Affected Systems

Products:
  • VoIPmonitor WEB GUI
Versions: Up to and including version 24.61
Operating Systems: All platforms running VoIPmonitor
Default Config Vulnerable: ⚠️ Yes
Notes: Affects the web interface component of VoIPmonitor monitoring systems.

📦 What is this software?

Voipmonitor by Voipmonitor

View all CVEs affecting Voipmonitor →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of the VoIPmonitor system, including unauthorized access to call data, credentials, and potential lateral movement to other systems.

🟠

Likely Case

Data exfiltration, privilege escalation, and unauthorized access to sensitive VoIP call records and system information.

🟢

If Mitigated

Limited impact with proper input validation, WAF protection, and network segmentation in place.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

SQL injection vulnerabilities are commonly exploited and public proof-of-concept details are available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Versions after 24.61

Vendor Advisory: https://www.voipmonitor.org/changelog-gui?major=5

Restart Required: Yes

Instructions:

1. Backup current configuration and data. 2. Download and install VoIPmonitor version newer than 24.61 from official vendor site. 3. Restart VoIPmonitor services. 4. Verify the update was successful.

🔧 Temporary Workarounds

Web Application Firewall (WAF)

all

Deploy a WAF with SQL injection protection rules to filter malicious requests.

Network Access Control

linux

Restrict access to the VoIPmonitor web interface to trusted IP addresses only.

iptables -A INPUT -p tcp --dport 443 -s TRUSTED_IP -j ACCEPT
iptables -A INPUT -p tcp --dport 443 -j DROP

🧯 If You Can't Patch

  • Isolate the VoIPmonitor system on a separate network segment with strict firewall rules.
  • Implement strong authentication and monitor for unusual database queries or API calls.

🔍 How to Verify

Check if Vulnerable:

Check the VoIPmonitor version via the web interface or configuration files. If version is 24.61 or earlier, the system is vulnerable.

Check Version:

grep 'version' /usr/local/voipmonitor/voipmonitor.conf or check web interface footer

Verify Fix Applied:

After updating, verify the version is newer than 24.61 and test the api.php endpoint with SQL injection payloads to confirm they are blocked.

📡 Detection & Monitoring

Log Indicators:

  • Unusual SQL queries in database logs
  • Multiple failed login attempts via api.php
  • Requests to api.php with SQL syntax in parameters

Network Indicators:

  • HTTP requests to /api.php containing SQL keywords (SELECT, UNION, etc.) in parameters
  • Unusual outbound database connections

SIEM Query:

source="voipmonitor" AND (url="*api.php*" AND (param="*SELECT*" OR param="*UNION*" OR param="*OR 1=1*"))

📊 Metadata

CVE ID: CVE-2021-41408
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-89
Published: June 17, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-41408, you might also want to check these:

CVE-2024-8522 10.0

This vulnerability allows unauthenticated attackers to perform SQL injection attacks on WordPress si...

Same vulnerability type (CWE-89)
CVE-2024-13152 10.0

This SQL injection vulnerability in BSS Software's Mobuy Online Machinery Monitoring Panel allows at...

Same vulnerability type (CWE-89)
CVE-2021-42311 10.0

CVE-2021-42311 is a critical SQL injection vulnerability in Microsoft Defender for IoT that allows r...

Same vulnerability type (CWE-89)