CVE-2021-20843

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
24/11/2021
Last modified:
30/11/2021

Description

Cross-site script inclusion vulnerability in the Web GUI of RTX830 Rev.15.02.17 and earlier, NVR510 Rev.15.01.18 and earlier, NVR700W Rev.15.00.19 and earlier, and RTX1210 Rev.14.01.38 and earlier allows a remote authenticated attacker to alter the settings of the product via a specially crafted web page.

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:yamaha:rtx830_firmware:*:*:*:*:*:*:*:* 15.02.17 (including)
cpe:2.3:h:yamaha:rtx830:-:*:*:*:*:*:*:*
cpe:2.3:o:yamaha:nvr510_firmware:*:*:*:*:*:*:*:* 15.01.18 (including)
cpe:2.3:h:yamaha:nvr510:-:*:*:*:*:*:*:*
cpe:2.3:o:yamaha:nvr700w_firmware:*:*:*:*:*:*:*:* 15.00.19 (including)
cpe:2.3:h:yamaha:nvr700w:-:*:*:*:*:*:*:*
cpe:2.3:o:yamaha:rtx1210_firmware:*:*:*:*:*:*:*:* 14.01.38 (including)
cpe:2.3:h:yamaha:rtx1210:-:*:*:*:*:*:*:*
cpe:2.3:o:ntt-west:biz_box_rtx830_firmware:*:*:*:*:*:*:*:* 15.02.17 (including)
cpe:2.3:h:ntt-west:biz_box_rtx830:-:*:*:*:*:*:*:*
cpe:2.3:o:ntt-west:biz_box_nvr510_firmware:*:*:*:*:*:*:*:* 15.01.18 (excluding)
cpe:2.3:h:ntt-west:biz_box_nvr510:-:*:*:*:*:*:*:*
cpe:2.3:o:ntt-west:biz_box_nvr700w_firmware:*:*:*:*:*:*:*:* 15.00.19 (including)
cpe:2.3:h:ntt-west:biz_box_nvr700w:-:*:*:*:*:*:*:*
cpe:2.3:o:ntt-west:biz_box_rtx1210_firmware:*:*:*:*:*:*:*:* 14.01.38 (including)