CVE Vulnerability

CVE-2021-20844

Improper neutralization of HTTP request headers for scripting syntax vulnerability in the Web GUI of RTX830 Rev.15.02.17 and earlier, NVR510 Rev.15.01.18 and earlier, NVR700W Rev.15.00.19 and earlier, and RTX1210 Rev.14.01.38 and earlier allows a remote authenticated attacker to obtain sensitive information via a specially crafted web page.

3.5 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 6.8 / Impact : 2.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

Scope

5.7 /10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.1 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVNVU91161784.html Mitigation Vendor Advisory
https://business.ntt-east.co.jp/topics/2021/11_09.html Mitigation Vendor Advisory
https://jvn.jp/en/vu/JVNVU91161784/index.html Mitigation Third Party Advisory
https://www.ntt-west.co.jp/smb/kiki_info/info/211109.html Mitigation Vendor Advisory
Configurations

Configuration 1
Information

Published : 2021-11-24 04:15

Updated : 2021-11-30 07:12

NVD link : CVE-2021-20844

Mitre link : CVE-2021-20844

Products Affected
No products.
CWE
CWE-116

Improper Encoding or Escaping of Output