CVE-2021-20847
Published on: 11/30/2021 12:00:00 AM UTC
Last Modified on: 12/02/2021 06:37:00 PM UTC
Certain versions of Wi-fi Station Sh-52a from Nttdocomo contain the following vulnerability:
Cross-site scripting vulnerability in Wi-Fi STATION SH-52A (38JP_1_11G, 38JP_1_11J, 38JP_1_11K, 38JP_1_11L, 38JP_1_26F, 38JP_1_26G, 38JP_1_26J, 38JP_2_03B, and 38JP_2_03C) allows a remote unauthenticated attacker to inject an arbitrary script via WebUI of the device.
- CVE-2021-20847 has been assigned by
[email protected] to track the vulnerability - currently rated as MEDIUM severity.
- Affected Vendor/Software:
NTT DOCOMO, INC. - Wi-Fi STATION SH-52A version 38JP_1_11G, 38JP_1_11J, 38JP_1_11K, 38JP_1_11L, 38JP_1_26F, 38JP_1_26G, 38JP_1_26J, 38JP_2_03B, and 38JP_2_03C
CVSS3 Score: 6.1 - MEDIUM
Attack Vector ⓘ |
Attack Complexity |
Privileges Required |
User Interaction |
---|---|---|---|
NETWORK | LOW | NONE | REQUIRED |
Scope | Confidentiality Impact |
Integrity Impact |
Availability Impact |
CHANGED | LOW | LOW | NONE |
CVSS2 Score: 4.3 - MEDIUM
Access Vector ⓘ |
Access Complexity |
Authentication |
---|---|---|
NETWORK | MEDIUM | NONE |
Confidentiality Impact |
Integrity Impact |
Availability Impact |
NONE | PARTIAL | NONE |
CVE References
Description | Tags ⓘ | Link |
---|---|---|
Wi-Fi STATION SH-52Aのソフトウェアアップデート | お客様サポート | NTTドコモ | www.nttdocomo.co.jp text/html |
![]() |
JVN#19482703: Wi-Fi STATION SH-52A vulnerable to cross-site scripting | jvn.jp text/xml |
![]() |
There are currently no QIDs associated with this CVE
Known Affected Configurations (CPE V2.3)
Type | Vendor | Product | Version | Update | Edition | Language |
---|---|---|---|---|---|---|
Hardware
| Nttdocomo | Wi-fi Station Sh-52a | - | All | All | All |
Operating System | Nttdocomo | Wi-fi Station Sh-52a Firmware | 38jp_1_11g | All | All | All |
Operating System | Nttdocomo | Wi-fi Station Sh-52a Firmware | 38jp_1_11j | All | All | All |
Operating System | Nttdocomo | Wi-fi Station Sh-52a Firmware | 38jp_1_11k | All | All | All |
Operating System | Nttdocomo | Wi-fi Station Sh-52a Firmware | 38jp_1_11l | All | All | All |
Operating System | Nttdocomo | Wi-fi Station Sh-52a Firmware | 38jp_1_26f | All | All | All |
Operating System | Nttdocomo | Wi-fi Station Sh-52a Firmware | 38jp_1_26g | All | All | All |
Operating System | Nttdocomo | Wi-fi Station Sh-52a Firmware | 38jp_1_26j | All | All | All |
Operating System | Nttdocomo | Wi-fi Station Sh-52a Firmware | 38jp_2_03b | All | All | All |
Operating System | Nttdocomo | Wi-fi Station Sh-52a Firmware | 38jp_2_03c | All | All | All |
- cpe:2.3:h:nttdocomo:wi-fi_station_sh-52a:-:*:*:*:*:*:*:*:
- cpe:2.3:o:nttdocomo:wi-fi_station_sh-52a_firmware:38jp_1_11g:*:*:*:*:*:*:*:
- cpe:2.3:o:nttdocomo:wi-fi_station_sh-52a_firmware:38jp_1_11j:*:*:*:*:*:*:*:
- cpe:2.3:o:nttdocomo:wi-fi_station_sh-52a_firmware:38jp_1_11k:*:*:*:*:*:*:*:
- cpe:2.3:o:nttdocomo:wi-fi_station_sh-52a_firmware:38jp_1_11l:*:*:*:*:*:*:*:
- cpe:2.3:o:nttdocomo:wi-fi_station_sh-52a_firmware:38jp_1_26f:*:*:*:*:*:*:*:
- cpe:2.3:o:nttdocomo:wi-fi_station_sh-52a_firmware:38jp_1_26g:*:*:*:*:*:*:*:
- cpe:2.3:o:nttdocomo:wi-fi_station_sh-52a_firmware:38jp_1_26j:*:*:*:*:*:*:*:
- cpe:2.3:o:nttdocomo:wi-fi_station_sh-52a_firmware:38jp_2_03b:*:*:*:*:*:*:*:
- cpe:2.3:o:nttdocomo:wi-fi_station_sh-52a_firmware:38jp_2_03c:*:*:*:*:*:*:*:
No vendor comments have been submitted for this CVE
Social Mentions
Source | Title | Posted (UTC) |
---|---|---|
![]() |
CVE-2021-20847 : Cross-site scripting vulnerability in Wi-Fi STATION SH-52A 38JP_1_11G, 38JP_1_11J, 38JP_1_11K, 38… twitter.com/i/web/status/1… | 2021-12-01 02:23:36 |