CVE-2021-20121 - The Telus Wi-Fi Hub (PRV65B444A-S-TS) with firmware version 3.00.20 is vulnerable to an authenticate

CVE-2021-20121

Summary

The Telus Wi-Fi Hub (PRV65B444A-S-TS) with firmware version 3.00.20 is vulnerable to an authenticated arbitrary file read. An authenticated user with physical access to the device can read arbitrary files from the device by preparing and connecting a specially prepared USB drive to the device, and making a series of crafted requests to the device's web interface.

References

https://www.tenable.com/security/research/tra-2021-41

Vulnerable Configurations

cpe:2.3:o:telus:prv65b444a-s-ts_firmware:3.00.20:*:*:*:*:*:*:*
cpe:2.3:o:telus:prv65b444a-s-ts_firmware:3.00.20:*:*:*:*:*:*:*
cpe:2.3:h:telus:prv65b444a-s-ts:-:*:*:*:*:*:*:*
cpe:2.3:h:telus:prv65b444a-s-ts:-:*:*:*:*:*:*:*

CVSS

Base:	1.9 (as of 18-10-2021 - 18:44)
Impact:
Exploitability:

CWE

NVD-CWE-noinfo

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	NONE	NONE

cvss-vector via4

AV:L/AC:M/Au:N/C:P/I:N/A:N

Last major update

18-10-2021 - 18:44

Published

11-10-2021 - 17:15

Last modified

18-10-2021 - 18:44