CVE-2021-20843
Published on: 11/24/2021 12:00:00 AM UTC
Last Modified on: 11/30/2021 07:11:00 AM UTC
Certain versions of Biz Box Nvr510 from Ntt-west contain the following vulnerability:
Cross-site script inclusion vulnerability in the Web GUI of RTX830 Rev.15.02.17 and earlier, NVR510 Rev.15.01.18 and earlier, NVR700W Rev.15.00.19 and earlier, and RTX1210 Rev.14.01.38 and earlier allows a remote authenticated attacker to alter the settings of the product via a specially crafted web page.
- CVE-2021-20843 has been assigned by
[email protected] to track the vulnerability - currently rated as MEDIUM severity.
- Affected Vendor/Software:
Yamaha Corporation - RTX830, NVR510, NVR700W, RTX1210 version RTX830 Rev.15.02.17 and earlier, NVR510 Rev.15.01.18 and earlier, NVR700W Rev.15.00.19 and earlier, RTX1210 Rev.14.01.38 and earlier
CVSS3 Score: 5.4 - MEDIUM
Attack Vector ⓘ |
Attack Complexity |
Privileges Required |
User Interaction |
---|---|---|---|
NETWORK | LOW | LOW | REQUIRED |
Scope | Confidentiality Impact |
Integrity Impact |
Availability Impact |
CHANGED | LOW | LOW | NONE |
CVSS2 Score: 3.5 - LOW
Access Vector ⓘ |
Access Complexity |
Authentication |
---|---|---|
NETWORK | MEDIUM | SINGLE |
Confidentiality Impact |
Integrity Impact |
Availability Impact |
NONE | PARTIAL | NONE |
CVE References
Description | Tags ⓘ | Link |
---|---|---|
【NTT西日本】Biz Boxルータをご利用のお客さまへ - 法人・企業向けICTサービス | www.ntt-west.co.jp text/html |
![]() |
ヤマハルータをご利用のお客さまへ|お知らせ|法人のお客さま| NTT東日本 | business.ntt-east.co.jp text/html |
![]() |
FAQ for YAMAHA RT Series / Security | www.rtpro.yamaha.co.jp text/html |
![]() |
JVNVU#91161784: Multiple vulnerabilities in multiple Yamaha routers | jvn.jp text/xml |
![]() |
There are currently no QIDs associated with this CVE
Known Affected Configurations (CPE V2.3)
Type | Vendor | Product | Version | Update | Edition | Language |
---|---|---|---|---|---|---|
Hardware | Ntt-west | Biz Box Nvr510 | - | All | All | All |
Operating System | Ntt-west | Biz Box Nvr510 Firmware | All | All | All | All |
Hardware | Ntt-west | Biz Box Nvr700w | - | All | All | All |
Operating System | Ntt-west | Biz Box Nvr700w Firmware | All | All | All | All |
Hardware | Ntt-west | Biz Box Rtx1210 | - | All | All | All |
Operating System | Ntt-west | Biz Box Rtx1210 Firmware | All | All | All | All |
Hardware | Ntt-west | Biz Box Rtx830 | - | All | All | All |
Operating System | Ntt-west | Biz Box Rtx830 Firmware | All | All | All | All |
Hardware | Yamaha | Nvr510 | - | All | All | All |
Operating System | Yamaha | Nvr510 Firmware | All | All | All | All |
Hardware | Yamaha | Nvr700w | - | All | All | All |
Operating System | Yamaha | Nvr700w Firmware | All | All | All | All |
Hardware | Yamaha | Rtx1210 | - | All | All | All |
Operating System | Yamaha | Rtx1210 Firmware | All | All | All | All |
Hardware | Yamaha | Rtx830 | - | All | All | All |
Operating System | Yamaha | Rtx830 Firmware | All | All | All | All |
- cpe:2.3:h:ntt-west:biz_box_nvr510:-:*:*:*:*:*:*:*:
- cpe:2.3:o:ntt-west:biz_box_nvr510_firmware:*:*:*:*:*:*:*:*:
- cpe:2.3:h:ntt-west:biz_box_nvr700w:-:*:*:*:*:*:*:*:
- cpe:2.3:o:ntt-west:biz_box_nvr700w_firmware:*:*:*:*:*:*:*:*:
- cpe:2.3:h:ntt-west:biz_box_rtx1210:-:*:*:*:*:*:*:*:
- cpe:2.3:o:ntt-west:biz_box_rtx1210_firmware:*:*:*:*:*:*:*:*:
- cpe:2.3:h:ntt-west:biz_box_rtx830:-:*:*:*:*:*:*:*:
- cpe:2.3:o:ntt-west:biz_box_rtx830_firmware:*:*:*:*:*:*:*:*:
- cpe:2.3:h:yamaha:nvr510:-:*:*:*:*:*:*:*:
- cpe:2.3:o:yamaha:nvr510_firmware:*:*:*:*:*:*:*:*:
- cpe:2.3:h:yamaha:nvr700w:-:*:*:*:*:*:*:*:
- cpe:2.3:o:yamaha:nvr700w_firmware:*:*:*:*:*:*:*:*:
- cpe:2.3:h:yamaha:rtx1210:-:*:*:*:*:*:*:*:
- cpe:2.3:o:yamaha:rtx1210_firmware:*:*:*:*:*:*:*:*:
- cpe:2.3:h:yamaha:rtx830:-:*:*:*:*:*:*:*:
- cpe:2.3:o:yamaha:rtx830_firmware:*:*:*:*:*:*:*:*:
No vendor comments have been submitted for this CVE
Social Mentions
Source | Title | Posted (UTC) |
---|---|---|
![]() |
>脆弱性情報のポータルサイトであるJVNによれば、「RTX1210」「RTX830」「NVR700W」「NVR510」に「クロスサイトスクリプトインクルージョン(XSSI)」の脆弱性「CVE-2021-20843」や、「HTTPレ… twitter.com/i/web/status/1… | 2021-11-09 17:35:25 |
![]() |
CVE-2021-20843 : Cross-site script inclusion vulnerability in the Web GUI of RTX830 Rev.15.02.17 and earlier, NVR51… twitter.com/i/web/status/1… | 2021-11-24 10:43:55 |