CVE-2021-47772 – CVE-2021-47772 is a critical buffer overflow vu... (How to Fix)

Q: What is the severity of CVE-2021-47772?

CVE-2021-47772 has a CVSS score of 9.8 (CRITICAL). CVE-2021-47772 is a critical buffer overflow vulnerability in 10-Strike Network Inventory Explorer Pro that allows remote code execution via malicious text files. Attackers can exploit this to gain complete control of affected systems. Organizations using this software for network inventory management are at risk.

📋 TL;DR

CVE-2021-47772 is a critical buffer overflow vulnerability in 10-Strike Network Inventory Explorer Pro that allows remote code execution via malicious text files. Attackers can exploit this to gain complete control of affected systems. Organizations using this software for network inventory management are at risk.

💻 Affected Systems

Products:

10-Strike Network Inventory Explorer Pro

Versions: 9.31 and likely earlier versions

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability exists in text file import functionality which is a core feature of the software.

📦 What is this software?

Network Inventory Explorer by 10 Strike

View all CVEs affecting Network Inventory Explorer →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with attacker establishing persistent access, stealing sensitive network inventory data, and moving laterally across the network.

🟠

Likely Case

Initial foothold leading to data exfiltration, installation of malware, or use as pivot point for further attacks.

🟢

If Mitigated

Limited impact if proper network segmentation, least privilege, and file upload restrictions are implemented.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: CONFIRMED

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploit code is publicly available on Exploit-DB showing reverse shell capability.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 9.32 or later

Vendor Advisory: https://www.10-strike.com/

Restart Required: Yes

Instructions:

1. Download latest version from vendor website. 2. Uninstall current version. 3. Install updated version. 4. Restart system.

🔧 Temporary Workarounds

Disable text file import

windows

Remove or restrict access to text file import functionality

Application whitelisting

windows

Block execution of 10-Strike Network Inventory Explorer Pro

🧯 If You Can't Patch

Network segmentation to isolate systems running vulnerable software
Implement strict file upload controls and monitor for suspicious text file imports

🔍 How to Verify

Check if Vulnerable:

Check software version in Help > About menu. If version is 9.31 or earlier, system is vulnerable.

Check Version:

Not applicable - check via GUI Help > About menu

Verify Fix Applied:

Verify version is 9.32 or later in Help > About menu.

📡 Detection & Monitoring

Log Indicators:

Unusual process creation from 10-Strike executable
Suspicious text file import activity
Reverse shell connections

Network Indicators:

Outbound connections from 10-Strike process to unknown IPs
Unexpected command and control traffic

SIEM Query:

Process creation where parent_process contains '10-Strike' AND process_name contains 'cmd.exe' OR 'powershell.exe'

📊 Metadata

CVE ID: CVE-2021-47772

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-787

EPSS Score: 0.25% exploit probability (48.4th percentile)

Published: January 15, 2026

Last Updated: January 23, 2026

🔗 References

https://www.10-strike.com/ Product
https://www.exploit-db.com/exploits/50472 Exploit,Third Party Advisory
https://www.exploit-db.com/exploits/50472 Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-47772, you might also want to check these: