CVE-2021-39243
Summary
| CVE | CVE-2021-39243 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2021-08-23 05:15:00 UTC |
| Updated | 2021-08-26 18:37:00 UTC |
| Description | Cross-Site Request Forgery (CSRF) exists on Altus Nexto, Nexto Xpress, and Hadron Xtorm devices via any CGI endpoint. This affects Nexto NX3003 1.8.11.0, Nexto NX3004 1.8.11.0, Nexto NX3005 1.8.11.0, Nexto NX3010 1.8.3.0, Nexto NX3020 1.8.3.0, Nexto NX3030 1.8.3.0, Nexto NX5100 1.8.11.0, Nexto NX5101 1.8.11.0, Nexto NX5110 1.1.2.8, Nexto NX5210 1.1.2.8, Nexto Xpress XP300 1.8.11.0, Nexto Xpress XP315 1.8.11.0, Nexto Xpress XP325 1.8.11.0, Nexto Xpress XP340 1.8.11.0, and Hadron Xtorm HX3040 1.7.58.0. |
Risk And Classification
Problem Types: CWE-352
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Hardware | Altus | Hadron Xtorm Hx3040 | - | All | All | All |
| Operating System | Altus | Hadron Xtorm Hx3040 Firmware | 1.7.58.0 | All | All | All |
| Hardware | Altus | Nexto Nx3003 | - | All | All | All |
| Operating System | Altus | Nexto Nx3003 Firmware | 1.8.11.0 | All | All | All |
| Hardware | Altus | Nexto Nx3004 | - | All | All | All |
| Operating System | Altus | Nexto Nx3004 Firmware | 1.8.11.0 | All | All | All |
| Hardware | Altus | Nexto Nx3005 | - | All | All | All |
| Operating System | Altus | Nexto Nx3005 Firmware | 1.8.11.0 | All | All | All |
| Hardware | Altus | Nexto Nx3010 | - | All | All | All |
| Operating System | Altus | Nexto Nx3010 Firmware | 1.8.3.0 | All | All | All |
| Hardware | Altus | Nexto Nx3020 | - | All | All | All |
| Operating System | Altus | Nexto Nx3020 Firmware | 1.8.3.0 | All | All | All |
| Hardware | Altus | Nexto Nx3030 | - | All | All | All |
| Operating System | Altus | Nexto Nx3030 Firmware | 1.8.3.0 | All | All | All |
| Hardware | Altus | Nexto Nx5100 | - | All | All | All |
| Operating System | Altus | Nexto Nx5100 Firmware | 1.8.11.0 | All | All | All |
| Hardware | Altus | Nexto Nx5101 | - | All | All | All |
| Operating System | Altus | Nexto Nx5101 Firmware | 1.8.11.0 | All | All | All |
| Hardware | Altus | Nexto Nx5110 | - | All | All | All |
| Operating System | Altus | Nexto Nx5110 Firmware | 1.1.2.8 | All | All | All |
| Hardware | Altus | Nexto Nx5210 | - | All | All | All |
| Operating System | Altus | Nexto Nx5210 Firmware | 1.1.2.8 | All | All | All |
| Hardware | Altus | Nexto Xpress Xp300 | - | All | All | All |
| Operating System | Altus | Nexto Xpress Xp300 Firmware | 1.8.11.0 | All | All | All |
| Hardware | Altus | Nexto Xpress Xp315 | - | All | All | All |
| Operating System | Altus | Nexto Xpress Xp315 Firmware | 1.8.11.0 | All | All | All |
| Hardware | Altus | Nexto Xpress Xp325 | - | All | All | All |
| Operating System | Altus | Nexto Xpress Xp325 Firmware | 1.8.11.0 | All | All | All |
| Hardware | Altus | Nexto Xpress Xp340 | - | All | All | All |
| Operating System | Altus | Nexto Xpress Xp340 Firmware | 1.8.11.0 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Full Disclosure: SEC Consult SA-20210819-0 :: Multiple critical vulnerabilities in Altus Nexto and Hadron series | MISC | seclists.org | |
| Altus Sistemas de Automação | Altus | MISC | www.altus.com.br | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.