CVSS: 5.7EPSS: 0%CPEs: 16EXPL: 0CVE-2021-20844
https://notcve.org/view.php?id=CVE-2021-20844
24 Nov 2021 — Improper neutralization of HTTP request headers for scripting syntax vulnerability in the Web GUI of RTX830 Rev.15.02.17 and earlier, NVR510 Rev.15.01.18 and earlier, NVR700W Rev.15.00.19 and earlier, and RTX1210 Rev.14.01.38 and earlier allows a remote authenticated attacker to obtain sensitive information via a specially crafted web page. Una neutralización inapropiada de los encabezados de peticiones HTTP para la sintaxis de scripts en la interfaz gráfica de usuario de la web de RTX830 Rev.15.02.17 y ant... • http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVNVU91161784.html • CWE-116: Improper Encoding or Escaping of Output •
CVSS: 5.4EPSS: 0%CPEs: 16EXPL: 0CVE-2021-20843
https://notcve.org/view.php?id=CVE-2021-20843
24 Nov 2021 — Cross-site script inclusion vulnerability in the Web GUI of RTX830 Rev.15.02.17 and earlier, NVR510 Rev.15.01.18 and earlier, NVR700W Rev.15.00.19 and earlier, and RTX1210 Rev.14.01.38 and earlier allows a remote authenticated attacker to alter the settings of the product via a specially crafted web page. Una vulnerabilidad de inclusión de scripts en la interfaz gráfica de usuario de RTX830 Rev.15.02.17 y anteriores, NVR510 Rev.15.01.18 y anteriores, NVR700W Rev.15.00.19 y anteriores, y RTX1210 Rev.14.01.38... • http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVNVU91161784.html • CWE-829: Inclusion of Functionality from Untrusted Control Sphere •