CVE-2021-20844
Published on: 11/24/2021 12:00:00 AM UTC
Last Modified on: 11/30/2021 07:12:00 AM UTC
Certain versions of Biz Box Nvr510 from Ntt-west contain the following vulnerability:
Improper neutralization of HTTP request headers for scripting syntax vulnerability in the Web GUI of RTX830 Rev.15.02.17 and earlier, NVR510 Rev.15.01.18 and earlier, NVR700W Rev.15.00.19 and earlier, and RTX1210 Rev.14.01.38 and earlier allows a remote authenticated attacker to obtain sensitive information via a specially crafted web page.
- CVE-2021-20844 has been assigned by
[email protected] to track the vulnerability - currently rated as MEDIUM severity.
- Affected Vendor/Software:
Yamaha Corporation - RTX830, NVR510, NVR700W, RTX1210 version RTX830 Rev.15.02.17 and earlier, NVR510 Rev.15.01.18 and earlier, NVR700W Rev.15.00.19 and earlier, RTX1210 Rev.14.01.38 and earlier
CVSS3 Score: 5.7 - MEDIUM
Attack Vector ⓘ |
Attack Complexity |
Privileges Required |
User Interaction |
---|---|---|---|
NETWORK | LOW | LOW | REQUIRED |
Scope | Confidentiality Impact |
Integrity Impact |
Availability Impact |
UNCHANGED | HIGH | NONE | NONE |
CVSS2 Score: 3.5 - LOW
Access Vector ⓘ |
Access Complexity |
Authentication |
---|---|---|
NETWORK | MEDIUM | SINGLE |
Confidentiality Impact |
Integrity Impact |
Availability Impact |
PARTIAL | NONE | NONE |
CVE References
Description | Tags ⓘ | Link |
---|---|---|
【NTT西日本】Biz Boxルータをご利用のお客さまへ - 法人・企業向けICTサービス | www.ntt-west.co.jp text/html |
![]() |
ヤマハルータをご利用のお客さまへ|お知らせ|法人のお客さま| NTT東日本 | business.ntt-east.co.jp text/html |
![]() |
FAQ for YAMAHA RT Series / Security | www.rtpro.yamaha.co.jp text/html |
![]() |
JVNVU#91161784: Multiple vulnerabilities in multiple Yamaha routers | jvn.jp text/xml |
![]() |
There are currently no QIDs associated with this CVE
Known Affected Configurations (CPE V2.3)
Type | Vendor | Product | Version | Update | Edition | Language |
---|---|---|---|---|---|---|
Hardware | Ntt-west | Biz Box Nvr510 | - | All | All | All |
Operating System | Ntt-west | Biz Box Nvr510 Firmware | All | All | All | All |
Hardware | Ntt-west | Biz Box Nvr700w | - | All | All | All |
Operating System | Ntt-west | Biz Box Nvr700w Firmware | All | All | All | All |
Hardware | Ntt-west | Biz Box Rtx1210 | - | All | All | All |
Operating System | Ntt-west | Biz Box Rtx1210 Firmware | All | All | All | All |
Hardware | Ntt-west | Biz Box Rtx830 | - | All | All | All |
Operating System | Ntt-west | Biz Box Rtx830 Firmware | All | All | All | All |
Hardware | Yamaha | Nvr510 | - | All | All | All |
Operating System | Yamaha | Nvr510 Firmware | All | All | All | All |
Hardware | Yamaha | Nvr700w | - | All | All | All |
Operating System | Yamaha | Nvr700w Firmware | All | All | All | All |
Hardware | Yamaha | Rtx1210 | - | All | All | All |
Operating System | Yamaha | Rtx1210 Firmware | All | All | All | All |
Hardware | Yamaha | Rtx830 | - | All | All | All |
Operating System | Yamaha | Rtx830 Firmware | All | All | All | All |
- cpe:2.3:h:ntt-west:biz_box_nvr510:-:*:*:*:*:*:*:*:
- cpe:2.3:o:ntt-west:biz_box_nvr510_firmware:*:*:*:*:*:*:*:*:
- cpe:2.3:h:ntt-west:biz_box_nvr700w:-:*:*:*:*:*:*:*:
- cpe:2.3:o:ntt-west:biz_box_nvr700w_firmware:*:*:*:*:*:*:*:*:
- cpe:2.3:h:ntt-west:biz_box_rtx1210:-:*:*:*:*:*:*:*:
- cpe:2.3:o:ntt-west:biz_box_rtx1210_firmware:*:*:*:*:*:*:*:*:
- cpe:2.3:h:ntt-west:biz_box_rtx830:-:*:*:*:*:*:*:*:
- cpe:2.3:o:ntt-west:biz_box_rtx830_firmware:*:*:*:*:*:*:*:*:
- cpe:2.3:h:yamaha:nvr510:-:*:*:*:*:*:*:*:
- cpe:2.3:o:yamaha:nvr510_firmware:*:*:*:*:*:*:*:*:
- cpe:2.3:h:yamaha:nvr700w:-:*:*:*:*:*:*:*:
- cpe:2.3:o:yamaha:nvr700w_firmware:*:*:*:*:*:*:*:*:
- cpe:2.3:h:yamaha:rtx1210:-:*:*:*:*:*:*:*:
- cpe:2.3:o:yamaha:rtx1210_firmware:*:*:*:*:*:*:*:*:
- cpe:2.3:h:yamaha:rtx830:-:*:*:*:*:*:*:*:
- cpe:2.3:o:yamaha:rtx830_firmware:*:*:*:*:*:*:*:*:
No vendor comments have been submitted for this CVE
Social Mentions
Source | Title | Posted (UTC) |
---|---|---|
![]() |
CVE-2021-20844 : Improper neutralization of HTTP request headers for scripting syntax vulnerability in the Web GUI… twitter.com/i/web/status/1… | 2021-11-24 10:44:22 |