Missing authentication for critical function in SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an attacker to alter the setting information without the access privileges via unspecified vectors.
References
Configurations
Configuration 1 (hide)
AND |
|
History
01 Mar 2021, 15:50
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:contec:sv-cpt-mc310_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:contec:sv-cpt-mc310:-:*:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : 5.0
v3 : 7.5 |
References | (MISC) https://www.contec.com/jp/download/contract/contract2/?itemid=b28c8b7c-9f40-40b2-843c-b5b04c035b0e&downloaditemid=fa248fba-8901-4d9e-8212-b139f2defbdf - Vendor Advisory | |
References | (MISC) https://www.contec.com/jp/api/downloadlogger?download=https://www.contec.com/jp/-/media/contec/jp/support/security-info/contec_security_solarview_210216.pdf - Vendor Advisory | |
References | (MISC) https://jvn.jp/en/jp/JVN37417423/index.html - Third Party Advisory | |
CWE | CWE-306 |
24 Feb 2021, 12:27
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-02-24 12:15
Updated : 2023-12-10 13:41
NVD link : CVE-2021-20662
Mitre link : CVE-2021-20662
CVE.ORG link : CVE-2021-20662
JSON object : View
Products Affected
contec
- sv-cpt-mc310_firmware
- sv-cpt-mc310
CWE
CWE-306
Missing Authentication for Critical Function