Vulnerabilites related to ntt-west - biz_box_rtx1210_firmware
CVE-2021-20844 (GCVE-0-2021-20844)
Vulnerability from cvelistv5
Published
2021-11-24 08:25
Modified
2024-08-03 17:53
Severity ?
EPSS score ?
Summary
Improper neutralization of HTTP request headers for scripting syntax vulnerability in the Web GUI of RTX830 Rev.15.02.17 and earlier, NVR510 Rev.15.01.18 and earlier, NVR700W Rev.15.00.19 and earlier, and RTX1210 Rev.14.01.38 and earlier allows a remote authenticated attacker to obtain sensitive information via a specially crafted web page.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ntt-west.co.jp/smb/kiki_info/info/211109.html | x_refsource_MISC | |
| https://business.ntt-east.co.jp/topics/2021/11_09.html | x_refsource_MISC | |
| http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVNVU91161784.html | x_refsource_MISC | |
| https://jvn.jp/en/vu/JVNVU91161784/index.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Yamaha Corporation | RTX830, NVR510, NVR700W, RTX1210 |
Version: RTX830 Rev.15.02.17 and earlier, NVR510 Rev.15.01.18 and earlier, NVR700W Rev.15.00.19 and earlier, RTX1210 Rev.14.01.38 and earlier |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T17:53:22.863Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.ntt-west.co.jp/smb/kiki_info/info/211109.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://business.ntt-east.co.jp/topics/2021/11_09.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVNVU91161784.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://jvn.jp/en/vu/JVNVU91161784/index.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "RTX830, NVR510, NVR700W, RTX1210", vendor: "Yamaha Corporation", versions: [ { status: "affected", version: "RTX830 Rev.15.02.17 and earlier, NVR510 Rev.15.01.18 and earlier, NVR700W Rev.15.00.19 and earlier, RTX1210 Rev.14.01.38 and earlier", }, ], }, ], descriptions: [ { lang: "en", value: "Improper neutralization of HTTP request headers for scripting syntax vulnerability in the Web GUI of RTX830 Rev.15.02.17 and earlier, NVR510 Rev.15.01.18 and earlier, NVR700W Rev.15.00.19 and earlier, and RTX1210 Rev.14.01.38 and earlier allows a remote authenticated attacker to obtain sensitive information via a specially crafted web page.", }, ], problemTypes: [ { descriptions: [ { description: "Improper Neutralization of HTTP Headers for Scripting Syntax", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-11-24T08:25:45", orgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", shortName: "jpcert", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.ntt-west.co.jp/smb/kiki_info/info/211109.html", }, { tags: [ "x_refsource_MISC", ], url: "https://business.ntt-east.co.jp/topics/2021/11_09.html", }, { tags: [ "x_refsource_MISC", ], url: "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVNVU91161784.html", }, { tags: [ "x_refsource_MISC", ], url: "https://jvn.jp/en/vu/JVNVU91161784/index.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "vultures@jpcert.or.jp", ID: "CVE-2021-20844", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "RTX830, NVR510, NVR700W, RTX1210", version: { version_data: [ { version_value: "RTX830 Rev.15.02.17 and earlier, NVR510 Rev.15.01.18 and earlier, NVR700W Rev.15.00.19 and earlier, RTX1210 Rev.14.01.38 and earlier", }, ], }, }, ], }, vendor_name: "Yamaha Corporation", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Improper neutralization of HTTP request headers for scripting syntax vulnerability in the Web GUI of RTX830 Rev.15.02.17 and earlier, NVR510 Rev.15.01.18 and earlier, NVR700W Rev.15.00.19 and earlier, and RTX1210 Rev.14.01.38 and earlier allows a remote authenticated attacker to obtain sensitive information via a specially crafted web page.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Improper Neutralization of HTTP Headers for Scripting Syntax", }, ], }, ], }, references: { reference_data: [ { name: "https://www.ntt-west.co.jp/smb/kiki_info/info/211109.html", refsource: "MISC", url: "https://www.ntt-west.co.jp/smb/kiki_info/info/211109.html", }, { name: "https://business.ntt-east.co.jp/topics/2021/11_09.html", refsource: "MISC", url: "https://business.ntt-east.co.jp/topics/2021/11_09.html", }, { name: "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVNVU91161784.html", refsource: "MISC", url: "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVNVU91161784.html", }, { name: "https://jvn.jp/en/vu/JVNVU91161784/index.html", refsource: "MISC", url: "https://jvn.jp/en/vu/JVNVU91161784/index.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", assignerShortName: "jpcert", cveId: "CVE-2021-20844", datePublished: "2021-11-24T08:25:45", dateReserved: "2020-12-17T00:00:00", dateUpdated: "2024-08-03T17:53:22.863Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2021-20843 (GCVE-0-2021-20843)
Vulnerability from cvelistv5
Published
2021-11-24 08:25
Modified
2024-08-03 17:53
Severity ?
EPSS score ?
Summary
Cross-site script inclusion vulnerability in the Web GUI of RTX830 Rev.15.02.17 and earlier, NVR510 Rev.15.01.18 and earlier, NVR700W Rev.15.00.19 and earlier, and RTX1210 Rev.14.01.38 and earlier allows a remote authenticated attacker to alter the settings of the product via a specially crafted web page.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ntt-west.co.jp/smb/kiki_info/info/211109.html | x_refsource_MISC | |
| https://business.ntt-east.co.jp/topics/2021/11_09.html | x_refsource_MISC | |
| http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVNVU91161784.html | x_refsource_MISC | |
| https://jvn.jp/en/vu/JVNVU91161784/index.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Yamaha Corporation | RTX830, NVR510, NVR700W, RTX1210 |
Version: RTX830 Rev.15.02.17 and earlier, NVR510 Rev.15.01.18 and earlier, NVR700W Rev.15.00.19 and earlier, RTX1210 Rev.14.01.38 and earlier |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T17:53:22.719Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.ntt-west.co.jp/smb/kiki_info/info/211109.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://business.ntt-east.co.jp/topics/2021/11_09.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVNVU91161784.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://jvn.jp/en/vu/JVNVU91161784/index.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "RTX830, NVR510, NVR700W, RTX1210", vendor: "Yamaha Corporation", versions: [ { status: "affected", version: "RTX830 Rev.15.02.17 and earlier, NVR510 Rev.15.01.18 and earlier, NVR700W Rev.15.00.19 and earlier, RTX1210 Rev.14.01.38 and earlier", }, ], }, ], descriptions: [ { lang: "en", value: "Cross-site script inclusion vulnerability in the Web GUI of RTX830 Rev.15.02.17 and earlier, NVR510 Rev.15.01.18 and earlier, NVR700W Rev.15.00.19 and earlier, and RTX1210 Rev.14.01.38 and earlier allows a remote authenticated attacker to alter the settings of the product via a specially crafted web page.", }, ], problemTypes: [ { descriptions: [ { description: "Inclusion of Functionality from Untrusted Control Sphere", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-11-24T08:25:44", orgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", shortName: "jpcert", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.ntt-west.co.jp/smb/kiki_info/info/211109.html", }, { tags: [ "x_refsource_MISC", ], url: "https://business.ntt-east.co.jp/topics/2021/11_09.html", }, { tags: [ "x_refsource_MISC", ], url: "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVNVU91161784.html", }, { tags: [ "x_refsource_MISC", ], url: "https://jvn.jp/en/vu/JVNVU91161784/index.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "vultures@jpcert.or.jp", ID: "CVE-2021-20843", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "RTX830, NVR510, NVR700W, RTX1210", version: { version_data: [ { version_value: "RTX830 Rev.15.02.17 and earlier, NVR510 Rev.15.01.18 and earlier, NVR700W Rev.15.00.19 and earlier, RTX1210 Rev.14.01.38 and earlier", }, ], }, }, ], }, vendor_name: "Yamaha Corporation", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cross-site script inclusion vulnerability in the Web GUI of RTX830 Rev.15.02.17 and earlier, NVR510 Rev.15.01.18 and earlier, NVR700W Rev.15.00.19 and earlier, and RTX1210 Rev.14.01.38 and earlier allows a remote authenticated attacker to alter the settings of the product via a specially crafted web page.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Inclusion of Functionality from Untrusted Control Sphere", }, ], }, ], }, references: { reference_data: [ { name: "https://www.ntt-west.co.jp/smb/kiki_info/info/211109.html", refsource: "MISC", url: "https://www.ntt-west.co.jp/smb/kiki_info/info/211109.html", }, { name: "https://business.ntt-east.co.jp/topics/2021/11_09.html", refsource: "MISC", url: "https://business.ntt-east.co.jp/topics/2021/11_09.html", }, { name: "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVNVU91161784.html", refsource: "MISC", url: "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVNVU91161784.html", }, { name: "https://jvn.jp/en/vu/JVNVU91161784/index.html", refsource: "MISC", url: "https://jvn.jp/en/vu/JVNVU91161784/index.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", assignerShortName: "jpcert", cveId: "CVE-2021-20843", datePublished: "2021-11-24T08:25:44", dateReserved: "2020-12-17T00:00:00", dateUpdated: "2024-08-03T17:53:22.719Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
Vulnerability from fkie_nvd
Published
2021-11-24 16:15
Modified
2024-11-21 05:47
Severity ?
Summary
Improper neutralization of HTTP request headers for scripting syntax vulnerability in the Web GUI of RTX830 Rev.15.02.17 and earlier, NVR510 Rev.15.01.18 and earlier, NVR700W Rev.15.00.19 and earlier, and RTX1210 Rev.14.01.38 and earlier allows a remote authenticated attacker to obtain sensitive information via a specially crafted web page.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVNVU91161784.html | Mitigation, Vendor Advisory | |
| vultures@jpcert.or.jp | https://business.ntt-east.co.jp/topics/2021/11_09.html | Mitigation, Vendor Advisory | |
| vultures@jpcert.or.jp | https://jvn.jp/en/vu/JVNVU91161784/index.html | Mitigation, Third Party Advisory | |
| vultures@jpcert.or.jp | https://www.ntt-west.co.jp/smb/kiki_info/info/211109.html | Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVNVU91161784.html | Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://business.ntt-east.co.jp/topics/2021/11_09.html | Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/en/vu/JVNVU91161784/index.html | Mitigation, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ntt-west.co.jp/smb/kiki_info/info/211109.html | Mitigation, Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:yamaha:rtx830_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "FA148A58-912E-448A-97B4-056F2EFE30B0", versionEndIncluding: "15.02.17", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:yamaha:rtx830:-:*:*:*:*:*:*:*", matchCriteriaId: "C585EA2A-C2E0-406E-A785-668C2D8C5D64", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:yamaha:nvr510_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "DF01C565-EF7D-46C9-9B5C-C6F97F059DA6", versionEndIncluding: "15.01.18", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:yamaha:nvr510:-:*:*:*:*:*:*:*", matchCriteriaId: "1F29115C-CBD1-4648-A7BB-616DB70231FD", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:yamaha:nvr700w_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "6679812C-0DC7-408E-8387-35BC4948063D", versionEndIncluding: "15.00.19", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:yamaha:nvr700w:-:*:*:*:*:*:*:*", matchCriteriaId: "DF384051-AFEF-4CCD-BC7A-866EC2B87FFA", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:yamaha:rtx1210_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "742F40F8-41DC-4E31-8C98-A46015A984B6", versionEndIncluding: "14.01.38", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:yamaha:rtx1210:-:*:*:*:*:*:*:*", matchCriteriaId: "38ABD757-E916-4DD3-B491-E37EEDEB601C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:ntt-west:biz_box_rtx830_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "F5CADF05-D820-4923-90E8-C7A96DFCBA54", versionEndIncluding: "15.02.17", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:ntt-west:biz_box_rtx830:-:*:*:*:*:*:*:*", matchCriteriaId: "4CFEFB4A-C552-4649-B59F-6FB10A79DA84", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:ntt-west:biz_box_nvr510_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "23D4489C-5BAB-42DF-B5EA-7833527F4A24", versionEndExcluding: "15.01.18", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:ntt-west:biz_box_nvr510:-:*:*:*:*:*:*:*", matchCriteriaId: "D8659F51-B97F-49BB-9D78-AB9D4DFB9FB2", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:ntt-west:biz_box_nvr700w_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "221F5AFD-8DE5-44D0-8532-AE5895369759", versionEndIncluding: "15.00.19", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:ntt-west:biz_box_nvr700w:-:*:*:*:*:*:*:*", matchCriteriaId: "399DC40A-66AE-4B23-83BD-E7CBDD093415", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:ntt-west:biz_box_rtx1210_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "60517A56-D41C-4931-BBA7-A1AA6058CCC1", versionEndIncluding: "14.01.38", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:ntt-west:biz_box_rtx1210:-:*:*:*:*:*:*:*", matchCriteriaId: "DC9E8F0E-8006-4474-9700-3DCAC5A40278", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Improper neutralization of HTTP request headers for scripting syntax vulnerability in the Web GUI of RTX830 Rev.15.02.17 and earlier, NVR510 Rev.15.01.18 and earlier, NVR700W Rev.15.00.19 and earlier, and RTX1210 Rev.14.01.38 and earlier allows a remote authenticated attacker to obtain sensitive information via a specially crafted web page.", }, { lang: "es", value: "Una neutralización inapropiada de los encabezados de peticiones HTTP para la sintaxis de scripts en la interfaz gráfica de usuario de la web de RTX830 Rev.15.02.17 y anteriores, NVR510 Rev.15.01.18 y anteriores, NVR700W Rev.15.00.19 y anteriores, y RTX1210 Rev.14.01.38 y anteriores permite a un atacante remoto autenticado obtener información confidencial por medio de una página web especialmente diseñada", }, ], id: "CVE-2021-20844", lastModified: "2024-11-21T05:47:16.087", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:S/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.1, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-11-24T16:15:13.280", references: [ { source: "vultures@jpcert.or.jp", tags: [ "Mitigation", "Vendor Advisory", ], url: "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVNVU91161784.html", }, { source: "vultures@jpcert.or.jp", tags: [ "Mitigation", "Vendor Advisory", ], url: "https://business.ntt-east.co.jp/topics/2021/11_09.html", }, { source: "vultures@jpcert.or.jp", tags: [ "Mitigation", "Third Party Advisory", ], url: "https://jvn.jp/en/vu/JVNVU91161784/index.html", }, { source: "vultures@jpcert.or.jp", tags: [ "Mitigation", "Vendor Advisory", ], url: "https://www.ntt-west.co.jp/smb/kiki_info/info/211109.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mitigation", "Vendor Advisory", ], url: "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVNVU91161784.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mitigation", "Vendor Advisory", ], url: "https://business.ntt-east.co.jp/topics/2021/11_09.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mitigation", "Third Party Advisory", ], url: "https://jvn.jp/en/vu/JVNVU91161784/index.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mitigation", "Vendor Advisory", ], url: "https://www.ntt-west.co.jp/smb/kiki_info/info/211109.html", }, ], sourceIdentifier: "vultures@jpcert.or.jp", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-116", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-11-24 16:15
Modified
2024-11-21 05:47
Severity ?
Summary
Cross-site script inclusion vulnerability in the Web GUI of RTX830 Rev.15.02.17 and earlier, NVR510 Rev.15.01.18 and earlier, NVR700W Rev.15.00.19 and earlier, and RTX1210 Rev.14.01.38 and earlier allows a remote authenticated attacker to alter the settings of the product via a specially crafted web page.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVNVU91161784.html | Mitigation, Vendor Advisory | |
| vultures@jpcert.or.jp | https://business.ntt-east.co.jp/topics/2021/11_09.html | Mitigation, Vendor Advisory | |
| vultures@jpcert.or.jp | https://jvn.jp/en/vu/JVNVU91161784/index.html | Mitigation, Third Party Advisory | |
| vultures@jpcert.or.jp | https://www.ntt-west.co.jp/smb/kiki_info/info/211109.html | Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVNVU91161784.html | Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://business.ntt-east.co.jp/topics/2021/11_09.html | Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/en/vu/JVNVU91161784/index.html | Mitigation, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ntt-west.co.jp/smb/kiki_info/info/211109.html | Mitigation, Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:yamaha:rtx830_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "FA148A58-912E-448A-97B4-056F2EFE30B0", versionEndIncluding: "15.02.17", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:yamaha:rtx830:-:*:*:*:*:*:*:*", matchCriteriaId: "C585EA2A-C2E0-406E-A785-668C2D8C5D64", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:yamaha:nvr510_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "DF01C565-EF7D-46C9-9B5C-C6F97F059DA6", versionEndIncluding: "15.01.18", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:yamaha:nvr510:-:*:*:*:*:*:*:*", matchCriteriaId: "1F29115C-CBD1-4648-A7BB-616DB70231FD", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:yamaha:nvr700w_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "6679812C-0DC7-408E-8387-35BC4948063D", versionEndIncluding: "15.00.19", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:yamaha:nvr700w:-:*:*:*:*:*:*:*", matchCriteriaId: "DF384051-AFEF-4CCD-BC7A-866EC2B87FFA", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:yamaha:rtx1210_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "742F40F8-41DC-4E31-8C98-A46015A984B6", versionEndIncluding: "14.01.38", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:yamaha:rtx1210:-:*:*:*:*:*:*:*", matchCriteriaId: "38ABD757-E916-4DD3-B491-E37EEDEB601C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:ntt-west:biz_box_rtx830_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "F5CADF05-D820-4923-90E8-C7A96DFCBA54", versionEndIncluding: "15.02.17", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:ntt-west:biz_box_rtx830:-:*:*:*:*:*:*:*", matchCriteriaId: "4CFEFB4A-C552-4649-B59F-6FB10A79DA84", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:ntt-west:biz_box_nvr510_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "23D4489C-5BAB-42DF-B5EA-7833527F4A24", versionEndExcluding: "15.01.18", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:ntt-west:biz_box_nvr510:-:*:*:*:*:*:*:*", matchCriteriaId: "D8659F51-B97F-49BB-9D78-AB9D4DFB9FB2", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:ntt-west:biz_box_nvr700w_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "221F5AFD-8DE5-44D0-8532-AE5895369759", versionEndIncluding: "15.00.19", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:ntt-west:biz_box_nvr700w:-:*:*:*:*:*:*:*", matchCriteriaId: "399DC40A-66AE-4B23-83BD-E7CBDD093415", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:ntt-west:biz_box_rtx1210_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "60517A56-D41C-4931-BBA7-A1AA6058CCC1", versionEndIncluding: "14.01.38", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:ntt-west:biz_box_rtx1210:-:*:*:*:*:*:*:*", matchCriteriaId: "DC9E8F0E-8006-4474-9700-3DCAC5A40278", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cross-site script inclusion vulnerability in the Web GUI of RTX830 Rev.15.02.17 and earlier, NVR510 Rev.15.01.18 and earlier, NVR700W Rev.15.00.19 and earlier, and RTX1210 Rev.14.01.38 and earlier allows a remote authenticated attacker to alter the settings of the product via a specially crafted web page.", }, { lang: "es", value: "Una vulnerabilidad de inclusión de scripts en la interfaz gráfica de usuario de RTX830 Rev.15.02.17 y anteriores, NVR510 Rev.15.01.18 y anteriores, NVR700W Rev.15.00.19 y anteriores, y RTX1210 Rev.14.01.38 y anteriores, permite a un atacante remoto autenticado alterar la configuración del producto por medio de una página web especialmente diseñada", }, ], id: "CVE-2021-20843", lastModified: "2024-11-21T05:47:15.970", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-11-24T16:15:13.230", references: [ { source: "vultures@jpcert.or.jp", tags: [ "Mitigation", "Vendor Advisory", ], url: "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVNVU91161784.html", }, { source: "vultures@jpcert.or.jp", tags: [ "Mitigation", "Vendor Advisory", ], url: "https://business.ntt-east.co.jp/topics/2021/11_09.html", }, { source: "vultures@jpcert.or.jp", tags: [ "Mitigation", "Third Party Advisory", ], url: "https://jvn.jp/en/vu/JVNVU91161784/index.html", }, { source: "vultures@jpcert.or.jp", tags: [ "Mitigation", "Vendor Advisory", ], url: "https://www.ntt-west.co.jp/smb/kiki_info/info/211109.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mitigation", "Vendor Advisory", ], url: "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVNVU91161784.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mitigation", "Vendor Advisory", ], url: "https://business.ntt-east.co.jp/topics/2021/11_09.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mitigation", "Third Party Advisory", ], url: "https://jvn.jp/en/vu/JVNVU91161784/index.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mitigation", "Vendor Advisory", ], url: "https://www.ntt-west.co.jp/smb/kiki_info/info/211109.html", }, ], sourceIdentifier: "vultures@jpcert.or.jp", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-829", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }