CVE-2021-20621

{"id": "CVE-2021-20621", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2021-01-28T11:15:13.793", "references": [{"url": "https://jpn.nec.com/security-info/secinfo/nv21-005.html", "tags": ["Third Party Advisory"], "source": "vultures@jpcert.or.jp"}, {"url": "https://jvn.jp/en/jp/JVN38248512/index.html", "tags": ["Third Party Advisory"], "source": "vultures@jpcert.or.jp"}, {"url": "https://www.aterm.jp/support/tech/2019/0328.html", "tags": ["Patch", "Vendor Advisory"], "source": "vultures@jpcert.or.jp"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-352"}]}], "descriptions": [{"lang": "en", "value": "Cross-site request forgery (CSRF) vulnerability in Aterm WG2600HP firmware Ver1.0.2 and earlier, and Aterm WG2600HP2 firmware Ver1.0.2 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors."}, {"lang": "es", "value": "Vulnerabilidad de tipo Cross-site request forgery (CSRF) en Aterm WG2600HP firmware versiones 1.0.2 y anteriores, y Aterm WG2600HP2 firmware versiones 1.0.2 y anteriores, permite a atacantes remotos secuestrar la autenticaci\u00f3n de administradores por medio de vectores no especificados"}], "lastModified": "2021-02-01T18:22:05.780", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:aterm:wg2600hp_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "28520885-3EFD-483A-9304-7C6654DAE4D1", "versionEndIncluding": "1.0.2"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:aterm:wg2600hp:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F004958D-AEE0-4F45-BE7D-1B23012BB165"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:aterm:wg2600hp2_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A025B5DB-64C5-4DF3-9C29-898E5039A642", "versionEndIncluding": "1.0.2"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:aterm:wg2600hp2:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "261CC711-5970-41E2-89C9-A964453ABECD"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "vultures@jpcert.or.jp"}