CVE-2021-4105 BG-TEK CVE debrief

Who should care

Organizations deploying BG-TEK COSLAT Firewall appliances for network perimeter security, particularly in Turkey and regions where these appliances are commonly deployed. Security teams responsible for firewall infrastructure, network administrators managing COSLAT devices, and compliance officers tracking critical vulnerability remediation timelines.

Technical summary

The vulnerability stems from improper handling of parameters (CWE-755) in the COSLAT Firewall firmware, enabling remote attackers to include and execute arbitrary code without authentication. The attack vector is network-based with low complexity, requiring no privileges or user interaction. Affected firmware versions span from June 2018 (5.24.0.R.20180630) to July 2021 (5.24.0.R.20210727). The vendor released a critical security update on July 27, 2021. Multiple hardware platforms are affected including BX5S1D3, BX5S1D4, BX5S1D5, RM1DS1000, RM2DS2000, RM2S200, RM3S300, and RM4S500 models.

Defensive priority

critical

Recommended defensive actions

• Upgrade COSLAT Firewall firmware to version 5.24.0.R.20210727 or later to remediate the remote code inclusion vulnerability.
• Verify firmware version on all BG-TEK COSLAT Firewall appliances including models BX5S1D3, BX5S1D4, BX5S1D5, RM1DS1000, RM2DS2000, RM2S200, RM3S300, and RM4S500.
• If immediate patching is not possible, restrict administrative access to the firewall management interface to trusted internal networks only.
• Monitor firewall logs for anomalous parameter handling or unexpected code execution attempts.
• Review vendor security advisories from BG-TEK for additional hardening recommendations.

Evidence notes

Vendor advisory published 2021-07-27; CVE published 2023-02-24; Turkish national CERT advisories issued.

Official resources