CVE-2021-20844

Sažetak

Improper neutralization of HTTP request headers for scripting syntax vulnerability in the Web GUI of RTX830 Rev.15.02.17 and earlier, NVR510 Rev.15.01.18 and earlier, NVR700W Rev.15.00.19 and earlier, and RTX1210 Rev.14.01.38 and earlier allows a remote authenticated attacker to obtain sensitive information via a specially crafted web page.

Reference

http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVNVU91161784.html
https://business.ntt-east.co.jp/topics/2021/11_09.html
https://jvn.jp/en/vu/JVNVU91161784/index.html
https://www.ntt-west.co.jp/smb/kiki_info/info/211109.html

CVSS

Base:	3.5
Impact:	2.9
Exploitability:	6.8

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:N/AC:M/Au:S/C:P/I:N/A:N

Zadnje važnije ažuriranje

30-11-2021 - 07:12

Objavljeno

24-11-2021 - 16:15