Certain NetModule devices allow Limited Session Fixation via PHPSESSID. These models with firmware before 4.3.0.113, 4.4.0.111, and 4.5.0.105 are affected: NB800, NB1600, NB1601, NB1800, NB1810, NB2700, NB2710, NB2800, NB2810, NB3700, NB3701, NB3710, NB3711, NB3720, and NB3800.
References
Link | Resource |
---|---|
https://seclists.org/fulldisclosure/2021/Aug/22 | Exploit Mailing List Third Party Advisory |
https://www.netmodule.com | Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
History
27 Aug 2021, 12:35
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://seclists.org/fulldisclosure/2021/Aug/22 - Exploit, Mailing List, Third Party Advisory | |
References | (MISC) https://www.netmodule.com - Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : 7.5
v3 : 9.8 |
CPE | cpe:2.3:o:netmodule:nb1601_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:netmodule:nb800:-:*:*:*:*:*:*:* cpe:2.3:h:netmodule:nb2710:-:*:*:*:*:*:*:* cpe:2.3:h:netmodule:nb2810:-:*:*:*:*:*:*:* cpe:2.3:h:netmodule:nb3720:-:*:*:*:*:*:*:* cpe:2.3:o:netmodule:nb800_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:netmodule:nb1601:-:*:*:*:*:*:*:* cpe:2.3:o:netmodule:nb2700_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:netmodule:nb1600_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:netmodule:nb2810_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:netmodule:nb3701_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:netmodule:nb3720_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:netmodule:nb1800:-:*:*:*:*:*:*:* cpe:2.3:o:netmodule:nb3710_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:netmodule:nb2700:-:*:*:*:*:*:*:* cpe:2.3:o:netmodule:nb2710_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:netmodule:nb3700_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:netmodule:nb1810:-:*:*:*:*:*:*:* cpe:2.3:h:netmodule:nb3711:-:*:*:*:*:*:*:* cpe:2.3:h:netmodule:nb1600:-:*:*:*:*:*:*:* cpe:2.3:o:netmodule:nb3711_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:netmodule:nb2800:-:*:*:*:*:*:*:* cpe:2.3:o:netmodule:nb2800_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:netmodule:nb3701:-:*:*:*:*:*:*:* cpe:2.3:o:netmodule:nb1810_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:netmodule:nb1800_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:netmodule:nb3800_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:netmodule:nb3700:-:*:*:*:*:*:*:* cpe:2.3:h:netmodule:nb3710:-:*:*:*:*:*:*:* cpe:2.3:h:netmodule:nb3800:-:*:*:*:*:*:*:* |
|
CWE | CWE-384 |
23 Aug 2021, 05:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-08-23 05:15
Updated : 2024-02-04 21:47
NVD link : CVE-2021-39290
Mitre link : CVE-2021-39290
CVE.ORG link : CVE-2021-39290
JSON object : View
Products Affected
netmodule
- nb1800
- nb3710
- nb1601
- nb1810
- nb3700
- nb3711
- nb1600
- nb3800
- netmodule_router_software
- nb2810
- nb3720
- nb800
- nb2710
- nb2700
- nb3701
- nb2800
CWE
CWE-384
Session Fixation