CVE-2021-20844
Severity Score
5.7
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Improper neutralization of HTTP request headers for scripting syntax vulnerability in the Web GUI of RTX830 Rev.15.02.17 and earlier, NVR510 Rev.15.01.18 and earlier, NVR700W Rev.15.00.19 and earlier, and RTX1210 Rev.14.01.38 and earlier allows a remote authenticated attacker to obtain sensitive information via a specially crafted web page.
Una neutralización inapropiada de los encabezados de peticiones HTTP para la sintaxis de scripts en la interfaz gráfica de usuario de la web de RTX830 Rev.15.02.17 y anteriores, NVR510 Rev.15.01.18 y anteriores, NVR700W Rev.15.00.19 y anteriores, y RTX1210 Rev.14.01.38 y anteriores permite a un atacante remoto autenticado obtener información confidencial por medio de una página web especialmente diseñada
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2020-12-17 CVE Reserved
- 2021-11-24 CVE Published
- 2023-10-11 EPSS Updated
- 2024-08-03 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-116: Improper Encoding or Escaping of Output
CAPEC
References (4)
| URL | Tag | Source |
|---|---|---|
| https://jvn.jp/en/vu/JVNVU91161784/index.html | Mitigation |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVNVU91161784.html | 2021-11-30 | |
| https://business.ntt-east.co.jp/topics/2021/11_09.html | 2021-11-30 | |
| https://www.ntt-west.co.jp/smb/kiki_info/info/211109.html | 2021-11-30 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Yamaha Search vendor "Yamaha" | Rtx830 Firmware Search vendor "Yamaha" for product "Rtx830 Firmware" | <= 15.02.17 Search vendor "Yamaha" for product "Rtx830 Firmware" and version " <= 15.02.17" | - |
Affected
| in | Yamaha Search vendor "Yamaha" | Rtx830 Search vendor "Yamaha" for product "Rtx830" | - | - |
Safe
|
| Yamaha Search vendor "Yamaha" | Nvr510 Firmware Search vendor "Yamaha" for product "Nvr510 Firmware" | <= 15.01.18 Search vendor "Yamaha" for product "Nvr510 Firmware" and version " <= 15.01.18" | - |
Affected
| in | Yamaha Search vendor "Yamaha" | Nvr510 Search vendor "Yamaha" for product "Nvr510" | - | - |
Safe
|
| Yamaha Search vendor "Yamaha" | Nvr700w Firmware Search vendor "Yamaha" for product "Nvr700w Firmware" | <= 15.00.19 Search vendor "Yamaha" for product "Nvr700w Firmware" and version " <= 15.00.19" | - |
Affected
| in | Yamaha Search vendor "Yamaha" | Nvr700w Search vendor "Yamaha" for product "Nvr700w" | - | - |
Safe
|
| Yamaha Search vendor "Yamaha" | Rtx1210 Firmware Search vendor "Yamaha" for product "Rtx1210 Firmware" | <= 14.01.38 Search vendor "Yamaha" for product "Rtx1210 Firmware" and version " <= 14.01.38" | - |
Affected
| in | Yamaha Search vendor "Yamaha" | Rtx1210 Search vendor "Yamaha" for product "Rtx1210" | - | - |
Safe
|
| Ntt-west Search vendor "Ntt-west" | Biz Box Rtx830 Firmware Search vendor "Ntt-west" for product "Biz Box Rtx830 Firmware" | <= 15.02.17 Search vendor "Ntt-west" for product "Biz Box Rtx830 Firmware" and version " <= 15.02.17" | - |
Affected
| in | Ntt-west Search vendor "Ntt-west" | Biz Box Rtx830 Search vendor "Ntt-west" for product "Biz Box Rtx830" | - | - |
Safe
|
| Ntt-west Search vendor "Ntt-west" | Biz Box Nvr510 Firmware Search vendor "Ntt-west" for product "Biz Box Nvr510 Firmware" | < 15.01.18 Search vendor "Ntt-west" for product "Biz Box Nvr510 Firmware" and version " < 15.01.18" | - |
Affected
| in | Ntt-west Search vendor "Ntt-west" | Biz Box Nvr510 Search vendor "Ntt-west" for product "Biz Box Nvr510" | - | - |
Safe
|
| Ntt-west Search vendor "Ntt-west" | Biz Box Nvr700w Firmware Search vendor "Ntt-west" for product "Biz Box Nvr700w Firmware" | <= 15.00.19 Search vendor "Ntt-west" for product "Biz Box Nvr700w Firmware" and version " <= 15.00.19" | - |
Affected
| in | Ntt-west Search vendor "Ntt-west" | Biz Box Nvr700w Search vendor "Ntt-west" for product "Biz Box Nvr700w" | - | - |
Safe
|
| Ntt-west Search vendor "Ntt-west" | Biz Box Rtx1210 Firmware Search vendor "Ntt-west" for product "Biz Box Rtx1210 Firmware" | <= 14.01.38 Search vendor "Ntt-west" for product "Biz Box Rtx1210 Firmware" and version " <= 14.01.38" | - |
Affected
| in | Ntt-west Search vendor "Ntt-west" | Biz Box Rtx1210 Search vendor "Ntt-west" for product "Biz Box Rtx1210" | - | - |
Safe
|