cvelistv5 - cve-2021-20635

CVE-2021-20635 (GCVE-0-2021-20635)

Vulnerability from cvelistv5 – Published: 2021-02-12 06:15 – Updated: 2024-08-03 17:45

Summary

Improper restriction of excessive authentication attempts in LOGITEC LAN-WH450N/GR allows an attacker in the wireless range of the device to recover PIN and access the network.

Severity ?

No CVSS data available.

CWE

Improper restriction of excessive authentication attempts

Assigner

jpcert

References

URL

	Vendor	Product	Version
	LOGITEC CORPORATION	LAN-WH450N/GR	Affected: LAN-WH450N/GR

VAR-202102-0476

Vulnerability from variot - Updated: 2023-12-18 12:27

Improper restriction of excessive authentication attempts in LOGITEC LAN-WH450N/GR allows an attacker in the wireless range of the device to recover PIN and access the network. The following multiple vulnerabilities exist in multiple products provided by Logitec Co., Ltd. -Inappropriate restriction of excessive authentication attempts (CWE-307) - CVE-2021-20635 ・ Cross-site request forgery (CWE-352) - CVE-2021-20636, CVE-2021-20641 • Improper checking or handling for exceptional situations (CWE-703) - CVE-2021-20637, CVE-2021-20642 ・ OS Command injection (CWE-78) - CVE-2021-20638 ・ OS Command injection (CWE-78) - CVE-2021-20639 ・ Buffer overflow (CWE-119) - CVE-2021-20640 CVE-2021-20635 This vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Kanagawa Institute of Technology Minegishi Takaaki Mr. Okamoto Tsuyoshi Mr CVE-2021-20636, CVE-2021-20637, CVE-2021-20642 These vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : LAC Co., Ltd. Shuto Kono Mr CVE-2021-20638, CVE-2021-20639, CVE-2021-20640 These vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Mitsui Bussan Secure Direction Co., Ltd. Tsukamoto Taizo Mr CVE-2021-20641 This vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : LAC Co., Ltd. Shuto Kono Mr. Techmatrix Corporation Atsuo Sakurai MrThe expected impact depends on each vulnerability, but it may be affected as follows. ・ Wireless of the corresponding device LAN By a third party within reach PIN Is decrypted and the network provided by the device is accessed. - CVE-2021-20635 ・ Of the product Web The user logged in to the admin page has been crafted URL You can unintentionally change the settings of the product by accessing - CVE-2021-20636, CVE-2021-20641 ・ Of the product Web The user logged in to the admin page has been crafted URL Interfering with service operations by accessing (DoS) Be attacked - CVE-2021-20637, CVE-2021-20642 ・ Of the product Web Arbitrary by an attacker with access to the admin page OS Command is executed - CVE-2021-20638, CVE-2021-20639, CVE-2021-20640

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202102-0476",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "lan-wh450n\\/gr",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "logitech",
        "version": null
      },
      {
        "model": "lan-w300n/pgrb",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "logitec",
        "version": "(cve-2021-20638, cve-2021-20639, cve-2021-20640)"
      },
      {
        "model": "lan-w300n/pr5b",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "logitec",
        "version": "(cve-2021-20636, cve-2021-20637)"
      },
      {
        "model": "lan-w300n/rs",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "logitec",
        "version": "(cve-2021-20641, cve-2021-20642)"
      },
      {
        "model": "lan-wh450n/gr",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "logitec",
        "version": "(cve-2021-20635)"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-000010"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-20635"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:logitech:lan-wh450n\\/gr_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:logitech:lan-wh450n\\/gr:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-20635"
      }
    ]
  },
  "cve": "CVE-2021-20635",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Adjacent Network",
            "authentication": "Single",
            "author": "IPA",
            "availabilityImpact": "Partial",
            "baseScore": 5.2,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "JVNDB-2021-000010",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 2.4,
            "userInteractionRequired": null,
            "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 3.3,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 6.5,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "LOW",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Adjacent Network",
            "authentication": "None",
            "author": "IPA",
            "availabilityImpact": "None",
            "baseScore": 3.3,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "JVNDB-2021-000010",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Low",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "High",
            "accessVector": "Network",
            "authentication": "None",
            "author": "IPA",
            "availabilityImpact": "None",
            "baseScore": 4.0,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "JVNDB-2021-000010",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "High",
            "accessVector": "Network",
            "authentication": "None",
            "author": "IPA",
            "availabilityImpact": "Partial",
            "baseScore": 2.6,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "JVNDB-2021-000010",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Low",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "LOW",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "NONE",
            "author": "VULMON",
            "availabilityImpact": "NONE",
            "baseScore": 3.3,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 6.5,
            "id": "CVE-2021-20635",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "LOW",
            "trust": 0.1,
            "userInteractionRequired": null,
            "vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "Low",
            "attackVector": "Adjacent Network",
            "author": "IPA",
            "availabilityImpact": "High",
            "baseScore": 6.8,
            "baseSeverity": "Medium",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "JVNDB-2021-000010",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "High",
            "scope": "Unchanged",
            "trust": 2.4,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.8,
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Adjacent Network",
            "author": "IPA",
            "availabilityImpact": "None",
            "baseScore": 4.3,
            "baseSeverity": "Medium",
            "confidentialityImpact": "Low",
            "exploitabilityScore": null,
            "id": "JVNDB-2021-000010",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "IPA",
            "availabilityImpact": "None",
            "baseScore": 4.3,
            "baseSeverity": "Medium",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "JVNDB-2021-000010",
            "impactScore": null,
            "integrityImpact": "Low",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "Required",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "IPA",
            "availabilityImpact": "Low",
            "baseScore": 4.3,
            "baseSeverity": "Medium",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "JVNDB-2021-000010",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "Required",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "IPA",
            "id": "JVNDB-2021-000010",
            "trust": 4.8,
            "value": "Medium"
          },
          {
            "author": "NVD",
            "id": "CVE-2021-20635",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202101-2387",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2021-20635",
            "trust": 0.1,
            "value": "LOW"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2021-20635"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-000010"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-000010"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-000010"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-000010"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-000010"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-000010"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-20635"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202101-2387"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Improper restriction of excessive authentication attempts in LOGITEC LAN-WH450N/GR allows an attacker in the wireless range of the device to recover PIN and access the network. The following multiple vulnerabilities exist in multiple products provided by Logitec Co., Ltd. -Inappropriate restriction of excessive authentication attempts (CWE-307) - CVE-2021-20635 \u30fb Cross-site request forgery (CWE-352) - CVE-2021-20636, CVE-2021-20641 \u2022 Improper checking or handling for exceptional situations (CWE-703) - CVE-2021-20637, CVE-2021-20642 \u30fb OS Command injection (CWE-78) - CVE-2021-20638 \u30fb OS Command injection (CWE-78) - CVE-2021-20639 \u30fb Buffer overflow (CWE-119) - CVE-2021-20640 CVE-2021-20635 This vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Kanagawa Institute of Technology Minegishi Takaaki Mr. Okamoto Tsuyoshi Mr CVE-2021-20636, CVE-2021-20637, CVE-2021-20642 These vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : LAC Co., Ltd. Shuto Kono Mr CVE-2021-20638, CVE-2021-20639, CVE-2021-20640 These vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Mitsui Bussan Secure Direction Co., Ltd. Tsukamoto Taizo Mr CVE-2021-20641 This vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : LAC Co., Ltd. Shuto Kono Mr. Techmatrix Corporation Atsuo Sakurai MrThe expected impact depends on each vulnerability, but it may be affected as follows. \u30fb Wireless of the corresponding device LAN By a third party within reach PIN Is decrypted and the network provided by the device is accessed. - CVE-2021-20635 \u30fb Of the product Web The user logged in to the admin page has been crafted URL You can unintentionally change the settings of the product by accessing - CVE-2021-20636, CVE-2021-20641 \u30fb Of the product Web The user logged in to the admin page has been crafted URL Interfering with service operations by accessing (DoS) Be attacked - CVE-2021-20637, CVE-2021-20642 \u30fb Of the product Web Arbitrary by an attacker with access to the admin page OS Command is executed - CVE-2021-20638, CVE-2021-20639, CVE-2021-20640",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-20635"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-000010"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-20635"
      }
    ],
    "trust": 1.71
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "JVN",
        "id": "JVN96783542",
        "trust": 2.5
      },
      {
        "db": "NVD",
        "id": "CVE-2021-20635",
        "trust": 2.5
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-000010",
        "trust": 1.4
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202101-2387",
        "trust": 0.6
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-20635",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2021-20635"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-000010"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-20635"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202101-2387"
      }
    ]
  },
  "id": "VAR-202102-0476",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.47569445
  },
  "last_update_date": "2023-12-18T12:27:01.713000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "\u7121\u7ddaLAN\u30eb\u30fc\u30bf\u30fc\u306a\u3069\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u88fd\u54c1\u306e\u4e00\u90e8\u306b\u304a\u3051\u308b\u8106\u5f31\u6027\u306b\u95a2\u3057\u3066",
        "trust": 0.8,
        "url": "https://www.elecom.co.jp/news/security/20210126-01/"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-000010"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-307",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-78",
        "trust": 0.8
      },
      {
        "problemtype": "CWE-Other",
        "trust": 0.8
      },
      {
        "problemtype": "CWE-352",
        "trust": 0.8
      },
      {
        "problemtype": "CWE-119",
        "trust": 0.8
      },
      {
        "problemtype": "CWE-287",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-000010"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-20635"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "https://jvn.jp/en/jp/jvn96783542/index.html"
      },
      {
        "trust": 1.7,
        "url": "https://www.elecom.co.jp/news/security/20210126-01/"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2021-20641"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2021-20642"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2021-20635"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2021-20636"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2021-20637"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2021-20638"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2021-20639"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2021-20640"
      },
      {
        "trust": 0.8,
        "url": "https://jvn.jp/jp/jvn96783542/index.html"
      },
      {
        "trust": 0.6,
        "url": "https://jvndb.jvn.jp/en/contents/2021/jvndb-2021-000010.html"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-20635"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/307.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2021-20635"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-000010"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-20635"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202101-2387"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULMON",
        "id": "CVE-2021-20635"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-000010"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-20635"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202101-2387"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-02-12T00:00:00",
        "db": "VULMON",
        "id": "CVE-2021-20635"
      },
      {
        "date": "2021-01-26T03:17:11",
        "db": "JVNDB",
        "id": "JVNDB-2021-000010"
      },
      {
        "date": "2021-02-12T07:15:14.187000",
        "db": "NVD",
        "id": "CVE-2021-20635"
      },
      {
        "date": "2021-01-26T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202101-2387"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-02-18T00:00:00",
        "db": "VULMON",
        "id": "CVE-2021-20635"
      },
      {
        "date": "2021-01-26T03:17:11",
        "db": "JVNDB",
        "id": "JVNDB-2021-000010"
      },
      {
        "date": "2022-02-10T19:47:51.960000",
        "db": "NVD",
        "id": "CVE-2021-20635"
      },
      {
        "date": "2021-02-19T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202101-2387"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote or local",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202101-2387"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Multiple vulnerabilities in multiple Logitec products",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-000010"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "other",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202101-2387"
      }
    ],
    "trust": 0.6
  }
}

JVNDB-2021-000010

Vulnerability from jvndb - Published: 2021-01-26 16:26 - Updated:2021-01-26 16:26

Severity ?

6.8 (Medium) - cvssV3_0 - CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Summary

Multiple vulnerabilities in multiple LOGITEC products

Details

Multiple products provided by LOGITEC CORPORATION contain multiple vulnerabilities. *Improper restriction of excessive authentication attempts (CWE-307) - CVE-2021-20635 *Cross-site request forgery (CWE-352) - CVE-2021-20636, CVE-2021-20641 *Improper check or handling of exceptional conditions (CWE-703) - CVE-2021-20637, CVE-2021-20642 *OS command injection (CWE-78) - CVE-2021-20638 *OS command injection (CWE-78) - CVE-2021-20639 *Buffer overflow (CWE-119) - CVE-2021-20640 CVE-2021-20635 Takaaki Minegishi and Takeshi Okamoto of Kanagawa Institute of Technology reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. CVE-2021-20636, CVE-2021-20637, CVE-2021-20642 Shuto Imai of LAC Co., Ltd. reported these vulnerabilities to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. CVE-2021-20638, CVE-2021-20639, CVE-2021-20640 Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported these vulnerabilities to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

References

Type

URL

	JVN	https://jvn.jp/en/jp/JVN96783542/index.html
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20635
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20636
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20637
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20638
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20639
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20640
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20641
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20642
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2021-20635
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2021-20636
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2021-20637
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2021-20638
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2021-20639
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2021-20640
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2021-20641
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2021-20642
	Buffer Errors(CWE-119)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
	Improper Authentication(CWE-287)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
	Cross-Site Request Forgery(CWE-352)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
	OS Command Injection(CWE-78)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
	No Mapping(CWE-Other)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html

Impacted products

Vendor

Product

	Logitec Corp.	LAN-W300N/PGRB
	Logitec Corp.	LAN-W300N/PR5B
	Logitec Corp.	LAN-W300N/RS firmware
	Logitec Corp.	LAN-WH450N/GR

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-000010.html",
  "dc:date": "2021-01-26T16:26+09:00",
  "dcterms:issued": "2021-01-26T16:26+09:00",
  "dcterms:modified": "2021-01-26T16:26+09:00",
  "description": "Multiple products provided by LOGITEC CORPORATION contain multiple vulnerabilities.\r\n\r\n*Improper restriction of excessive authentication attempts (CWE-307) - CVE-2021-20635\r\n*Cross-site request forgery (CWE-352) - CVE-2021-20636, CVE-2021-20641\r\n*Improper check or handling of exceptional conditions (CWE-703) - CVE-2021-20637, CVE-2021-20642\r\n*OS command injection (CWE-78) - CVE-2021-20638\r\n*OS command injection (CWE-78) - CVE-2021-20639\r\n*Buffer overflow (CWE-119) - CVE-2021-20640\r\n\r\nCVE-2021-20635\r\nTakaaki Minegishi and Takeshi Okamoto of Kanagawa Institute of Technology reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nCVE-2021-20636, CVE-2021-20637, CVE-2021-20642\r\nShuto Imai of LAC Co., Ltd. reported these vulnerabilities to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nCVE-2021-20638, CVE-2021-20639, CVE-2021-20640\r\nTaizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported these vulnerabilities to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-000010.html",
  "sec:cpe": [
    {
      "#text": "cpe:/o:logitec:lan-w300n%2fpgrb_firmware",
      "@product": "LAN-W300N/PGRB",
      "@vendor": "Logitec Corp.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:logitec:lan-w300n%2fpr5b_firmware",
      "@product": "LAN-W300N/PR5B",
      "@vendor": "Logitec Corp.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:logitec:lan-w300n%2frs_firmware",
      "@product": "LAN-W300N/RS firmware",
      "@vendor": "Logitec Corp.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:logitec:lan-wh450n%2fgr_firmware",
      "@product": "LAN-WH450N/GR",
      "@vendor": "Logitec Corp.",
      "@version": "2.2"
    }
  ],
  "sec:cvss": [
    {
      "@score": "5.2",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
      "@version": "2.0"
    },
    {
      "@score": "6.8",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2021-000010",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/jp/JVN96783542/index.html",
      "@id": "JVN#96783542",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20635",
      "@id": "CVE-2021-20635",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20636",
      "@id": "CVE-2021-20636",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20637",
      "@id": "CVE-2021-20637",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20638",
      "@id": "CVE-2021-20638",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20639",
      "@id": "CVE-2021-20639",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20640",
      "@id": "CVE-2021-20640",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20641",
      "@id": "CVE-2021-20641",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20642",
      "@id": "CVE-2021-20642",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20635",
      "@id": "CVE-2021-20635",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20636",
      "@id": "CVE-2021-20636",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20637",
      "@id": "CVE-2021-20637",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20638",
      "@id": "CVE-2021-20638",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20639",
      "@id": "CVE-2021-20639",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20640",
      "@id": "CVE-2021-20640",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20641",
      "@id": "CVE-2021-20641",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20642",
      "@id": "CVE-2021-20642",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-119",
      "@title": "Buffer Errors(CWE-119)"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-287",
      "@title": "Improper Authentication(CWE-287)"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-352",
      "@title": "Cross-Site Request Forgery(CWE-352)"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-78",
      "@title": "OS Command Injection(CWE-78)"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-Other",
      "@title": "No Mapping(CWE-Other)"
    }
  ],
  "title": "Multiple vulnerabilities in multiple LOGITEC products"
}

FKIE_CVE-2021-20635

Vulnerability from fkie_nvd - Published: 2021-02-12 07:15 - Updated: 2024-11-21 05:46

Severity ?

6.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Summary

Improper restriction of excessive authentication attempts in LOGITEC LAN-WH450N/GR allows an attacker in the wireless range of the device to recover PIN and access the network.

References

URL	Tags
vultures@jpcert.or.jp	https://jvn.jp/en/jp/JVN96783542/index.html	Third Party Advisory
vultures@jpcert.or.jp	https://www.elecom.co.jp/news/security/20210126-01/	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://jvn.jp/en/jp/JVN96783542/index.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.elecom.co.jp/news/security/20210126-01/	Vendor Advisory

Impacted products

	Vendor	Product	Version
	logitech	lan-wh450n\/gr_firmware	-
	logitech	lan-wh450n\/gr	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:logitech:lan-wh450n\\/gr_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4FE2CE6A-6FEB-4A13-B91B-CD58764FD7EF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:logitech:lan-wh450n\\/gr:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F2D25A96-B85F-44DC-AE8E-6B5288DD6785",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Improper restriction of excessive authentication attempts in LOGITEC LAN-WH450N/GR allows an attacker in the wireless range of the device to recover PIN and access the network."
    },
    {
      "lang": "es",
      "value": "Una restricci\u00f3n inapropiada de intentos de autenticaci\u00f3n excesivos en LOGITEC LAN-WH450N/GR, permite a un atacante en el alcance inal\u00e1mbrico del dispositivo recuperar el PIN y acceder a la red"
    }
  ],
  "id": "CVE-2021-20635",
  "lastModified": "2024-11-21T05:46:55.080",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "ADJACENT_NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 3.3,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.5,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "ADJACENT_NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-02-12T07:15:14.187",
  "references": [
    {
      "source": "vultures@jpcert.or.jp",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://jvn.jp/en/jp/JVN96783542/index.html"
    },
    {
      "source": "vultures@jpcert.or.jp",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.elecom.co.jp/news/security/20210126-01/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://jvn.jp/en/jp/JVN96783542/index.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.elecom.co.jp/news/security/20210126-01/"
    }
  ],
  "sourceIdentifier": "vultures@jpcert.or.jp",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-307"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2021-20635

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Improper restriction of excessive authentication attempts in LOGITEC LAN-WH450N/GR allows an attacker in the wireless range of the device to recover PIN and access the network.

Aliases

CVE-2021-20635

Aliases

CVE-2021-20635

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2021-20635",
    "description": "Improper restriction of excessive authentication attempts in LOGITEC LAN-WH450N/GR allows an attacker in the wireless range of the device to recover PIN and access the network.",
    "id": "GSD-2021-20635"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2021-20635"
      ],
      "details": "Improper restriction of excessive authentication attempts in LOGITEC LAN-WH450N/GR allows an attacker in the wireless range of the device to recover PIN and access the network.",
      "id": "GSD-2021-20635",
      "modified": "2023-12-13T01:23:12.599463Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "vultures@jpcert.or.jp",
        "ID": "CVE-2021-20635",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "LAN-WH450N/GR",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "LAN-WH450N/GR"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "LOGITEC CORPORATION"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Improper restriction of excessive authentication attempts in LOGITEC LAN-WH450N/GR allows an attacker in the wireless range of the device to recover PIN and access the network."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Improper restriction of excessive authentication attempts"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.elecom.co.jp/news/security/20210126-01/",
            "refsource": "MISC",
            "url": "https://www.elecom.co.jp/news/security/20210126-01/"
          },
          {
            "name": "https://jvn.jp/en/jp/JVN96783542/index.html",
            "refsource": "MISC",
            "url": "https://jvn.jp/en/jp/JVN96783542/index.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:logitech:lan-wh450n\\/gr_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:logitech:lan-wh450n\\/gr:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2021-20635"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Improper restriction of excessive authentication attempts in LOGITEC LAN-WH450N/GR allows an attacker in the wireless range of the device to recover PIN and access the network."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-307"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.elecom.co.jp/news/security/20210126-01/",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://www.elecom.co.jp/news/security/20210126-01/"
            },
            {
              "name": "https://jvn.jp/en/jp/JVN96783542/index.html",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://jvn.jp/en/jp/JVN96783542/index.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 3.3,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 6.5,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "LOW",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2022-02-10T19:47Z",
      "publishedDate": "2021-02-12T07:15Z"
    }
  }
}

GHSA-3WC6-Q483-GP6R

Vulnerability from github – Published: 2022-05-24 17:42 – Updated: 2022-05-24 17:42

Details

Improper restriction of excessive authentication attempts in LOGITEC LAN-WH450N/GR allows an attacker in the wireless range of the device to recover PIN and access the network.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2021-20635"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-307"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-02-12T07:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Improper restriction of excessive authentication attempts in LOGITEC LAN-WH450N/GR allows an attacker in the wireless range of the device to recover PIN and access the network.",
  "id": "GHSA-3wc6-q483-gp6r",
  "modified": "2022-05-24T17:42:04Z",
  "published": "2022-05-24T17:42:04Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20635"
    },
    {
      "type": "WEB",
      "url": "https://jvn.jp/en/jp/JVN96783542/index.html"
    },
    {
      "type": "WEB",
      "url": "https://www.elecom.co.jp/news/security/20210126-01"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2021-20635 (GCVE-0-2021-20635)

VAR-202102-0476

JVNDB-2021-000010

FKIE_CVE-2021-20635

GSD-2021-20635

GHSA-3WC6-Q483-GP6R

Tags

Sightings

Nomenclature