CVE-2021-41870

{"id": "CVE-2021-41870", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2021-12-15T06:15:06.803", "references": [{"url": "https://f20.be/cves/socomec", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.socomec.com/remote-view-software_en.html", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://f20.be/cves/socomec", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.socomec.com/remote-view-software_en.html", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-434"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in the firmware update form in Socomec REMOTE VIEW PRO 2.0.41.4. An authenticated attacker can bypass a client-side file-type check and upload arbitrary .php files."}, {"lang": "es", "value": "Se ha detectado un problema en el formulario de actualizaci\u00f3n del firmware en Socomec REMOTE VIEW PRO versi\u00f3n 2.0.41.4. Un atacante autenticado puede omitir una comprobaci\u00f3n de tipo de archivo del lado del cliente y cargar archivos .php arbitrarios"}], "lastModified": "2024-11-21T06:26:55.960", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:socomec:remote_view_pro_firmware:2.0.41.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F0BD5EE9-8A83-4FF5-9130-75F1000E9E62"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:socomec:remote_view_pro:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "752C209C-C3B2-4265-968D-BF1CB999BFD1"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}