CVE-2021-20843
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
24/11/2021
Last modified:
30/11/2021
Description
Cross-site script inclusion vulnerability in the Web GUI of RTX830 Rev.15.02.17 and earlier, NVR510 Rev.15.01.18 and earlier, NVR700W Rev.15.00.19 and earlier, and RTX1210 Rev.14.01.38 and earlier allows a remote authenticated attacker to alter the settings of the product via a specially crafted web page.
Impact
Base Score 3.x
5.40
Severity 3.x
MEDIUM
Base Score 2.0
3.50
Severity 2.0
LOW
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:o:yamaha:rtx830_firmware:*:*:*:*:*:*:*:* | 15.02.17 (including) | |
cpe:2.3:h:yamaha:rtx830:-:*:*:*:*:*:*:* | ||
cpe:2.3:o:yamaha:nvr510_firmware:*:*:*:*:*:*:*:* | 15.01.18 (including) | |
cpe:2.3:h:yamaha:nvr510:-:*:*:*:*:*:*:* | ||
cpe:2.3:o:yamaha:nvr700w_firmware:*:*:*:*:*:*:*:* | 15.00.19 (including) | |
cpe:2.3:h:yamaha:nvr700w:-:*:*:*:*:*:*:* | ||
cpe:2.3:o:yamaha:rtx1210_firmware:*:*:*:*:*:*:*:* | 14.01.38 (including) | |
cpe:2.3:h:yamaha:rtx1210:-:*:*:*:*:*:*:* | ||
cpe:2.3:o:ntt-west:biz_box_rtx830_firmware:*:*:*:*:*:*:*:* | 15.02.17 (including) | |
cpe:2.3:h:ntt-west:biz_box_rtx830:-:*:*:*:*:*:*:* | ||
cpe:2.3:o:ntt-west:biz_box_nvr510_firmware:*:*:*:*:*:*:*:* | 15.01.18 (excluding) | |
cpe:2.3:h:ntt-west:biz_box_nvr510:-:*:*:*:*:*:*:* | ||
cpe:2.3:o:ntt-west:biz_box_nvr700w_firmware:*:*:*:*:*:*:*:* | 15.00.19 (including) | |
cpe:2.3:h:ntt-west:biz_box_nvr700w:-:*:*:*:*:*:*:* | ||
cpe:2.3:o:ntt-west:biz_box_rtx1210_firmware:*:*:*:*:*:*:*:* | 14.01.38 (including) |
To consult the complete list of CPE names with products and versions, see this page