Vulnerability-Lookup - Search a vulnerability

cve-2021-20657

Vulnerability from cvelistv5

Published

2021-02-24 03:51

Modified

2024-08-03 17:45

Severity ?

Summary

Improper access control vulnerability in SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an authenticated attacker to obtain and/or alter the setting information without the access privilege via unspecified vectors.

References

▼	URL	Tags
	https://www.contec.com/jp/api/downloadlogger?download=https://www.contec.com/jp/-/media/contec/jp/support/security-info/contec_security_solarview_210216.pdf	x_refsource_MISC
	https://www.contec.com/jp/download/contract/contract2/?itemid=b28c8b7c-9f40-40b2-843c-b5b04c035b0e&downloaditemid=fa248fba-8901-4d9e-8212-b139f2defbdf	x_refsource_MISC
	https://jvn.jp/en/jp/JVN37417423/index.html	x_refsource_MISC

Impacted products

▼	Vendor	Product
	Contec Co., Ltd.	SolarView Compact

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T17:45:45.172Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.contec.com/jp/api/downloadlogger?download=https://www.contec.com/jp/-/media/contec/jp/support/security-info/contec_security_solarview_210216.pdf"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.contec.com/jp/download/contract/contract2/?itemid=b28c8b7c-9f40-40b2-843c-b5b04c035b0e\u0026downloaditemid=fa248fba-8901-4d9e-8212-b139f2defbdf"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://jvn.jp/en/jp/JVN37417423/index.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "SolarView Compact",
          "vendor": "Contec Co., Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "SV-CPT-MC310 prior to Ver.6.5"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Improper access control vulnerability in SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an authenticated attacker to obtain and/or alter the setting information without the access privilege via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Improper Access Control",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-02-24T03:51:44",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.contec.com/jp/api/downloadlogger?download=https://www.contec.com/jp/-/media/contec/jp/support/security-info/contec_security_solarview_210216.pdf"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.contec.com/jp/download/contract/contract2/?itemid=b28c8b7c-9f40-40b2-843c-b5b04c035b0e\u0026downloaditemid=fa248fba-8901-4d9e-8212-b139f2defbdf"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://jvn.jp/en/jp/JVN37417423/index.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2021-20657",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "SolarView Compact",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "SV-CPT-MC310 prior to Ver.6.5"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Contec Co., Ltd."
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Improper access control vulnerability in SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an authenticated attacker to obtain and/or alter the setting information without the access privilege via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Improper Access Control"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.contec.com/jp/api/downloadlogger?download=https://www.contec.com/jp/-/media/contec/jp/support/security-info/contec_security_solarview_210216.pdf",
              "refsource": "MISC",
              "url": "https://www.contec.com/jp/api/downloadlogger?download=https://www.contec.com/jp/-/media/contec/jp/support/security-info/contec_security_solarview_210216.pdf"
            },
            {
              "name": "https://www.contec.com/jp/download/contract/contract2/?itemid=b28c8b7c-9f40-40b2-843c-b5b04c035b0e\u0026downloaditemid=fa248fba-8901-4d9e-8212-b139f2defbdf",
              "refsource": "MISC",
              "url": "https://www.contec.com/jp/download/contract/contract2/?itemid=b28c8b7c-9f40-40b2-843c-b5b04c035b0e\u0026downloaditemid=fa248fba-8901-4d9e-8212-b139f2defbdf"
            },
            {
              "name": "https://jvn.jp/en/jp/JVN37417423/index.html",
              "refsource": "MISC",
              "url": "https://jvn.jp/en/jp/JVN37417423/index.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2021-20657",
    "datePublished": "2021-02-24T03:51:44",
    "dateReserved": "2020-12-17T00:00:00",
    "dateUpdated": "2024-08-03T17:45:45.172Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-20662

Vulnerability from cvelistv5

Published

2021-02-24 03:51

Modified

2024-08-03 17:45

Severity ?

Summary

Missing authentication for critical function in SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an attacker to alter the setting information without the access privileges via unspecified vectors.

References

▼	URL	Tags
	https://www.contec.com/jp/api/downloadlogger?download=https://www.contec.com/jp/-/media/contec/jp/support/security-info/contec_security_solarview_210216.pdf	x_refsource_MISC
	https://www.contec.com/jp/download/contract/contract2/?itemid=b28c8b7c-9f40-40b2-843c-b5b04c035b0e&downloaditemid=fa248fba-8901-4d9e-8212-b139f2defbdf	x_refsource_MISC
	https://jvn.jp/en/jp/JVN37417423/index.html	x_refsource_MISC

Impacted products

▼	Vendor	Product
	Contec Co., Ltd.	SolarView Compact

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T17:45:45.501Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.contec.com/jp/api/downloadlogger?download=https://www.contec.com/jp/-/media/contec/jp/support/security-info/contec_security_solarview_210216.pdf"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.contec.com/jp/download/contract/contract2/?itemid=b28c8b7c-9f40-40b2-843c-b5b04c035b0e\u0026downloaditemid=fa248fba-8901-4d9e-8212-b139f2defbdf"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://jvn.jp/en/jp/JVN37417423/index.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "SolarView Compact",
          "vendor": "Contec Co., Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "SV-CPT-MC310 prior to Ver.6.5"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Missing authentication for critical function in SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an attacker to alter the setting information without the access privileges via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Missing authentication for critical function",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-02-24T03:51:48",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.contec.com/jp/api/downloadlogger?download=https://www.contec.com/jp/-/media/contec/jp/support/security-info/contec_security_solarview_210216.pdf"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.contec.com/jp/download/contract/contract2/?itemid=b28c8b7c-9f40-40b2-843c-b5b04c035b0e\u0026downloaditemid=fa248fba-8901-4d9e-8212-b139f2defbdf"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://jvn.jp/en/jp/JVN37417423/index.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2021-20662",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "SolarView Compact",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "SV-CPT-MC310 prior to Ver.6.5"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Contec Co., Ltd."
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Missing authentication for critical function in SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an attacker to alter the setting information without the access privileges via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Missing authentication for critical function"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.contec.com/jp/api/downloadlogger?download=https://www.contec.com/jp/-/media/contec/jp/support/security-info/contec_security_solarview_210216.pdf",
              "refsource": "MISC",
              "url": "https://www.contec.com/jp/api/downloadlogger?download=https://www.contec.com/jp/-/media/contec/jp/support/security-info/contec_security_solarview_210216.pdf"
            },
            {
              "name": "https://www.contec.com/jp/download/contract/contract2/?itemid=b28c8b7c-9f40-40b2-843c-b5b04c035b0e\u0026downloaditemid=fa248fba-8901-4d9e-8212-b139f2defbdf",
              "refsource": "MISC",
              "url": "https://www.contec.com/jp/download/contract/contract2/?itemid=b28c8b7c-9f40-40b2-843c-b5b04c035b0e\u0026downloaditemid=fa248fba-8901-4d9e-8212-b139f2defbdf"
            },
            {
              "name": "https://jvn.jp/en/jp/JVN37417423/index.html",
              "refsource": "MISC",
              "url": "https://jvn.jp/en/jp/JVN37417423/index.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2021-20662",
    "datePublished": "2021-02-24T03:51:48",
    "dateReserved": "2020-12-17T00:00:00",
    "dateUpdated": "2024-08-03T17:45:45.501Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-27518

Vulnerability from cvelistv5

Published

2023-05-23 00:00

Modified

2024-08-02 12:16

Severity ?

Summary

Buffer overflow vulnerability in the multiple setting pages of SolarView Compact SV-CPT-MC310 versions prior to Ver.8.10 and SV-CPT-MC310F versions prior to Ver.8.10 allows a remote authenticated attacker to execute arbitrary code.

References

▼	URL	Tags
	https://www.contec.com/jp/download/donwload-list/?itemid=b28c8b7c-9f40-40b2-843c-b5b04c035b0e#firmware
	https://www.contec.com/jp/api/downloadlogger?download=/-/media/Contec/jp/support/security-info/contec_security_solarview_230508.pdf
	https://jvn.jp/en/vu/JVNVU92106300/

Impacted products

▼	Vendor	Product
	Contec Co., Ltd.	SolarView Compact

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T12:16:35.412Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.contec.com/jp/download/donwload-list/?itemid=b28c8b7c-9f40-40b2-843c-b5b04c035b0e#firmware"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.contec.com/jp/api/downloadlogger?download=/-/media/Contec/jp/support/security-info/contec_security_solarview_230508.pdf"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://jvn.jp/en/vu/JVNVU92106300/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "SolarView Compact",
          "vendor": "Contec Co., Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "SV-CPT-MC310 versions prior to Ver.8.10, and SV-CPT-MC310F versions prior to Ver.8.10"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Buffer overflow vulnerability in the multiple setting pages of SolarView Compact SV-CPT-MC310 versions prior to Ver.8.10 and SV-CPT-MC310F versions prior to Ver.8.10 allows a remote authenticated attacker to execute arbitrary code."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Buffer Overflow",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-05-23T00:00:00",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "url": "https://www.contec.com/jp/download/donwload-list/?itemid=b28c8b7c-9f40-40b2-843c-b5b04c035b0e#firmware"
        },
        {
          "url": "https://www.contec.com/jp/api/downloadlogger?download=/-/media/Contec/jp/support/security-info/contec_security_solarview_230508.pdf"
        },
        {
          "url": "https://jvn.jp/en/vu/JVNVU92106300/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2023-27518",
    "datePublished": "2023-05-23T00:00:00",
    "dateReserved": "2023-03-15T00:00:00",
    "dateUpdated": "2024-08-02T12:16:35.412Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-20658

Vulnerability from cvelistv5

Published

2021-02-24 03:51

Modified

2024-08-03 17:45

Severity ?

Summary

SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an attacker to execute arbitrary OS commands with the web server privilege via unspecified vectors.

References

▼	URL	Tags
	https://www.contec.com/jp/api/downloadlogger?download=https://www.contec.com/jp/-/media/contec/jp/support/security-info/contec_security_solarview_210216.pdf	x_refsource_MISC
	https://www.contec.com/jp/download/contract/contract2/?itemid=b28c8b7c-9f40-40b2-843c-b5b04c035b0e&downloaditemid=fa248fba-8901-4d9e-8212-b139f2defbdf	x_refsource_MISC
	https://jvn.jp/en/jp/JVN37417423/index.html	x_refsource_MISC

Impacted products

▼	Vendor	Product
	Contec Co., Ltd.	SolarView Compact

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T17:45:45.391Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.contec.com/jp/api/downloadlogger?download=https://www.contec.com/jp/-/media/contec/jp/support/security-info/contec_security_solarview_210216.pdf"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.contec.com/jp/download/contract/contract2/?itemid=b28c8b7c-9f40-40b2-843c-b5b04c035b0e\u0026downloaditemid=fa248fba-8901-4d9e-8212-b139f2defbdf"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://jvn.jp/en/jp/JVN37417423/index.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "SolarView Compact",
          "vendor": "Contec Co., Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "SV-CPT-MC310 prior to Ver.6.5"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an attacker to execute arbitrary OS commands with the web server privilege via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "OS Command Injection",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-02-24T03:51:45",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.contec.com/jp/api/downloadlogger?download=https://www.contec.com/jp/-/media/contec/jp/support/security-info/contec_security_solarview_210216.pdf"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.contec.com/jp/download/contract/contract2/?itemid=b28c8b7c-9f40-40b2-843c-b5b04c035b0e\u0026downloaditemid=fa248fba-8901-4d9e-8212-b139f2defbdf"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://jvn.jp/en/jp/JVN37417423/index.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2021-20658",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "SolarView Compact",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "SV-CPT-MC310 prior to Ver.6.5"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Contec Co., Ltd."
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an attacker to execute arbitrary OS commands with the web server privilege via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "OS Command Injection"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.contec.com/jp/api/downloadlogger?download=https://www.contec.com/jp/-/media/contec/jp/support/security-info/contec_security_solarview_210216.pdf",
              "refsource": "MISC",
              "url": "https://www.contec.com/jp/api/downloadlogger?download=https://www.contec.com/jp/-/media/contec/jp/support/security-info/contec_security_solarview_210216.pdf"
            },
            {
              "name": "https://www.contec.com/jp/download/contract/contract2/?itemid=b28c8b7c-9f40-40b2-843c-b5b04c035b0e\u0026downloaditemid=fa248fba-8901-4d9e-8212-b139f2defbdf",
              "refsource": "MISC",
              "url": "https://www.contec.com/jp/download/contract/contract2/?itemid=b28c8b7c-9f40-40b2-843c-b5b04c035b0e\u0026downloaditemid=fa248fba-8901-4d9e-8212-b139f2defbdf"
            },
            {
              "name": "https://jvn.jp/en/jp/JVN37417423/index.html",
              "refsource": "MISC",
              "url": "https://jvn.jp/en/jp/JVN37417423/index.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2021-20658",
    "datePublished": "2021-02-24T03:51:45",
    "dateReserved": "2020-12-17T00:00:00",
    "dateUpdated": "2024-08-03T17:45:45.391Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-20661

Vulnerability from cvelistv5

Published

2021-02-24 03:51

Modified

2024-08-03 17:45

Severity ?

Summary

Directory traversal vulnerability in SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows authenticated attackers to delete arbitrary files and/or directories on the server via unspecified vectors.

References

▼	URL	Tags
	https://www.contec.com/jp/api/downloadlogger?download=https://www.contec.com/jp/-/media/contec/jp/support/security-info/contec_security_solarview_210216.pdf	x_refsource_MISC
	https://www.contec.com/jp/download/contract/contract2/?itemid=b28c8b7c-9f40-40b2-843c-b5b04c035b0e&downloaditemid=fa248fba-8901-4d9e-8212-b139f2defbdf	x_refsource_MISC
	https://jvn.jp/en/jp/JVN37417423/index.html	x_refsource_MISC

Impacted products

▼	Vendor	Product
	Contec Co., Ltd.	SolarView Compact

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T17:45:45.234Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.contec.com/jp/api/downloadlogger?download=https://www.contec.com/jp/-/media/contec/jp/support/security-info/contec_security_solarview_210216.pdf"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.contec.com/jp/download/contract/contract2/?itemid=b28c8b7c-9f40-40b2-843c-b5b04c035b0e\u0026downloaditemid=fa248fba-8901-4d9e-8212-b139f2defbdf"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://jvn.jp/en/jp/JVN37417423/index.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "SolarView Compact",
          "vendor": "Contec Co., Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "SV-CPT-MC310 prior to Ver.6.5"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Directory traversal vulnerability in SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows authenticated attackers to delete arbitrary files and/or directories on the server via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Directory traversal",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-02-24T03:51:47",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.contec.com/jp/api/downloadlogger?download=https://www.contec.com/jp/-/media/contec/jp/support/security-info/contec_security_solarview_210216.pdf"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.contec.com/jp/download/contract/contract2/?itemid=b28c8b7c-9f40-40b2-843c-b5b04c035b0e\u0026downloaditemid=fa248fba-8901-4d9e-8212-b139f2defbdf"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://jvn.jp/en/jp/JVN37417423/index.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2021-20661",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "SolarView Compact",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "SV-CPT-MC310 prior to Ver.6.5"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Contec Co., Ltd."
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Directory traversal vulnerability in SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows authenticated attackers to delete arbitrary files and/or directories on the server via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Directory traversal"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.contec.com/jp/api/downloadlogger?download=https://www.contec.com/jp/-/media/contec/jp/support/security-info/contec_security_solarview_210216.pdf",
              "refsource": "MISC",
              "url": "https://www.contec.com/jp/api/downloadlogger?download=https://www.contec.com/jp/-/media/contec/jp/support/security-info/contec_security_solarview_210216.pdf"
            },
            {
              "name": "https://www.contec.com/jp/download/contract/contract2/?itemid=b28c8b7c-9f40-40b2-843c-b5b04c035b0e\u0026downloaditemid=fa248fba-8901-4d9e-8212-b139f2defbdf",
              "refsource": "MISC",
              "url": "https://www.contec.com/jp/download/contract/contract2/?itemid=b28c8b7c-9f40-40b2-843c-b5b04c035b0e\u0026downloaditemid=fa248fba-8901-4d9e-8212-b139f2defbdf"
            },
            {
              "name": "https://jvn.jp/en/jp/JVN37417423/index.html",
              "refsource": "MISC",
              "url": "https://jvn.jp/en/jp/JVN37417423/index.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2021-20661",
    "datePublished": "2021-02-24T03:51:47",
    "dateReserved": "2020-12-17T00:00:00",
    "dateUpdated": "2024-08-03T17:45:45.234Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-20660

Vulnerability from cvelistv5

Published

2021-02-24 03:51

Modified

2024-08-03 17:45

Severity ?

Summary

Cross-site scripting vulnerability in SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an attacker to inject an arbitrary script via unspecified vectors.

References

▼	URL	Tags
	https://www.contec.com/jp/api/downloadlogger?download=https://www.contec.com/jp/-/media/contec/jp/support/security-info/contec_security_solarview_210216.pdf	x_refsource_MISC
	https://www.contec.com/jp/download/contract/contract2/?itemid=b28c8b7c-9f40-40b2-843c-b5b04c035b0e&downloaditemid=fa248fba-8901-4d9e-8212-b139f2defbdf	x_refsource_MISC
	https://jvn.jp/en/jp/JVN37417423/index.html	x_refsource_MISC

Impacted products

▼	Vendor	Product
	Contec Co., Ltd.	SolarView Compact

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T17:45:45.358Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.contec.com/jp/api/downloadlogger?download=https://www.contec.com/jp/-/media/contec/jp/support/security-info/contec_security_solarview_210216.pdf"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.contec.com/jp/download/contract/contract2/?itemid=b28c8b7c-9f40-40b2-843c-b5b04c035b0e\u0026downloaditemid=fa248fba-8901-4d9e-8212-b139f2defbdf"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://jvn.jp/en/jp/JVN37417423/index.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "SolarView Compact",
          "vendor": "Contec Co., Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "SV-CPT-MC310 prior to Ver.6.5"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting vulnerability in SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an attacker to inject an arbitrary script via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-site scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-02-24T03:51:46",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.contec.com/jp/api/downloadlogger?download=https://www.contec.com/jp/-/media/contec/jp/support/security-info/contec_security_solarview_210216.pdf"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.contec.com/jp/download/contract/contract2/?itemid=b28c8b7c-9f40-40b2-843c-b5b04c035b0e\u0026downloaditemid=fa248fba-8901-4d9e-8212-b139f2defbdf"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://jvn.jp/en/jp/JVN37417423/index.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2021-20660",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "SolarView Compact",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "SV-CPT-MC310 prior to Ver.6.5"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Contec Co., Ltd."
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting vulnerability in SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an attacker to inject an arbitrary script via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.contec.com/jp/api/downloadlogger?download=https://www.contec.com/jp/-/media/contec/jp/support/security-info/contec_security_solarview_210216.pdf",
              "refsource": "MISC",
              "url": "https://www.contec.com/jp/api/downloadlogger?download=https://www.contec.com/jp/-/media/contec/jp/support/security-info/contec_security_solarview_210216.pdf"
            },
            {
              "name": "https://www.contec.com/jp/download/contract/contract2/?itemid=b28c8b7c-9f40-40b2-843c-b5b04c035b0e\u0026downloaditemid=fa248fba-8901-4d9e-8212-b139f2defbdf",
              "refsource": "MISC",
              "url": "https://www.contec.com/jp/download/contract/contract2/?itemid=b28c8b7c-9f40-40b2-843c-b5b04c035b0e\u0026downloaditemid=fa248fba-8901-4d9e-8212-b139f2defbdf"
            },
            {
              "name": "https://jvn.jp/en/jp/JVN37417423/index.html",
              "refsource": "MISC",
              "url": "https://jvn.jp/en/jp/JVN37417423/index.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2021-20660",
    "datePublished": "2021-02-24T03:51:46",
    "dateReserved": "2020-12-17T00:00:00",
    "dateUpdated": "2024-08-03T17:45:45.358Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-35239

Vulnerability from cvelistv5

Published

2022-08-16 07:01

Modified

2024-08-03 09:29

Severity ?

Summary

The image file management page of SolarView Compact SV-CPT-MC310 Ver.7.23 and earlier, and SV-CPT-MC310F Ver.7.23 and earlier contains an insufficient verification vulnerability when uploading files. If this vulnerability is exploited, arbitrary PHP code may be executed if a remote authenticated attacker uploads a specially crafted PHP file.

References

▼	URL	Tags
	https://www.contec.com/jp/api/downloadlogger?download=/jp/-/media/Contec/jp/support/security-info/contec_security_solarview_220727.pdf	x_refsource_MISC
	https://www.contec.com/jp/download/donwload-list/?itemid=b28c8b7c-9f40-40b2-843c-b5b04c035b0e#firmware	x_refsource_MISC
	https://jvn.jp/en/vu/JVNVU93696585/	x_refsource_MISC

Impacted products

▼	Vendor	Product
	CONTEC CO., LTD.	SolarView Compact

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T09:29:17.446Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.contec.com/jp/api/downloadlogger?download=/jp/-/media/Contec/jp/support/security-info/contec_security_solarview_220727.pdf"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.contec.com/jp/download/donwload-list/?itemid=b28c8b7c-9f40-40b2-843c-b5b04c035b0e#firmware"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://jvn.jp/en/vu/JVNVU93696585/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "SolarView Compact",
          "vendor": "CONTEC CO., LTD.",
          "versions": [
            {
              "status": "affected",
              "version": "SV-CPT-MC310 Ver.7.23 and earlier, and SV-CPT-MC310F Ver.7.23 and earlier"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The image file management page of SolarView Compact SV-CPT-MC310 Ver.7.23 and earlier, and SV-CPT-MC310F Ver.7.23 and earlier contains an insufficient verification vulnerability when uploading files. If this vulnerability is exploited, arbitrary PHP code may be executed if a remote authenticated attacker uploads a specially crafted PHP file."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Improper Input Validation",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-08-16T07:01:46",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.contec.com/jp/api/downloadlogger?download=/jp/-/media/Contec/jp/support/security-info/contec_security_solarview_220727.pdf"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.contec.com/jp/download/donwload-list/?itemid=b28c8b7c-9f40-40b2-843c-b5b04c035b0e#firmware"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://jvn.jp/en/vu/JVNVU93696585/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2022-35239",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "SolarView Compact",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "SV-CPT-MC310 Ver.7.23 and earlier, and SV-CPT-MC310F Ver.7.23 and earlier"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "CONTEC CO., LTD."
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The image file management page of SolarView Compact SV-CPT-MC310 Ver.7.23 and earlier, and SV-CPT-MC310F Ver.7.23 and earlier contains an insufficient verification vulnerability when uploading files. If this vulnerability is exploited, arbitrary PHP code may be executed if a remote authenticated attacker uploads a specially crafted PHP file."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Improper Input Validation"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.contec.com/jp/api/downloadlogger?download=/jp/-/media/Contec/jp/support/security-info/contec_security_solarview_220727.pdf",
              "refsource": "MISC",
              "url": "https://www.contec.com/jp/api/downloadlogger?download=/jp/-/media/Contec/jp/support/security-info/contec_security_solarview_220727.pdf"
            },
            {
              "name": "https://www.contec.com/jp/download/donwload-list/?itemid=b28c8b7c-9f40-40b2-843c-b5b04c035b0e#firmware",
              "refsource": "MISC",
              "url": "https://www.contec.com/jp/download/donwload-list/?itemid=b28c8b7c-9f40-40b2-843c-b5b04c035b0e#firmware"
            },
            {
              "name": "https://jvn.jp/en/vu/JVNVU93696585/",
              "refsource": "MISC",
              "url": "https://jvn.jp/en/vu/JVNVU93696585/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2022-35239",
    "datePublished": "2022-08-16T07:01:46",
    "dateReserved": "2022-07-21T00:00:00",
    "dateUpdated": "2024-08-03T09:29:17.446Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-27512

Vulnerability from cvelistv5

Published

2023-05-23 00:00

Modified

2024-08-02 12:16

Severity ?

Summary

Use of hard-coded credentials exists in SolarView Compact SV-CPT-MC310 versions prior to Ver.8.10, and SV-CPT-MC310F versions prior to Ver.8.10, which may allow a remote authenticated attacker to login the affected product with an administrative privilege and perform an unintended operation.

References

▼	URL	Tags
	https://www.contec.com/jp/download/donwload-list/?itemid=b28c8b7c-9f40-40b2-843c-b5b04c035b0e#firmware
	https://www.contec.com/jp/api/downloadlogger?download=/-/media/Contec/jp/support/security-info/contec_security_solarview_230508.pdf
	https://jvn.jp/en/vu/JVNVU92106300/

Impacted products

▼	Vendor	Product
	Contec Co., Ltd.	SolarView Compact

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T12:16:36.515Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.contec.com/jp/download/donwload-list/?itemid=b28c8b7c-9f40-40b2-843c-b5b04c035b0e#firmware"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.contec.com/jp/api/downloadlogger?download=/-/media/Contec/jp/support/security-info/contec_security_solarview_230508.pdf"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://jvn.jp/en/vu/JVNVU92106300/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "SolarView Compact",
          "vendor": "Contec Co., Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "SV-CPT-MC310 versions prior to Ver.8.10, and SV-CPT-MC310F versions prior to Ver.8.10"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Use of hard-coded credentials exists in SolarView Compact SV-CPT-MC310 versions prior to Ver.8.10, and SV-CPT-MC310F versions prior to Ver.8.10, which may allow a remote authenticated attacker to login the affected product with an administrative privilege and perform an unintended operation."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Use of hard-coded credentials",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-05-23T00:00:00",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "url": "https://www.contec.com/jp/download/donwload-list/?itemid=b28c8b7c-9f40-40b2-843c-b5b04c035b0e#firmware"
        },
        {
          "url": "https://www.contec.com/jp/api/downloadlogger?download=/-/media/Contec/jp/support/security-info/contec_security_solarview_230508.pdf"
        },
        {
          "url": "https://jvn.jp/en/vu/JVNVU92106300/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2023-27512",
    "datePublished": "2023-05-23T00:00:00",
    "dateReserved": "2023-03-15T00:00:00",
    "dateUpdated": "2024-08-02T12:16:36.515Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-20656

Vulnerability from cvelistv5

Published

2021-02-24 03:51

Modified

2024-08-03 17:45

Severity ?

Summary

Exposure of information through directory listing in SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an authenticated attacker to obtain the information inside the system, such as directories and/or file configurations via unspecified vectors.

References

▼	URL	Tags
	https://www.contec.com/jp/api/downloadlogger?download=https://www.contec.com/jp/-/media/contec/jp/support/security-info/contec_security_solarview_210216.pdf	x_refsource_MISC
	https://www.contec.com/jp/download/contract/contract2/?itemid=b28c8b7c-9f40-40b2-843c-b5b04c035b0e&downloaditemid=fa248fba-8901-4d9e-8212-b139f2defbdf	x_refsource_MISC
	https://jvn.jp/en/jp/JVN37417423/index.html	x_refsource_MISC

Impacted products

▼	Vendor	Product
	Contec Co., Ltd.	SolarView Compact

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T17:45:45.117Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.contec.com/jp/api/downloadlogger?download=https://www.contec.com/jp/-/media/contec/jp/support/security-info/contec_security_solarview_210216.pdf"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.contec.com/jp/download/contract/contract2/?itemid=b28c8b7c-9f40-40b2-843c-b5b04c035b0e\u0026downloaditemid=fa248fba-8901-4d9e-8212-b139f2defbdf"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://jvn.jp/en/jp/JVN37417423/index.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "SolarView Compact",
          "vendor": "Contec Co., Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "SV-CPT-MC310 prior to Ver.6.5"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Exposure of information through directory listing in SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an authenticated attacker to obtain the information inside the system, such as directories and/or file configurations via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Exposure of information through directory listing",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-02-24T03:51:44",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.contec.com/jp/api/downloadlogger?download=https://www.contec.com/jp/-/media/contec/jp/support/security-info/contec_security_solarview_210216.pdf"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.contec.com/jp/download/contract/contract2/?itemid=b28c8b7c-9f40-40b2-843c-b5b04c035b0e\u0026downloaditemid=fa248fba-8901-4d9e-8212-b139f2defbdf"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://jvn.jp/en/jp/JVN37417423/index.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2021-20656",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "SolarView Compact",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "SV-CPT-MC310 prior to Ver.6.5"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Contec Co., Ltd."
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Exposure of information through directory listing in SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an authenticated attacker to obtain the information inside the system, such as directories and/or file configurations via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Exposure of information through directory listing"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.contec.com/jp/api/downloadlogger?download=https://www.contec.com/jp/-/media/contec/jp/support/security-info/contec_security_solarview_210216.pdf",
              "refsource": "MISC",
              "url": "https://www.contec.com/jp/api/downloadlogger?download=https://www.contec.com/jp/-/media/contec/jp/support/security-info/contec_security_solarview_210216.pdf"
            },
            {
              "name": "https://www.contec.com/jp/download/contract/contract2/?itemid=b28c8b7c-9f40-40b2-843c-b5b04c035b0e\u0026downloaditemid=fa248fba-8901-4d9e-8212-b139f2defbdf",
              "refsource": "MISC",
              "url": "https://www.contec.com/jp/download/contract/contract2/?itemid=b28c8b7c-9f40-40b2-843c-b5b04c035b0e\u0026downloaditemid=fa248fba-8901-4d9e-8212-b139f2defbdf"
            },
            {
              "name": "https://jvn.jp/en/jp/JVN37417423/index.html",
              "refsource": "MISC",
              "url": "https://jvn.jp/en/jp/JVN37417423/index.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2021-20656",
    "datePublished": "2021-02-24T03:51:44",
    "dateReserved": "2020-12-17T00:00:00",
    "dateUpdated": "2024-08-03T17:45:45.117Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-27514

Vulnerability from cvelistv5

Published

2023-05-23 00:00

Modified

2024-08-02 12:16

Severity ?

Summary

OS command injection vulnerability in the download page of SolarView Compact SV-CPT-MC310 versions prior to Ver.8.10 and SV-CPT-MC310F versions prior to Ver.8.10 allows a remote authenticated attacker to execute an arbitrary OS command.

References

▼	URL	Tags
	https://www.contec.com/jp/download/donwload-list/?itemid=b28c8b7c-9f40-40b2-843c-b5b04c035b0e#firmware
	https://www.contec.com/jp/api/downloadlogger?download=/-/media/Contec/jp/support/security-info/contec_security_solarview_230508.pdf
	https://jvn.jp/en/vu/JVNVU92106300/

Impacted products

▼	Vendor	Product
	Contec Co., Ltd.	SolarView Compact

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T12:16:35.353Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.contec.com/jp/download/donwload-list/?itemid=b28c8b7c-9f40-40b2-843c-b5b04c035b0e#firmware"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.contec.com/jp/api/downloadlogger?download=/-/media/Contec/jp/support/security-info/contec_security_solarview_230508.pdf"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://jvn.jp/en/vu/JVNVU92106300/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "SolarView Compact",
          "vendor": "Contec Co., Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "SV-CPT-MC310 versions prior to Ver.8.10, and SV-CPT-MC310F versions prior to Ver.8.10"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "OS command injection vulnerability in the download page of SolarView Compact SV-CPT-MC310 versions prior to Ver.8.10 and SV-CPT-MC310F versions prior to Ver.8.10 allows a remote authenticated attacker to execute an arbitrary OS command."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "OS Command Injection",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-05-23T00:00:00",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "url": "https://www.contec.com/jp/download/donwload-list/?itemid=b28c8b7c-9f40-40b2-843c-b5b04c035b0e#firmware"
        },
        {
          "url": "https://www.contec.com/jp/api/downloadlogger?download=/-/media/Contec/jp/support/security-info/contec_security_solarview_230508.pdf"
        },
        {
          "url": "https://jvn.jp/en/vu/JVNVU92106300/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2023-27514",
    "datePublished": "2023-05-23T00:00:00",
    "dateReserved": "2023-03-15T00:00:00",
    "dateUpdated": "2024-08-02T12:16:35.353Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-27521

Vulnerability from cvelistv5

Published

2023-05-23 00:00

Modified

2024-08-02 12:16

Severity ?

Summary

OS command injection vulnerability in the mail setting page of SolarView Compact SV-CPT-MC310 versions prior to Ver.8.10 and SV-CPT-MC310F versions prior to Ver.8.10 allows remote authenticated attackers to execute an arbitrary OS command.

References

▼	URL	Tags
	https://www.contec.com/jp/download/donwload-list/?itemid=b28c8b7c-9f40-40b2-843c-b5b04c035b0e#firmware
	https://www.contec.com/jp/api/downloadlogger?download=/-/media/Contec/jp/support/security-info/contec_security_solarview_230508.pdf
	https://jvn.jp/en/vu/JVNVU92106300/

Impacted products

▼	Vendor	Product
	Contec Co., Ltd.	SolarView Compact

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T12:16:35.735Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.contec.com/jp/download/donwload-list/?itemid=b28c8b7c-9f40-40b2-843c-b5b04c035b0e#firmware"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.contec.com/jp/api/downloadlogger?download=/-/media/Contec/jp/support/security-info/contec_security_solarview_230508.pdf"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://jvn.jp/en/vu/JVNVU92106300/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "SolarView Compact",
          "vendor": "Contec Co., Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "SV-CPT-MC310 versions prior to Ver.8.10, and SV-CPT-MC310F versions prior to Ver.8.10"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "OS command injection vulnerability in the mail setting page of SolarView Compact SV-CPT-MC310 versions prior to Ver.8.10 and SV-CPT-MC310F versions prior to Ver.8.10 allows remote authenticated attackers to execute an arbitrary OS command."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "OS Command Injection",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-05-23T00:00:00",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "url": "https://www.contec.com/jp/download/donwload-list/?itemid=b28c8b7c-9f40-40b2-843c-b5b04c035b0e#firmware"
        },
        {
          "url": "https://www.contec.com/jp/api/downloadlogger?download=/-/media/Contec/jp/support/security-info/contec_security_solarview_230508.pdf"
        },
        {
          "url": "https://jvn.jp/en/vu/JVNVU92106300/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2023-27521",
    "datePublished": "2023-05-23T00:00:00",
    "dateReserved": "2023-03-15T00:00:00",
    "dateUpdated": "2024-08-02T12:16:35.735Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-27920

Vulnerability from cvelistv5

Published

2023-05-23 00:00

Modified

2024-08-02 12:23

Severity ?

Summary

Improper access control vulnerability in the system date/time setting page of SolarView Compact SV-CPT-MC310 versions prior to Ver.8.10 and SV-CPT-MC310F versions prior to Ver.8.10 allows a remote authenticated attacker to alter system date/time of the affected product.

References

▼	URL	Tags
	https://www.contec.com/jp/download/donwload-list/?itemid=b28c8b7c-9f40-40b2-843c-b5b04c035b0e#firmware
	https://www.contec.com/jp/api/downloadlogger?download=/-/media/Contec/jp/support/security-info/contec_security_solarview_230508.pdf
	https://jvn.jp/en/vu/JVNVU92106300/

Impacted products

▼	Vendor	Product
	Contec Co., Ltd.	SolarView Compact

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T12:23:30.630Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.contec.com/jp/download/donwload-list/?itemid=b28c8b7c-9f40-40b2-843c-b5b04c035b0e#firmware"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.contec.com/jp/api/downloadlogger?download=/-/media/Contec/jp/support/security-info/contec_security_solarview_230508.pdf"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://jvn.jp/en/vu/JVNVU92106300/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "SolarView Compact",
          "vendor": "Contec Co., Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "SV-CPT-MC310 versions prior to Ver.8.10, and SV-CPT-MC310F versions prior to Ver.8.10"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Improper access control vulnerability in the system date/time setting page of SolarView Compact SV-CPT-MC310 versions prior to Ver.8.10 and SV-CPT-MC310F versions prior to Ver.8.10 allows a remote authenticated attacker to alter system date/time of the affected product."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Improper access control",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-05-23T00:00:00",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "url": "https://www.contec.com/jp/download/donwload-list/?itemid=b28c8b7c-9f40-40b2-843c-b5b04c035b0e#firmware"
        },
        {
          "url": "https://www.contec.com/jp/api/downloadlogger?download=/-/media/Contec/jp/support/security-info/contec_security_solarview_230508.pdf"
        },
        {
          "url": "https://jvn.jp/en/vu/JVNVU92106300/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2023-27920",
    "datePublished": "2023-05-23T00:00:00",
    "dateReserved": "2023-03-15T00:00:00",
    "dateUpdated": "2024-08-02T12:23:30.630Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-20659

Vulnerability from cvelistv5

Published

2021-02-24 03:51

Modified

2024-08-03 17:45

Severity ?

Summary

SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an authenticated attacker to upload arbitrary files via unspecified vectors. If the file is PHP script, an attacker may execute arbitrary code.

References

▼	URL	Tags
	https://www.contec.com/jp/api/downloadlogger?download=https://www.contec.com/jp/-/media/contec/jp/support/security-info/contec_security_solarview_210216.pdf	x_refsource_MISC
	https://www.contec.com/jp/download/contract/contract2/?itemid=b28c8b7c-9f40-40b2-843c-b5b04c035b0e&downloaditemid=fa248fba-8901-4d9e-8212-b139f2defbdf	x_refsource_MISC
	https://jvn.jp/en/jp/JVN37417423/index.html	x_refsource_MISC

Impacted products

▼	Vendor	Product
	Contec Co., Ltd.	SolarView Compact

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T17:45:45.371Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.contec.com/jp/api/downloadlogger?download=https://www.contec.com/jp/-/media/contec/jp/support/security-info/contec_security_solarview_210216.pdf"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.contec.com/jp/download/contract/contract2/?itemid=b28c8b7c-9f40-40b2-843c-b5b04c035b0e\u0026downloaditemid=fa248fba-8901-4d9e-8212-b139f2defbdf"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://jvn.jp/en/jp/JVN37417423/index.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "SolarView Compact",
          "vendor": "Contec Co., Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "SV-CPT-MC310 prior to Ver.6.5"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an authenticated attacker to upload arbitrary files via unspecified vectors. If the file is PHP script, an attacker may execute arbitrary code."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Unrestricted upload of file with dangerous type",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-02-24T03:51:46",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.contec.com/jp/api/downloadlogger?download=https://www.contec.com/jp/-/media/contec/jp/support/security-info/contec_security_solarview_210216.pdf"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.contec.com/jp/download/contract/contract2/?itemid=b28c8b7c-9f40-40b2-843c-b5b04c035b0e\u0026downloaditemid=fa248fba-8901-4d9e-8212-b139f2defbdf"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://jvn.jp/en/jp/JVN37417423/index.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2021-20659",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "SolarView Compact",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "SV-CPT-MC310 prior to Ver.6.5"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Contec Co., Ltd."
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an authenticated attacker to upload arbitrary files via unspecified vectors. If the file is PHP script, an attacker may execute arbitrary code."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Unrestricted upload of file with dangerous type"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.contec.com/jp/api/downloadlogger?download=https://www.contec.com/jp/-/media/contec/jp/support/security-info/contec_security_solarview_210216.pdf",
              "refsource": "MISC",
              "url": "https://www.contec.com/jp/api/downloadlogger?download=https://www.contec.com/jp/-/media/contec/jp/support/security-info/contec_security_solarview_210216.pdf"
            },
            {
              "name": "https://www.contec.com/jp/download/contract/contract2/?itemid=b28c8b7c-9f40-40b2-843c-b5b04c035b0e\u0026downloaditemid=fa248fba-8901-4d9e-8212-b139f2defbdf",
              "refsource": "MISC",
              "url": "https://www.contec.com/jp/download/contract/contract2/?itemid=b28c8b7c-9f40-40b2-843c-b5b04c035b0e\u0026downloaditemid=fa248fba-8901-4d9e-8212-b139f2defbdf"
            },
            {
              "name": "https://jvn.jp/en/jp/JVN37417423/index.html",
              "refsource": "MISC",
              "url": "https://jvn.jp/en/jp/JVN37417423/index.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2021-20659",
    "datePublished": "2021-02-24T03:51:46",
    "dateReserved": "2020-12-17T00:00:00",
    "dateUpdated": "2024-08-03T17:45:45.371Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

All the vulnerabilites related to Contec Co., Ltd. - SolarView Compact

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5