CVE-2021-20843

{"id": "CVE-2021-20843", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 6.8, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.3}]}, "published": "2021-11-24T16:15:13.230", "references": [{"url": "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVNVU91161784.html", "tags": ["Mitigation", "Vendor Advisory"], "source": "vultures@jpcert.or.jp"}, {"url": "https://business.ntt-east.co.jp/topics/2021/11_09.html", "tags": ["Mitigation", "Vendor Advisory"], "source": "vultures@jpcert.or.jp"}, {"url": "https://jvn.jp/en/vu/JVNVU91161784/index.html", "tags": ["Mitigation", "Third Party Advisory"], "source": "vultures@jpcert.or.jp"}, {"url": "https://www.ntt-west.co.jp/smb/kiki_info/info/211109.html", "tags": ["Mitigation", "Vendor Advisory"], "source": "vultures@jpcert.or.jp"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-829"}]}], "descriptions": [{"lang": "en", "value": "Cross-site script inclusion vulnerability in the Web GUI of RTX830 Rev.15.02.17 and earlier, NVR510 Rev.15.01.18 and earlier, NVR700W Rev.15.00.19 and earlier, and RTX1210 Rev.14.01.38 and earlier allows a remote authenticated attacker to alter the settings of the product via a specially crafted web page."}, {"lang": "es", "value": "Una vulnerabilidad de inclusi\u00f3n de scripts en la interfaz gr\u00e1fica de usuario de RTX830 Rev.15.02.17 y anteriores, NVR510 Rev.15.01.18 y anteriores, NVR700W Rev.15.00.19 y anteriores, y RTX1210 Rev.14.01.38 y anteriores, permite a un atacante remoto autenticado alterar la configuraci\u00f3n del producto por medio de una p\u00e1gina web especialmente dise\u00f1ada"}], "lastModified": "2021-11-30T07:11:11.477", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:yamaha:rtx830_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FA148A58-912E-448A-97B4-056F2EFE30B0", "versionEndIncluding": "15.02.17"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:yamaha:rtx830:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "C585EA2A-C2E0-406E-A785-668C2D8C5D64"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:yamaha:nvr510_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DF01C565-EF7D-46C9-9B5C-C6F97F059DA6", "versionEndIncluding": "15.01.18"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:yamaha:nvr510:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "1F29115C-CBD1-4648-A7BB-616DB70231FD"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:yamaha:nvr700w_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6679812C-0DC7-408E-8387-35BC4948063D", "versionEndIncluding": "15.00.19"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:yamaha:nvr700w:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "DF384051-AFEF-4CCD-BC7A-866EC2B87FFA"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:yamaha:rtx1210_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "742F40F8-41DC-4E31-8C98-A46015A984B6", "versionEndIncluding": "14.01.38"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:yamaha:rtx1210:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "38ABD757-E916-4DD3-B491-E37EEDEB601C"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:ntt-west:biz_box_rtx830_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F5CADF05-D820-4923-90E8-C7A96DFCBA54", "versionEndIncluding": "15.02.17"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:ntt-west:biz_box_rtx830:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "4CFEFB4A-C552-4649-B59F-6FB10A79DA84"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:ntt-west:biz_box_nvr510_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "23D4489C-5BAB-42DF-B5EA-7833527F4A24", "versionEndExcluding": "15.01.18"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:ntt-west:biz_box_nvr510:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "D8659F51-B97F-49BB-9D78-AB9D4DFB9FB2"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:ntt-west:biz_box_nvr700w_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "221F5AFD-8DE5-44D0-8532-AE5895369759", "versionEndIncluding": "15.00.19"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:ntt-west:biz_box_nvr700w:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "399DC40A-66AE-4B23-83BD-E7CBDD093415"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:ntt-west:biz_box_rtx1210_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "60517A56-D41C-4931-BBA7-A1AA6058CCC1", "versionEndIncluding": "14.01.38"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:ntt-west:biz_box_rtx1210:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "DC9E8F0E-8006-4474-9700-3DCAC5A40278"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "vultures@jpcert.or.jp"}