• Language chooser
    • USA (English)
    • France (Français)
    • Italy (Italiano)
    • Latin America (Español)
    • Brazil (Portugués)
    • Germany (Deutsch)
    • Korea (한국어)
    • Japan (Beta) (日本語)

Sunhillo SureLine Command Injection Attack

Released: Apr 09, 2024

Updated: Apr 10, 2024

High Severity


Surveillance application actively targeted

The attack on Sunhillo SureLine identified as CVE-2021-36380 allows a malicious actor to exploit an unauthenticated OS Command Injection vulnerability. Once established, the attacker can gain command over the targeted system and potentially achieving full system compromise. Learn More »

Common Vulnerabilities and Exposures



The Sunhillo products handles the surveillance data distribution systems for the Federal Aviation Administration, US Military, civil aviation authorities, and national defense organizations.

Latest Development

Recent news and incidents related to cybersecurity threats encompassing various events such as data breaches, cyber-attacks, security incidents, and vulnerabilities discovered.

The vulnerability exists in the Sureline software due to improper input validation in the "ipAddr" and "dnsAddr" parameters. That allows an attacker to manipulate the resulting command by injecting valid OS command input allowing the establishment of an interactive remote shell session.

Since October 2023, the FortiGuard has protection coverage against the vulnerability. Exploitation attempts has been intercepting attack attempts averaging at a thousand per day. Also, the Mirai malware are used as a payload for further infiltration. It is recommended to apply a firmware patch as recommended by the vendor to fully mitigate any risks.

Apr 10, 2024: A video walkthrough has been added to the Outbreak Alert.

Apr 9, 2024: FortiGuard published an Outbreak Alert for the Sunhillo SureLine Command Injection Attack.

Mar 5, 2024: CISA has added CVE-2021-36380 to the Known Exploited Vulnerabilities catalog.

Oct 30, 2023: Fortinet published an IPS signatures to protect its customers from attack attempt.

Oct 09, 2023: FortiGuard Labs team observed that the IZ1H9 Mirai-based DDoS campaign targeted Sunhillo SureLine and released a detailed analysis.

July 22, 2021: Sunhillo published the security bulletin and a patch notice. https://www.sunhillo.com/fb011/

FortiGuard Cybersecurity Framework

Mitigate security threats and vulnerabilities by leveraging the range of FortiGuard Services.

  • AV

  • AV (Pre-filter)

  • IPS

  • Web App Security

  • Outbreak Detection

  • Threat Hunting

  • Playbook

  • Assisted Response Services

  • Threat Hunting

  • NOC/SOC Training

  • End-User Training

  • Attack Surface Hardening

Threat Intelligence

Information gathered from analyzing ongoing cybersecurity events including threat actors, their tactics, techniques, and procedures (TTPs), indicators of compromise (IOCs), malware and related vulnerabilities.

Loading ...

Indicators of compromise Indicators of compromise
IOC Indicator List
Indicator Type Status ip Active ip Active ip Active ip Active ip Active ip Active
0aa9836174f231074d4d55c819f6f1570a24bc3ed4d9dd5... file Active
34628bcfc40218095c65678b52ce13cea4904ce966d0fd4... file Active
737ba9e84b5166134d491193be3305afa273733c35c0281... file Active
7b9dce89619c16ac7d2e128749ad92444fe33654792a8b9... file Active
8d07f15dd7d055b16d50cb271995b768fdd3ca6be121f6a... file Active
afc176f7b692a5ff93c7c66eee4941acf1b886ee9f4c070... file Active
b523ea86ebfd666153078593476ca9bd069d6f37fa7846a... file Active
b5daf57827ced323a39261a7e19f5551071b5095f0973f1... file Active
df9ee47c783fbe8c3301ed519033fc92b05d7fd272d35c6... file Active
1e15d7cd0b4682a86620b3046548bdf3f39c969324a8575... file Active
c8cf29e56760c50fa815a0c1c14c17641f01b9c6a4aed3e... file Active url Active url Active url Active url Active url Active url Active url Active url Active url Active url Active url Active url Active url Active url Active url Active
Indicators of compromise Indicators of compromise
IOC Threat Activity

Last 30 days


Avg 0


Sources of information in support and relation to this Outbreak and vendor.