Lucene search

[email protected]CVE-2021-20844

HistoryNov 24, 2021 - 4:15 p.m.

CVE-2021-20844

2021-11-2416:15:13

CWE-116

[email protected]

web.nvd.nist.gov

cve-2021-20844

security vulnerability

http headers

scripting syntax

rtx830

nvr510

nvr700w

rtx1210

sensitive information

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:S/C:P/I:N/A:N

5.7 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

5.1 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

48.8%

JSON

Improper neutralization of HTTP request headers for scripting syntax vulnerability in the Web GUI of RTX830 Rev.15.02.17 and earlier, NVR510 Rev.15.01.18 and earlier, NVR700W Rev.15.00.19 and earlier, and RTX1210 Rev.14.01.38 and earlier allows a remote authenticated attacker to obtain sensitive information via a specially crafted web page.

Affected configurations

NVD

Node

yamahartx830_firmwareRange≤15.02.17

AND

yamahartx830Match-

Node

yamahanvr510_firmwareRange≤15.01.18

AND

yamahanvr510Match-

Node

yamahanvr700w_firmwareRange≤15.00.19

AND

yamahanvr700wMatch-

Node

yamahartx1210_firmwareRange≤14.01.38

AND

yamahartx1210Match-

Node

ntt-westbiz_box_rtx830_firmwareRange≤15.02.17

AND

ntt-westbiz_box_rtx830Match-

Node

ntt-westbiz_box_nvr510_firmwareRange<15.01.18

AND

ntt-westbiz_box_nvr510Match-

Node

ntt-westbiz_box_nvr700w_firmwareRange≤15.00.19

AND

ntt-westbiz_box_nvr700wMatch-

Node

ntt-westbiz_box_rtx1210_firmwareRange≤14.01.38

AND

ntt-westbiz_box_rtx1210Match-

CPENameOperatorVersion
yamaha:rtx830_firmwareyamaha rtx830 firmwarele15.02.17

CPE	Name	Operator	Version
yamaha:rtx830_firmware	yamaha rtx830 firmware	le	15.02.17

CNA Affected

[
  {
    "product": "RTX830, NVR510, NVR700W, RTX1210",
    "vendor": "Yamaha Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "RTX830 Rev.15.02.17 and earlier, NVR510 Rev.15.01.18 and earlier, NVR700W Rev.15.00.19 and earlier, RTX1210 Rev.14.01.38 and earlier"
      }
    ]
  }
]

References

www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVNVU91161784.html

business.ntt-east.co.jp/topics/2021/11_09.html

jvn.jp/en/vu/JVNVU91161784/index.html

www.ntt-west.co.jp/smb/kiki_info/info/211109.html

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:S/C:P/I:N/A:N

5.7 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

5.1 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

48.8%

JSON

Related for CVE-2021-20844

cvelist1 nvd1 prion1