Vulnerability-Lookup

CVE-2021-20659 (GCVE-0-2021-20659)

Vulnerability from cvelistv5 – Published: 2021-02-24 03:51 – Updated: 2024-08-03 17:45

Summary

SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an authenticated attacker to upload arbitrary files via unspecified vectors. If the file is PHP script, an attacker may execute arbitrary code.

Severity

No CVSS data available.

CWE

Unrestricted upload of file with dangerous type

Assigner

jpcert

References

3 references

URL	Tags
https://www.contec.com/jp/api/downloadlogger?down…	x_refsource_MISC
https://www.contec.com/jp/download/contract/contr…	x_refsource_MISC
https://jvn.jp/en/jp/JVN37417423/index.html	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
Contec Co., Ltd.	SolarView Compact	Affected: SV-CPT-MC310 prior to Ver.6.5

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T17:45:45.371Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.contec.com/jp/api/downloadlogger?download=https://www.contec.com/jp/-/media/contec/jp/support/security-info/contec_security_solarview_210216.pdf"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.contec.com/jp/download/contract/contract2/?itemid=b28c8b7c-9f40-40b2-843c-b5b04c035b0e\u0026downloaditemid=fa248fba-8901-4d9e-8212-b139f2defbdf"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://jvn.jp/en/jp/JVN37417423/index.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "SolarView Compact",
          "vendor": "Contec Co., Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "SV-CPT-MC310 prior to Ver.6.5"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an authenticated attacker to upload arbitrary files via unspecified vectors. If the file is PHP script, an attacker may execute arbitrary code."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Unrestricted upload of file with dangerous type",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-02-24T03:51:46.000Z",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.contec.com/jp/api/downloadlogger?download=https://www.contec.com/jp/-/media/contec/jp/support/security-info/contec_security_solarview_210216.pdf"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.contec.com/jp/download/contract/contract2/?itemid=b28c8b7c-9f40-40b2-843c-b5b04c035b0e\u0026downloaditemid=fa248fba-8901-4d9e-8212-b139f2defbdf"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://jvn.jp/en/jp/JVN37417423/index.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2021-20659",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "SolarView Compact",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "SV-CPT-MC310 prior to Ver.6.5"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Contec Co., Ltd."
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an authenticated attacker to upload arbitrary files via unspecified vectors. If the file is PHP script, an attacker may execute arbitrary code."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Unrestricted upload of file with dangerous type"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.contec.com/jp/api/downloadlogger?download=https://www.contec.com/jp/-/media/contec/jp/support/security-info/contec_security_solarview_210216.pdf",
              "refsource": "MISC",
              "url": "https://www.contec.com/jp/api/downloadlogger?download=https://www.contec.com/jp/-/media/contec/jp/support/security-info/contec_security_solarview_210216.pdf"
            },
            {
              "name": "https://www.contec.com/jp/download/contract/contract2/?itemid=b28c8b7c-9f40-40b2-843c-b5b04c035b0e\u0026downloaditemid=fa248fba-8901-4d9e-8212-b139f2defbdf",
              "refsource": "MISC",
              "url": "https://www.contec.com/jp/download/contract/contract2/?itemid=b28c8b7c-9f40-40b2-843c-b5b04c035b0e\u0026downloaditemid=fa248fba-8901-4d9e-8212-b139f2defbdf"
            },
            {
              "name": "https://jvn.jp/en/jp/JVN37417423/index.html",
              "refsource": "MISC",
              "url": "https://jvn.jp/en/jp/JVN37417423/index.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2021-20659",
    "datePublished": "2021-02-24T03:51:46.000Z",
    "dateReserved": "2020-12-17T00:00:00.000Z",
    "dateUpdated": "2024-08-03T17:45:45.371Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2021-20659",
      "date": "2026-05-31",
      "epss": "0.01566",
      "percentile": "0.81818"
    },
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:contec:sv-cpt-mc310_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"6.5\", \"matchCriteriaId\": \"F8EF2969-D593-4759-849A-FA0C3B0C7524\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:contec:sv-cpt-mc310:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F9FCCA5E-19F8-47D9-A6C6-77AF2AEFD51A\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an authenticated attacker to upload arbitrary files via unspecified vectors. If the file is PHP script, an attacker may execute arbitrary code.\"}, {\"lang\": \"es\", \"value\": \"SolarView Compact SV-CPT-MC310 versiones anteriores a Ver.6.5, permite a un atacante autenticado cargar archivos arbitrarios por medio de vectores no especificados.\u0026#xa0;Si el archivo es un script PHP, un atacante puede ejecutar c\\u00f3digo arbitrario\"}]",
      "id": "CVE-2021-20659",
      "lastModified": "2024-11-21T05:46:57.680",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 8.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:S/C:P/I:P/A:P\", \"baseScore\": 6.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.0, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2021-02-24T12:15:22.923",
      "references": "[{\"url\": \"https://jvn.jp/en/jp/JVN37417423/index.html\", \"source\": \"vultures@jpcert.or.jp\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.contec.com/jp/api/downloadlogger?download=https://www.contec.com/jp/-/media/contec/jp/support/security-info/contec_security_solarview_210216.pdf\", \"source\": \"vultures@jpcert.or.jp\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.contec.com/jp/download/contract/contract2/?itemid=b28c8b7c-9f40-40b2-843c-b5b04c035b0e\u0026downloaditemid=fa248fba-8901-4d9e-8212-b139f2defbdf\", \"source\": \"vultures@jpcert.or.jp\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://jvn.jp/en/jp/JVN37417423/index.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.contec.com/jp/api/downloadlogger?download=https://www.contec.com/jp/-/media/contec/jp/support/security-info/contec_security_solarview_210216.pdf\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.contec.com/jp/download/contract/contract2/?itemid=b28c8b7c-9f40-40b2-843c-b5b04c035b0e\u0026downloaditemid=fa248fba-8901-4d9e-8212-b139f2defbdf\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "vultures@jpcert.or.jp",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-434\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2021-20659\",\"sourceIdentifier\":\"vultures@jpcert.or.jp\",\"published\":\"2021-02-24T12:15:22.923\",\"lastModified\":\"2024-11-21T05:46:57.680\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an authenticated attacker to upload arbitrary files via unspecified vectors. If the file is PHP script, an attacker may execute arbitrary code.\"},{\"lang\":\"es\",\"value\":\"SolarView Compact SV-CPT-MC310 versiones anteriores a Ver.6.5, permite a un atacante autenticado cargar archivos arbitrarios por medio de vectores no especificados.\u0026#xa0;Si el archivo es un script PHP, un atacante puede ejecutar c\u00f3digo arbitrario\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:P/I:P/A:P\",\"baseScore\":6.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-434\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:contec:sv-cpt-mc310_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"6.5\",\"matchCriteriaId\":\"F8EF2969-D593-4759-849A-FA0C3B0C7524\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:contec:sv-cpt-mc310:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F9FCCA5E-19F8-47D9-A6C6-77AF2AEFD51A\"}]}]}],\"references\":[{\"url\":\"https://jvn.jp/en/jp/JVN37417423/index.html\",\"source\":\"vultures@jpcert.or.jp\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.contec.com/jp/api/downloadlogger?download=https://www.contec.com/jp/-/media/contec/jp/support/security-info/contec_security_solarview_210216.pdf\",\"source\":\"vultures@jpcert.or.jp\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.contec.com/jp/download/contract/contract2/?itemid=b28c8b7c-9f40-40b2-843c-b5b04c035b0e\u0026downloaditemid=fa248fba-8901-4d9e-8212-b139f2defbdf\",\"source\":\"vultures@jpcert.or.jp\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://jvn.jp/en/jp/JVN37417423/index.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.contec.com/jp/api/downloadlogger?download=https://www.contec.com/jp/-/media/contec/jp/support/security-info/contec_security_solarview_210216.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.contec.com/jp/download/contract/contract2/?itemid=b28c8b7c-9f40-40b2-843c-b5b04c035b0e\u0026downloaditemid=fa248fba-8901-4d9e-8212-b139f2defbdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

CNVD-2021-56809

Vulnerability from cnvd - Published: 2021-07-30

Title

Kangtaike SolarView Compact SV-CPT-MC310任意文件上传漏洞

Description

Kangtaike SolarView Compact是日本Kangtaike公司的一个应用系统。提供光伏发电测量系统。 Kangtaike SolarView Compact SV-CPT-MC310存在任意文件上传漏洞，攻击者可利用该漏洞通过未指定的载体上传任意文件。

Severity

中

Patch Name

Kangtaike SolarView Compact SV-CPT-MC310任意文件上传漏洞的补丁

Patch Description

Kangtaike SolarView Compact是日本Kangtaike公司的一个应用系统。提供光伏发电测量系统。 Kangtaike SolarView Compact SV-CPT-MC310存在任意文件上传漏洞，攻击者可利用该漏洞通过未指定的载体上传任意文件。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://www.contec.com/jp/download/contract/contract2/?itemid=b28c8b7c-9f40-40b2-843c-b5b04c035b0e&downloaditemid=fa248fba-8901-4d9e-8212-b139f2defbdf

Reference

https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-000016.html

Impacted products

Name
Kangtaike SolarView Compact SV-CPT-MC310 <6.5

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2021-20659",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2021-20659"
    }
  },
  "description": "Kangtaike SolarView Compact\u662f\u65e5\u672cKangtaike\u516c\u53f8\u7684\u4e00\u4e2a\u5e94\u7528\u7cfb\u7edf\u3002\u63d0\u4f9b\u5149\u4f0f\u53d1\u7535\u6d4b\u91cf\u7cfb\u7edf\u3002\n\nKangtaike SolarView Compact SV-CPT-MC310\u5b58\u5728\u4efb\u610f\u6587\u4ef6\u4e0a\u4f20\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u901a\u8fc7\u672a\u6307\u5b9a\u7684\u8f7d\u4f53\u4e0a\u4f20\u4efb\u610f\u6587\u4ef6\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://www.contec.com/jp/download/contract/contract2/?itemid=b28c8b7c-9f40-40b2-843c-b5b04c035b0e\u0026downloaditemid=fa248fba-8901-4d9e-8212-b139f2defbdf",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2021-56809",
  "openTime": "2021-07-30",
  "patchDescription": "Kangtaike SolarView Compact\u662f\u65e5\u672cKangtaike\u516c\u53f8\u7684\u4e00\u4e2a\u5e94\u7528\u7cfb\u7edf\u3002\u63d0\u4f9b\u5149\u4f0f\u53d1\u7535\u6d4b\u91cf\u7cfb\u7edf\u3002\r\n\r\nKangtaike SolarView Compact SV-CPT-MC310\u5b58\u5728\u4efb\u610f\u6587\u4ef6\u4e0a\u4f20\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u901a\u8fc7\u672a\u6307\u5b9a\u7684\u8f7d\u4f53\u4e0a\u4f20\u4efb\u610f\u6587\u4ef6\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Kangtaike SolarView Compact SV-CPT-MC310\u4efb\u610f\u6587\u4ef6\u4e0a\u4f20\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Kangtaike SolarView Compact SV-CPT-MC310 \u003c6.5"
  },
  "referenceLink": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-000016.html",
  "serverity": "\u4e2d",
  "submitTime": "2021-02-21",
  "title": "Kangtaike SolarView Compact SV-CPT-MC310\u4efb\u610f\u6587\u4ef6\u4e0a\u4f20\u6f0f\u6d1e"
}

FKIE_CVE-2021-20659

Vulnerability from fkie_nvd - Published: 2021-02-24 12:15 - Updated: 2024-11-21 05:46

Severity

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an authenticated attacker to upload arbitrary files via unspecified vectors. If the file is PHP script, an attacker may execute arbitrary code.

References

URL	Tags
vultures@jpcert.or.jp	https://jvn.jp/en/jp/JVN37417423/index.html	Third Party Advisory
vultures@jpcert.or.jp	https://www.contec.com/jp/api/downloadlogger?download=https://www.contec.com/jp/-/media/contec/jp/support/security-info/contec_security_solarview_210216.pdf	Vendor Advisory
vultures@jpcert.or.jp	https://www.contec.com/jp/download/contract/contract2/?itemid=b28c8b7c-9f40-40b2-843c-b5b04c035b0e&downloaditemid=fa248fba-8901-4d9e-8212-b139f2defbdf	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://jvn.jp/en/jp/JVN37417423/index.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.contec.com/jp/api/downloadlogger?download=https://www.contec.com/jp/-/media/contec/jp/support/security-info/contec_security_solarview_210216.pdf	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.contec.com/jp/download/contract/contract2/?itemid=b28c8b7c-9f40-40b2-843c-b5b04c035b0e&downloaditemid=fa248fba-8901-4d9e-8212-b139f2defbdf	Vendor Advisory

Impacted products

	Vendor	Product	Version
	contec	sv-cpt-mc310_firmware	*
	contec	sv-cpt-mc310	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:contec:sv-cpt-mc310_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F8EF2969-D593-4759-849A-FA0C3B0C7524",
              "versionEndExcluding": "6.5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:contec:sv-cpt-mc310:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F9FCCA5E-19F8-47D9-A6C6-77AF2AEFD51A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an authenticated attacker to upload arbitrary files via unspecified vectors. If the file is PHP script, an attacker may execute arbitrary code."
    },
    {
      "lang": "es",
      "value": "SolarView Compact SV-CPT-MC310 versiones anteriores a Ver.6.5, permite a un atacante autenticado cargar archivos arbitrarios por medio de vectores no especificados.\u0026#xa0;Si el archivo es un script PHP, un atacante puede ejecutar c\u00f3digo arbitrario"
    }
  ],
  "id": "CVE-2021-20659",
  "lastModified": "2024-11-21T05:46:57.680",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-02-24T12:15:22.923",
  "references": [
    {
      "source": "vultures@jpcert.or.jp",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://jvn.jp/en/jp/JVN37417423/index.html"
    },
    {
      "source": "vultures@jpcert.or.jp",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.contec.com/jp/api/downloadlogger?download=https://www.contec.com/jp/-/media/contec/jp/support/security-info/contec_security_solarview_210216.pdf"
    },
    {
      "source": "vultures@jpcert.or.jp",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.contec.com/jp/download/contract/contract2/?itemid=b28c8b7c-9f40-40b2-843c-b5b04c035b0e\u0026downloaditemid=fa248fba-8901-4d9e-8212-b139f2defbdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://jvn.jp/en/jp/JVN37417423/index.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.contec.com/jp/api/downloadlogger?download=https://www.contec.com/jp/-/media/contec/jp/support/security-info/contec_security_solarview_210216.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.contec.com/jp/download/contract/contract2/?itemid=b28c8b7c-9f40-40b2-843c-b5b04c035b0e\u0026downloaditemid=fa248fba-8901-4d9e-8212-b139f2defbdf"
    }
  ],
  "sourceIdentifier": "vultures@jpcert.or.jp",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-434"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-GX3M-2WCQ-P82X

Vulnerability from github – Published: 2022-05-24 17:43 – Updated: 2022-05-24 17:43

Details

SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an authenticated attacker to upload arbitrary files via unspecified vectors. If the file is PHP script, an attacker may execute arbitrary code.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2021-20659"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-434"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-02-24T12:15:00Z",
    "severity": "HIGH"
  },
  "details": "SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an authenticated attacker to upload arbitrary files via unspecified vectors. If the file is PHP script, an attacker may execute arbitrary code.",
  "id": "GHSA-gx3m-2wcq-p82x",
  "modified": "2022-05-24T17:43:00Z",
  "published": "2022-05-24T17:43:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20659"
    },
    {
      "type": "WEB",
      "url": "https://jvn.jp/en/jp/JVN37417423/index.html"
    },
    {
      "type": "WEB",
      "url": "https://www.contec.com/jp/api/downloadlogger?download=https://www.contec.com/jp/-/media/contec/jp/support/security-info/contec_security_solarview_210216.pdf"
    },
    {
      "type": "WEB",
      "url": "https://www.contec.com/jp/download/contract/contract2/?itemid=b28c8b7c-9f40-40b2-843c-b5b04c035b0e\u0026downloaditemid=fa248fba-8901-4d9e-8212-b139f2defbdf"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GSD-2021-20659

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an authenticated attacker to upload arbitrary files via unspecified vectors. If the file is PHP script, an attacker may execute arbitrary code.

Aliases

CVE-2021-20659

Aliases

CVE-2021-20659

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2021-20659",
    "description": "SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an authenticated attacker to upload arbitrary files via unspecified vectors. If the file is PHP script, an attacker may execute arbitrary code.",
    "id": "GSD-2021-20659"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2021-20659"
      ],
      "details": "SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an authenticated attacker to upload arbitrary files via unspecified vectors. If the file is PHP script, an attacker may execute arbitrary code.",
      "id": "GSD-2021-20659",
      "modified": "2023-12-13T01:23:12.552686Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "vultures@jpcert.or.jp",
        "ID": "CVE-2021-20659",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "SolarView Compact",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "SV-CPT-MC310 prior to Ver.6.5"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Contec Co., Ltd."
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an authenticated attacker to upload arbitrary files via unspecified vectors. If the file is PHP script, an attacker may execute arbitrary code."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Unrestricted upload of file with dangerous type"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.contec.com/jp/api/downloadlogger?download=https://www.contec.com/jp/-/media/contec/jp/support/security-info/contec_security_solarview_210216.pdf",
            "refsource": "MISC",
            "url": "https://www.contec.com/jp/api/downloadlogger?download=https://www.contec.com/jp/-/media/contec/jp/support/security-info/contec_security_solarview_210216.pdf"
          },
          {
            "name": "https://www.contec.com/jp/download/contract/contract2/?itemid=b28c8b7c-9f40-40b2-843c-b5b04c035b0e\u0026downloaditemid=fa248fba-8901-4d9e-8212-b139f2defbdf",
            "refsource": "MISC",
            "url": "https://www.contec.com/jp/download/contract/contract2/?itemid=b28c8b7c-9f40-40b2-843c-b5b04c035b0e\u0026downloaditemid=fa248fba-8901-4d9e-8212-b139f2defbdf"
          },
          {
            "name": "https://jvn.jp/en/jp/JVN37417423/index.html",
            "refsource": "MISC",
            "url": "https://jvn.jp/en/jp/JVN37417423/index.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:contec:sv-cpt-mc310_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "6.5",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:contec:sv-cpt-mc310:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2021-20659"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an authenticated attacker to upload arbitrary files via unspecified vectors. If the file is PHP script, an attacker may execute arbitrary code."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-434"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.contec.com/jp/api/downloadlogger?download=https://www.contec.com/jp/-/media/contec/jp/support/security-info/contec_security_solarview_210216.pdf",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://www.contec.com/jp/api/downloadlogger?download=https://www.contec.com/jp/-/media/contec/jp/support/security-info/contec_security_solarview_210216.pdf"
            },
            {
              "name": "https://www.contec.com/jp/download/contract/contract2/?itemid=b28c8b7c-9f40-40b2-843c-b5b04c035b0e\u0026downloaditemid=fa248fba-8901-4d9e-8212-b139f2defbdf",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://www.contec.com/jp/download/contract/contract2/?itemid=b28c8b7c-9f40-40b2-843c-b5b04c035b0e\u0026downloaditemid=fa248fba-8901-4d9e-8212-b139f2defbdf"
            },
            {
              "name": "https://jvn.jp/en/jp/JVN37417423/index.html",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://jvn.jp/en/jp/JVN37417423/index.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2021-03-01T16:09Z",
      "publishedDate": "2021-02-24T12:15Z"
    }
  }
}

JVNDB-2021-000016

Vulnerability from jvndb - Published: 2021-02-19 16:44 - Updated:2021-02-25 15:31

Severity

6.3 (Medium) - cvssV3_0 - CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Summary

Multiple vulnerabilities in SolarView Compact

Details

SolarView Compact provided by Contec Co., Ltd. contains multiple vulnerabilities listed below. *Exposure of information through directory listing (CWE-548) - CVE-2021-20656 *Improper access control (CWE-284) - CVE-2021-20657 *OS command injection (CWE-78) - CVE-2021-20658 *Unrestricted upload of file with dangerous type (CWE-434) - CVE-2021-20659 *Cross-site scripting (CWE-79) - CVE-2021-20660 *Directory traversal (CWE-23) - CVE-2021-20661 *Missing authentication for critical function (CWE-306) - CVE-2021-20662 *Using components with known vulnerabilities (CWE-1035) - CVE-2011-0762, CVE-2011-4362, CVE-2013-4508, CVE-2013-4559, CVE-2013-4560, CVE-2014-2323, CVE-2014-2324 The product uses previous versions of vsfpd and lighttpd with known vulnerabilities. CVE-2021-20656 Kouichirou Okada, Katsunari Yoshioka of Yokohama National University reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. CVE-2021-20657, CVE-2021-20658 Takayuki Sasak, Katsunari Yoshioka of Yokohama National University reported these vulnerabilities to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. CVE-2021-20659, CVE-2021-20660, CVE-2021-20661, CVE-2021-20662 Kouichirou Okada, Takayuki Sasaki, Katsunari Yoshioka of Yokohama National University reported these vulnerabilities to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Kouichirou Okada, Katsunari Yoshioka of Yokohama National University reported to IPA that CVE-2011-0762, CVE-2011-4362, CVE-2013-4508, CVE-2013-4559, CVE-2013-4560, CVE-2014-2323 and CVE-2014-2324 vulnerabilities still exist in the product. JPCERT/CC coordinated with the developer.

References

Type

URL

	JVN	https://jvn.jp/en/jp/JVN37417423/index.html
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0762
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4362
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4508
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4559
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4560
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2323
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2324
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20656
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20657
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20658
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20659
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20660
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20661
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20662
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2011-0762
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2011-4362
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2013-4508
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2013-4559
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2013-4560
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2014-2323
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2014-2324
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2021-20656
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2021-20657
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2021-20658
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2021-20659
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2021-20660
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2021-20661
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2021-20662
	Information Exposure(CWE-200)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
	Path Traversal(CWE-22)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
	Permissions(CWE-264)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
	OS Command Injection(CWE-78)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
	Cross-site Scripting(CWE-79)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
	No Mapping(CWE-Other)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html

Impacted products

Vendor

Product

Contec

SolarView Compact SV-CPT-MC310

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-000016.html",
  "dc:date": "2021-02-25T15:31+09:00",
  "dcterms:issued": "2021-02-19T16:44+09:00",
  "dcterms:modified": "2021-02-25T15:31+09:00",
  "description": "SolarView Compact provided by Contec Co., Ltd. contains multiple vulnerabilities listed below.\r\n\r\n*Exposure of information through directory listing (CWE-548) - CVE-2021-20656\r\n*Improper access control (CWE-284) - CVE-2021-20657\r\n*OS command injection (CWE-78) - CVE-2021-20658\r\n*Unrestricted upload of file with dangerous type (CWE-434) - CVE-2021-20659\r\n*Cross-site scripting (CWE-79) - CVE-2021-20660\r\n*Directory traversal (CWE-23) - CVE-2021-20661\r\n*Missing authentication for critical function (CWE-306) - CVE-2021-20662\r\n*Using components with known vulnerabilities (CWE-1035) - CVE-2011-0762, CVE-2011-4362, CVE-2013-4508, CVE-2013-4559, CVE-2013-4560, CVE-2014-2323, CVE-2014-2324\r\nThe product uses previous versions of vsfpd and lighttpd with known vulnerabilities.\r\n\r\nCVE-2021-20656\r\nKouichirou Okada, Katsunari Yoshioka of Yokohama National University reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nCVE-2021-20657, CVE-2021-20658\r\nTakayuki Sasak, Katsunari Yoshioka of Yokohama National University reported these vulnerabilities to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nCVE-2021-20659, CVE-2021-20660, CVE-2021-20661, CVE-2021-20662\r\nKouichirou Okada, Takayuki Sasaki, Katsunari Yoshioka of Yokohama National University reported these vulnerabilities to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nKouichirou Okada, Katsunari Yoshioka of Yokohama National University reported to IPA that CVE-2011-0762, CVE-2011-4362, CVE-2013-4508, CVE-2013-4559, CVE-2013-4560, CVE-2014-2323 and CVE-2014-2324 vulnerabilities still exist in the product. JPCERT/CC coordinated with the developer.",
  "link": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-000016.html",
  "sec:cpe": {
    "#text": "cpe:/o:contec:sv-cpt-mc310_firmware",
    "@product": "SolarView Compact SV-CPT-MC310",
    "@vendor": "Contec",
    "@version": "2.2"
  },
  "sec:cvss": [
    {
      "@score": "5.8",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
      "@version": "2.0"
    },
    {
      "@score": "6.3",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2021-000016",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/jp/JVN37417423/index.html",
      "@id": "JVN#37417423",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0762",
      "@id": "CVE-2011-0762",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4362",
      "@id": "CVE-2011-4362",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4508",
      "@id": "CVE-2013-4508",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4559",
      "@id": "CVE-2013-4559",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4560",
      "@id": "CVE-2013-4560",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2323",
      "@id": "CVE-2014-2323",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2324",
      "@id": "CVE-2014-2324",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20656",
      "@id": "CVE-2021-20656",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20657",
      "@id": "CVE-2021-20657",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20658",
      "@id": "CVE-2021-20658",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20659",
      "@id": "CVE-2021-20659",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20660",
      "@id": "CVE-2021-20660",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20661",
      "@id": "CVE-2021-20661",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20662",
      "@id": "CVE-2021-20662",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2011-0762",
      "@id": "CVE-2011-0762",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2011-4362",
      "@id": "CVE-2011-4362",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2013-4508",
      "@id": "CVE-2013-4508",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2013-4559",
      "@id": "CVE-2013-4559",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2013-4560",
      "@id": "CVE-2013-4560",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2014-2323",
      "@id": "CVE-2014-2323",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2014-2324",
      "@id": "CVE-2014-2324",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20656",
      "@id": "CVE-2021-20656",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20657",
      "@id": "CVE-2021-20657",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20658",
      "@id": "CVE-2021-20658",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20659",
      "@id": "CVE-2021-20659",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20660",
      "@id": "CVE-2021-20660",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20661",
      "@id": "CVE-2021-20661",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20662",
      "@id": "CVE-2021-20662",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-200",
      "@title": "Information Exposure(CWE-200)"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-22",
      "@title": "Path Traversal(CWE-22)"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-264",
      "@title": "Permissions(CWE-264)"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-78",
      "@title": "OS Command Injection(CWE-78)"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-79",
      "@title": "Cross-site Scripting(CWE-79)"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-Other",
      "@title": "No Mapping(CWE-Other)"
    }
  ],
  "title": "Multiple vulnerabilities in SolarView Compact"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2021-20659 (GCVE-0-2021-20659)

CNVD-2021-56809

FKIE_CVE-2021-20659

GHSA-GX3M-2WCQ-P82X

GSD-2021-20659

JVNDB-2021-000016

Tags

Sightings

Nomenclature