Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-20844

Improper neutralization of HTTP request headers for scripting syntax vulnerability in the Web GUI of RTX830 Rev.15.02.17 and earlier, NVR510 Rev.15.01.18 and earlier, NVR700W Rev.15.00.19 and earlier, and RTX1210 Rev.14.01.38 and earlier allows a remote authenticated attacker to obtain sensitive information via a specially crafted web page.

Published

2021-11-24T16:15:13.280

Last Modified

2024-11-21T05:47:16.087

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 5.7 (MEDIUM)

CVSSv2 Vector

AV:N/AC:M/Au:S/C:P/I:N/A:N

  • Access Vector: NETWORK
  • Access Complexity: MEDIUM
  • Authentication: SINGLE
  • Confidentiality Impact: PARTIAL
  • Integrity Impact: NONE
  • Availability Impact: NONE
Exploitability Score

6.8

Impact Score

2.9

Weaknesses
  • Type: Primary
    CWE-116
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Operating System yamaha rtx830_firmware ≤ 15.02.17 Yes
Hardware yamaha rtx830 - No
Operating System yamaha nvr510_firmware ≤ 15.01.18 Yes
Hardware yamaha nvr510 - No
Operating System yamaha nvr700w_firmware ≤ 15.00.19 Yes
Hardware yamaha nvr700w - No
Operating System yamaha rtx1210_firmware ≤ 14.01.38 Yes
Hardware yamaha rtx1210 - No
Operating System ntt-west biz_box_rtx830_firmware ≤ 15.02.17 Yes
Hardware ntt-west biz_box_rtx830 - No
Operating System ntt-west biz_box_nvr510_firmware < 15.01.18 Yes
Hardware ntt-west biz_box_nvr510 - No
Operating System ntt-west biz_box_nvr700w_firmware ≤ 15.00.19 Yes
Hardware ntt-west biz_box_nvr700w - No
Operating System ntt-west biz_box_rtx1210_firmware ≤ 14.01.38 Yes
Hardware ntt-west biz_box_rtx1210 - No
References