cvelistv5 - CVE-2021-20642

CVE-2021-20642

Vulnerability from cvelistv5

Published

2021-02-12 06:15

Modified

2024-08-03 17:45

Severity

Summary

Improper check or handling of exceptional conditions in LOGITEC LAN-W300N/RS allows a remote attacker to cause a denial-of-service (DoS) condition by sending a specially crafted URL.

References

Source	URL	Tags
vultures@jpcert.or.jp	https://jvn.jp/en/jp/JVN96783542/index.html	Third Party Advisory
vultures@jpcert.or.jp	https://www.elecom.co.jp/news/security/20210126-01/	Vendor Advisory

Impacted products

Vendor	Product
LOGITEC CORPORATION	LAN-W300N/RS

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T17:45:45.349Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.elecom.co.jp/news/security/20210126-01/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://jvn.jp/en/jp/JVN96783542/index.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "LAN-W300N/RS",
          "vendor": "LOGITEC CORPORATION",
          "versions": [
            {
              "status": "affected",
              "version": "LAN-W300N/RS"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Improper check or handling of exceptional conditions in LOGITEC LAN-W300N/RS allows a remote attacker to cause a denial-of-service (DoS) condition by sending a specially crafted URL."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Improper check or handling of exceptional conditions",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-02-12T06:15:45",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.elecom.co.jp/news/security/20210126-01/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://jvn.jp/en/jp/JVN96783542/index.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2021-20642",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "LAN-W300N/RS",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "LAN-W300N/RS"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "LOGITEC CORPORATION"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Improper check or handling of exceptional conditions in LOGITEC LAN-W300N/RS allows a remote attacker to cause a denial-of-service (DoS) condition by sending a specially crafted URL."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Improper check or handling of exceptional conditions"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.elecom.co.jp/news/security/20210126-01/",
              "refsource": "MISC",
              "url": "https://www.elecom.co.jp/news/security/20210126-01/"
            },
            {
              "name": "https://jvn.jp/en/jp/JVN96783542/index.html",
              "refsource": "MISC",
              "url": "https://jvn.jp/en/jp/JVN96783542/index.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2021-20642",
    "datePublished": "2021-02-12T06:15:45",
    "dateReserved": "2020-12-17T00:00:00",
    "dateUpdated": "2024-08-03T17:45:45.349Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2021-20642\",\"sourceIdentifier\":\"vultures@jpcert.or.jp\",\"published\":\"2021-02-12T07:15:14.937\",\"lastModified\":\"2022-05-03T16:04:40.443\",\"vulnStatus\":\"Analyzed\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"Improper check or handling of exceptional conditions in LOGITEC LAN-W300N/RS allows a remote attacker to cause a denial-of-service (DoS) condition by sending a specially crafted URL.\"},{\"lang\":\"es\",\"value\":\"Una comprobaci\u00f3n inapropiada o el manejo de condiciones excepcionales en LOGITEC LAN-W300N/RS, permite a un atacante remoto causar una condici\u00f3n de denegaci\u00f3n de servicio (DoS) al enviar una URL especialmente dise\u00f1ada\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:N/A:P\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\",\"baseScore\":4.3},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:logitech:lan-w300n\\\\/rs_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"58C9E26A-BDBC-44AD-AC82-A75B6D01868A\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:logitech:lan-w300n\\\\/rs:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9D0B570C-E90F-4AE1-80F5-1083DB612F1D\"}]}]}],\"references\":[{\"url\":\"https://jvn.jp/en/jp/JVN96783542/index.html\",\"source\":\"vultures@jpcert.or.jp\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.elecom.co.jp/news/security/20210126-01/\",\"source\":\"vultures@jpcert.or.jp\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

ghsa-4wxc-gch7-6j67

Vulnerability from github

Published

2022-05-24 17:42

Modified

2022-05-24 17:42

Severity

6.5 (Medium) - CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Details

Improper check or handling of exceptional conditions in LOGITEC LAN-W300N/RS allows a remote attacker to cause a denial-of-service (DoS) condition by sending a specially crafted URL.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2021-20642"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-755"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-02-12T07:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Improper check or handling of exceptional conditions in LOGITEC LAN-W300N/RS allows a remote attacker to cause a denial-of-service (DoS) condition by sending a specially crafted URL.",
  "id": "GHSA-4wxc-gch7-6j67",
  "modified": "2022-05-24T17:42:04Z",
  "published": "2022-05-24T17:42:04Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20642"
    },
    {
      "type": "WEB",
      "url": "https://jvn.jp/en/jp/JVN96783542/index.html"
    },
    {
      "type": "WEB",
      "url": "https://www.elecom.co.jp/news/security/20210126-01"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Improper check or handling of exceptional conditions in LOGITEC LAN-W300N/RS allows a remote attacker to cause a denial-of-service (DoS) condition by sending a specially crafted URL. The following multiple vulnerabilities exist in multiple products provided by Logitec Co., Ltd. -Inappropriate restriction of excessive authentication attempts (CWE-307) - CVE-2021-20635 ・ Cross-site request forgery (CWE-352) - CVE-2021-20636, CVE-2021-20641 • Improper checking or handling for exceptional situations (CWE-703) - CVE-2021-20637, CVE-2021-20642 ・ OS Command injection (CWE-78) - CVE-2021-20638 ・ OS Command injection (CWE-78) - CVE-2021-20639 ・ Buffer overflow (CWE-119) - CVE-2021-20640 CVE-2021-20635 This vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Kanagawa Institute of Technology Minegishi Takaaki Mr. Okamoto Tsuyoshi Mr CVE-2021-20636, CVE-2021-20637, CVE-2021-20642 These vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : LAC Co., Ltd. Shuto Kono Mr CVE-2021-20638, CVE-2021-20639, CVE-2021-20640 These vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Mitsui Bussan Secure Direction Co., Ltd. Tsukamoto Taizo Mr CVE-2021-20641 This vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : LAC Co., Ltd. Shuto Kono Mr. Techmatrix Corporation Atsuo Sakurai MrThe expected impact depends on each vulnerability, but it may be affected as follows. ・ Wireless of the corresponding device LAN By a third party within reach PIN Is decrypted and the network provided by the device is accessed. - CVE-2021-20635 ・ Of the product Web The user logged in to the admin page has been crafted URL You can unintentionally change the settings of the product by accessing - CVE-2021-20636, CVE-2021-20641 ・ Of the product Web The user logged in to the admin page has been crafted URL Interfering with service operations by accessing (DoS) Be attacked - CVE-2021-20637, CVE-2021-20642 ・ Of the product Web Arbitrary by an attacker with access to the admin page OS Command is executed - CVE-2021-20638, CVE-2021-20639, CVE-2021-20640. A remote attacker could exploit this vulnerability to cause the device to crash

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202102-0483",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "lan-w300n\\/rs",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "logitech",
        "version": null
      },
      {
        "model": "lan-w300n/pgrb",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "logitec",
        "version": "(cve-2021-20638, cve-2021-20639, cve-2021-20640)"
      },
      {
        "model": "lan-w300n/pr5b",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "logitec",
        "version": "(cve-2021-20636, cve-2021-20637)"
      },
      {
        "model": "lan-w300n/rs",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "logitec",
        "version": "(cve-2021-20641, cve-2021-20642)"
      },
      {
        "model": "lan-wh450n/gr",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "logitec",
        "version": "(cve-2021-20635)"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-000010"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-20642"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:logitech:lan-w300n\\/rs_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:logitech:lan-w300n\\/rs:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-20642"
      }
    ]
  },
  "cve": "CVE-2021-20642",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Adjacent Network",
            "authentication": "Single",
            "author": "IPA",
            "availabilityImpact": "Partial",
            "baseScore": 5.2,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "JVNDB-2021-000010",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 2.4,
            "userInteractionRequired": null,
            "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": true,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Adjacent Network",
            "authentication": "None",
            "author": "IPA",
            "availabilityImpact": "None",
            "baseScore": 3.3,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "JVNDB-2021-000010",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Low",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "High",
            "accessVector": "Network",
            "authentication": "None",
            "author": "IPA",
            "availabilityImpact": "None",
            "baseScore": 4.0,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "JVNDB-2021-000010",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "High",
            "accessVector": "Network",
            "authentication": "None",
            "author": "IPA",
            "availabilityImpact": "Partial",
            "baseScore": 2.6,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "JVNDB-2021-000010",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Low",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "Low",
            "attackVector": "Adjacent Network",
            "author": "IPA",
            "availabilityImpact": "High",
            "baseScore": 6.8,
            "baseSeverity": "Medium",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "JVNDB-2021-000010",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "High",
            "scope": "Unchanged",
            "trust": 2.4,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 2.8,
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Adjacent Network",
            "author": "IPA",
            "availabilityImpact": "None",
            "baseScore": 4.3,
            "baseSeverity": "Medium",
            "confidentialityImpact": "Low",
            "exploitabilityScore": null,
            "id": "JVNDB-2021-000010",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "IPA",
            "availabilityImpact": "None",
            "baseScore": 4.3,
            "baseSeverity": "Medium",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "JVNDB-2021-000010",
            "impactScore": null,
            "integrityImpact": "Low",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "Required",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "IPA",
            "availabilityImpact": "Low",
            "baseScore": 4.3,
            "baseSeverity": "Medium",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "JVNDB-2021-000010",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "Required",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "IPA",
            "id": "JVNDB-2021-000010",
            "trust": 4.8,
            "value": "Medium"
          },
          {
            "author": "NVD",
            "id": "CVE-2021-20642",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202101-2377",
            "trust": 0.6,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-000010"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-000010"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-000010"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-000010"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-000010"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-000010"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-20642"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202101-2377"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Improper check or handling of exceptional conditions in LOGITEC LAN-W300N/RS allows a remote attacker to cause a denial-of-service (DoS) condition by sending a specially crafted URL. The following multiple vulnerabilities exist in multiple products provided by Logitec Co., Ltd. -Inappropriate restriction of excessive authentication attempts (CWE-307) - CVE-2021-20635 \u30fb Cross-site request forgery (CWE-352) - CVE-2021-20636, CVE-2021-20641 \u2022 Improper checking or handling for exceptional situations (CWE-703) - CVE-2021-20637, CVE-2021-20642 \u30fb OS Command injection (CWE-78) - CVE-2021-20638 \u30fb OS Command injection (CWE-78) - CVE-2021-20639 \u30fb Buffer overflow (CWE-119) - CVE-2021-20640 CVE-2021-20635 This vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Kanagawa Institute of Technology Minegishi Takaaki Mr. Okamoto Tsuyoshi Mr CVE-2021-20636, CVE-2021-20637, CVE-2021-20642 These vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : LAC Co., Ltd. Shuto Kono Mr CVE-2021-20638, CVE-2021-20639, CVE-2021-20640 These vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Mitsui Bussan Secure Direction Co., Ltd. Tsukamoto Taizo Mr CVE-2021-20641 This vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : LAC Co., Ltd. Shuto Kono Mr. Techmatrix Corporation Atsuo Sakurai MrThe expected impact depends on each vulnerability, but it may be affected as follows. \u30fb Wireless of the corresponding device LAN By a third party within reach PIN Is decrypted and the network provided by the device is accessed. - CVE-2021-20635 \u30fb Of the product Web The user logged in to the admin page has been crafted URL You can unintentionally change the settings of the product by accessing - CVE-2021-20636, CVE-2021-20641 \u30fb Of the product Web The user logged in to the admin page has been crafted URL Interfering with service operations by accessing (DoS) Be attacked - CVE-2021-20637, CVE-2021-20642 \u30fb Of the product Web Arbitrary by an attacker with access to the admin page OS Command is executed - CVE-2021-20638, CVE-2021-20639, CVE-2021-20640. A remote attacker could exploit this vulnerability to cause the device to crash",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-20642"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-000010"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-20642"
      }
    ],
    "trust": 1.71
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2021-20642",
        "trust": 2.5
      },
      {
        "db": "JVN",
        "id": "JVN96783542",
        "trust": 2.4
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-000010",
        "trust": 1.4
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202101-2377",
        "trust": 0.6
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-20642",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2021-20642"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-000010"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-20642"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202101-2377"
      }
    ]
  },
  "id": "VAR-202102-0483",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.47569445
  },
  "last_update_date": "2023-12-18T12:27:01.821000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "\u7121\u7ddaLAN\u30eb\u30fc\u30bf\u30fc\u306a\u3069\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u88fd\u54c1\u306e\u4e00\u90e8\u306b\u304a\u3051\u308b\u8106\u5f31\u6027\u306b\u95a2\u3057\u3066",
        "trust": 0.8,
        "url": "https://www.elecom.co.jp/news/security/20210126-01/"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-000010"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-Other",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-78",
        "trust": 0.8
      },
      {
        "problemtype": "CWE-Other",
        "trust": 0.8
      },
      {
        "problemtype": "CWE-352",
        "trust": 0.8
      },
      {
        "problemtype": "CWE-119",
        "trust": 0.8
      },
      {
        "problemtype": "CWE-287",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-000010"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-20642"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.6,
        "url": "https://jvn.jp/en/jp/jvn96783542/index.html"
      },
      {
        "trust": 1.6,
        "url": "https://www.elecom.co.jp/news/security/20210126-01/"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2021-20641"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2021-20642"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2021-20635"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2021-20636"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2021-20637"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2021-20638"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2021-20639"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2021-20640"
      },
      {
        "trust": 0.8,
        "url": "https://jvn.jp/jp/jvn96783542/index.html"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-20642"
      },
      {
        "trust": 0.6,
        "url": "https://jvndb.jvn.jp/en/contents/2021/jvndb-2021-000010.html"
      },
      {
        "trust": 0.1,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/195620"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2021-20642"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-000010"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-20642"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202101-2377"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULMON",
        "id": "CVE-2021-20642"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-000010"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-20642"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202101-2377"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-02-12T00:00:00",
        "db": "VULMON",
        "id": "CVE-2021-20642"
      },
      {
        "date": "2021-01-26T03:17:11",
        "db": "JVNDB",
        "id": "JVNDB-2021-000010"
      },
      {
        "date": "2021-02-12T07:15:14.937000",
        "db": "NVD",
        "id": "CVE-2021-20642"
      },
      {
        "date": "2021-01-26T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202101-2377"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-02-18T00:00:00",
        "db": "VULMON",
        "id": "CVE-2021-20642"
      },
      {
        "date": "2021-01-26T03:17:11",
        "db": "JVNDB",
        "id": "JVNDB-2021-000010"
      },
      {
        "date": "2022-05-03T16:04:40.443000",
        "db": "NVD",
        "id": "CVE-2021-20642"
      },
      {
        "date": "2022-05-05T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202101-2377"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202101-2377"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Multiple vulnerabilities in multiple Logitec products",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-000010"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "other",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202101-2377"
      }
    ],
    "trust": 0.6
  }
}

CVE-2021-20642

Vulnerability from jvndb

Published

2021-01-26 16:26

Modified

2021-01-26 16:26

Severity

6.8 (Medium) - cvssV3_0 - CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Summary

Multiple vulnerabilities in multiple LOGITEC products

Details

Multiple products provided by LOGITEC CORPORATION contain multiple vulnerabilities. *Improper restriction of excessive authentication attempts (CWE-307) - CVE-2021-20635 *Cross-site request forgery (CWE-352) - CVE-2021-20636, CVE-2021-20641 *Improper check or handling of exceptional conditions (CWE-703) - CVE-2021-20637, CVE-2021-20642 *OS command injection (CWE-78) - CVE-2021-20638 *OS command injection (CWE-78) - CVE-2021-20639 *Buffer overflow (CWE-119) - CVE-2021-20640 CVE-2021-20635 Takaaki Minegishi and Takeshi Okamoto of Kanagawa Institute of Technology reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. CVE-2021-20636, CVE-2021-20637, CVE-2021-20642 Shuto Imai of LAC Co., Ltd. reported these vulnerabilities to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. CVE-2021-20638, CVE-2021-20639, CVE-2021-20640 Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported these vulnerabilities to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

References

Type	URL
JVN	https://jvn.jp/en/jp/JVN96783542/index.html
CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20635
CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20636
CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20637
CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20638
CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20639
CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20640
CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20641
CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20642
NVD	https://nvd.nist.gov/vuln/detail/CVE-2021-20635
NVD	https://nvd.nist.gov/vuln/detail/CVE-2021-20636
NVD	https://nvd.nist.gov/vuln/detail/CVE-2021-20637
NVD	https://nvd.nist.gov/vuln/detail/CVE-2021-20638
NVD	https://nvd.nist.gov/vuln/detail/CVE-2021-20639
NVD	https://nvd.nist.gov/vuln/detail/CVE-2021-20640
NVD	https://nvd.nist.gov/vuln/detail/CVE-2021-20641
NVD	https://nvd.nist.gov/vuln/detail/CVE-2021-20642
Buffer Errors(CWE-119)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
Improper Authentication(CWE-287)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
Cross-Site Request Forgery(CWE-352)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
OS Command Injection(CWE-78)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
No Mapping(CWE-Other)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html

Impacted products

Vendor	Product
Logitec Corp.	LAN-W300N/PGRB
Logitec Corp.	LAN-W300N/PR5B
Logitec Corp.	LAN-W300N/RS firmware
Logitec Corp.	LAN-WH450N/GR

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-000010.html",
  "dc:date": "2021-01-26T16:26+09:00",
  "dcterms:issued": "2021-01-26T16:26+09:00",
  "dcterms:modified": "2021-01-26T16:26+09:00",
  "description": "Multiple products provided by LOGITEC CORPORATION contain multiple vulnerabilities.\r\n\r\n*Improper restriction of excessive authentication attempts (CWE-307) - CVE-2021-20635\r\n*Cross-site request forgery (CWE-352) - CVE-2021-20636, CVE-2021-20641\r\n*Improper check or handling of exceptional conditions (CWE-703) - CVE-2021-20637, CVE-2021-20642\r\n*OS command injection (CWE-78) - CVE-2021-20638\r\n*OS command injection (CWE-78) - CVE-2021-20639\r\n*Buffer overflow (CWE-119) - CVE-2021-20640\r\n\r\nCVE-2021-20635\r\nTakaaki Minegishi and Takeshi Okamoto of Kanagawa Institute of Technology reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nCVE-2021-20636, CVE-2021-20637, CVE-2021-20642\r\nShuto Imai of LAC Co., Ltd. reported these vulnerabilities to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nCVE-2021-20638, CVE-2021-20639, CVE-2021-20640\r\nTaizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported these vulnerabilities to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-000010.html",
  "sec:cpe": [
    {
      "#text": "cpe:/o:logitec:lan-w300n%2fpgrb_firmware",
      "@product": "LAN-W300N/PGRB",
      "@vendor": "Logitec Corp.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:logitec:lan-w300n%2fpr5b_firmware",
      "@product": "LAN-W300N/PR5B",
      "@vendor": "Logitec Corp.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:logitec:lan-w300n%2frs_firmware",
      "@product": "LAN-W300N/RS firmware",
      "@vendor": "Logitec Corp.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:logitec:lan-wh450n%2fgr_firmware",
      "@product": "LAN-WH450N/GR",
      "@vendor": "Logitec Corp.",
      "@version": "2.2"
    }
  ],
  "sec:cvss": [
    {
      "@score": "5.2",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
      "@version": "2.0"
    },
    {
      "@score": "6.8",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2021-000010",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/jp/JVN96783542/index.html",
      "@id": "JVN#96783542",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20635",
      "@id": "CVE-2021-20635",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20636",
      "@id": "CVE-2021-20636",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20637",
      "@id": "CVE-2021-20637",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20638",
      "@id": "CVE-2021-20638",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20639",
      "@id": "CVE-2021-20639",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20640",
      "@id": "CVE-2021-20640",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20641",
      "@id": "CVE-2021-20641",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20642",
      "@id": "CVE-2021-20642",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20635",
      "@id": "CVE-2021-20635",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20636",
      "@id": "CVE-2021-20636",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20637",
      "@id": "CVE-2021-20637",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20638",
      "@id": "CVE-2021-20638",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20639",
      "@id": "CVE-2021-20639",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20640",
      "@id": "CVE-2021-20640",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20641",
      "@id": "CVE-2021-20641",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20642",
      "@id": "CVE-2021-20642",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-119",
      "@title": "Buffer Errors(CWE-119)"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-287",
      "@title": "Improper Authentication(CWE-287)"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-352",
      "@title": "Cross-Site Request Forgery(CWE-352)"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-78",
      "@title": "OS Command Injection(CWE-78)"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-Other",
      "@title": "No Mapping(CWE-Other)"
    }
  ],
  "title": "Multiple vulnerabilities in multiple LOGITEC products"
}

gsd-2021-20642

Vulnerability from gsd

Modified

2023-12-13 01:23

Details

Improper check or handling of exceptional conditions in LOGITEC LAN-W300N/RS allows a remote attacker to cause a denial-of-service (DoS) condition by sending a specially crafted URL.

Aliases

CVE-2021-20642

Aliases

CVE-2021-20642

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2021-20642",
    "description": "Improper check or handling of exceptional conditions in LOGITEC LAN-W300N/RS allows a remote attacker to cause a denial-of-service (DoS) condition by sending a specially crafted URL.",
    "id": "GSD-2021-20642"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2021-20642"
      ],
      "details": "Improper check or handling of exceptional conditions in LOGITEC LAN-W300N/RS allows a remote attacker to cause a denial-of-service (DoS) condition by sending a specially crafted URL.",
      "id": "GSD-2021-20642",
      "modified": "2023-12-13T01:23:12.321482Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "vultures@jpcert.or.jp",
        "ID": "CVE-2021-20642",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "LAN-W300N/RS",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "LAN-W300N/RS"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "LOGITEC CORPORATION"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Improper check or handling of exceptional conditions in LOGITEC LAN-W300N/RS allows a remote attacker to cause a denial-of-service (DoS) condition by sending a specially crafted URL."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Improper check or handling of exceptional conditions"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.elecom.co.jp/news/security/20210126-01/",
            "refsource": "MISC",
            "url": "https://www.elecom.co.jp/news/security/20210126-01/"
          },
          {
            "name": "https://jvn.jp/en/jp/JVN96783542/index.html",
            "refsource": "MISC",
            "url": "https://jvn.jp/en/jp/JVN96783542/index.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:logitech:lan-w300n\\/rs_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:logitech:lan-w300n\\/rs:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2021-20642"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Improper check or handling of exceptional conditions in LOGITEC LAN-W300N/RS allows a remote attacker to cause a denial-of-service (DoS) condition by sending a specially crafted URL."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-755"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.elecom.co.jp/news/security/20210126-01/",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://www.elecom.co.jp/news/security/20210126-01/"
            },
            {
              "name": "https://jvn.jp/en/jp/JVN96783542/index.html",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://jvn.jp/en/jp/JVN96783542/index.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2022-02-10T19:47Z",
      "publishedDate": "2021-02-12T07:15Z"
    }
  }
}

Action not permitted

CVE-2021-20642

Vulnerability from cvelistv5

ghsa-4wxc-gch7-6j67

Vulnerability from github

var-202102-0483

Vulnerability from variot

CVE-2021-20642

Vulnerability from jvndb

gsd-2021-20642

Vulnerability from gsd

Tags