Vulnerabilites related to logitech - lan-w300n\/rs
Vulnerability from fkie_nvd
Published
2012-06-04 17:55
Modified
2024-11-21 01:36
Severity ?
Summary
Logitec LAN-W300N/R routers with firmware before 2.27 do not properly restrict login access, which allows remote attackers to obtain administrative privileges and modify settings via vectors related to PPPoE authentication.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | http://jvn.jp/en/jp/JVN85934986/index.html | Third Party Advisory | |
| vultures@jpcert.or.jp | http://jvndb.jvn.jp/jvndb/JVNDB-2012-000051 | Third Party Advisory, VDB Entry | |
| vultures@jpcert.or.jp | http://secunia.com/advisories/49289 | Broken Link | |
| vultures@jpcert.or.jp | http://www.logitec.co.jp/info/2012/0516.html | Vendor Advisory | |
| vultures@jpcert.or.jp | http://www.securityfocus.com/bid/53685 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://jvn.jp/en/jp/JVN85934986/index.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://jvndb.jvn.jp/jvndb/JVNDB-2012-000051 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/49289 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.logitec.co.jp/info/2012/0516.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/53685 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| logitech | lan-w300n\/ru2_firmware | * | |
| logitech | lan-w300n\/r | - | |
| logitech | lan-w300n\/rs | - | |
| logitech | lan-w300n\/ru2 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:logitech:lan-w300n\\/ru2_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "11484C7F-7C03-4F46-A8B5-93D806004F96", versionEndExcluding: "2.27", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:logitech:lan-w300n\\/r:-:*:*:*:*:*:*:*", matchCriteriaId: "6F66BA70-88E7-4567-B283-FE4F8B5098CA", vulnerable: false, }, { criteria: "cpe:2.3:h:logitech:lan-w300n\\/rs:-:*:*:*:*:*:*:*", matchCriteriaId: "9D0B570C-E90F-4AE1-80F5-1083DB612F1D", vulnerable: false, }, { criteria: "cpe:2.3:h:logitech:lan-w300n\\/ru2:-:*:*:*:*:*:*:*", matchCriteriaId: "4B47A723-415E-4D41-BDFA-E2640BC69D09", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Logitec LAN-W300N/R routers with firmware before 2.27 do not properly restrict login access, which allows remote attackers to obtain administrative privileges and modify settings via vectors related to PPPoE authentication.", }, { lang: "es", value: "Los routers Logitec LAN-W300N/R con firmware anterior a v2.27, no restringen el acceso al login, lo que permite a atacantes remotos obtener privilegios administrativos y modificar la configuración a través de vectores relacionados con la autenticación PPPoE.", }, ], id: "CVE-2012-1250", lastModified: "2024-11-21T01:36:44.627", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 10, obtainAllPrivilege: true, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2012-06-04T17:55:01.510", references: [ { source: "vultures@jpcert.or.jp", tags: [ "Third Party Advisory", ], url: "http://jvn.jp/en/jp/JVN85934986/index.html", }, { source: "vultures@jpcert.or.jp", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000051", }, { source: "vultures@jpcert.or.jp", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/49289", }, { source: "vultures@jpcert.or.jp", tags: [ "Vendor Advisory", ], url: "http://www.logitec.co.jp/info/2012/0516.html", }, { source: "vultures@jpcert.or.jp", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/53685", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://jvn.jp/en/jp/JVN85934986/index.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000051", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/49289", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.logitec.co.jp/info/2012/0516.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/53685", }, ], sourceIdentifier: "vultures@jpcert.or.jp", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-264", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-02-12 07:15
Modified
2024-11-21 05:46
Severity ?
Summary
Cross-site request forgery (CSRF) vulnerability in LOGITEC LAN-W300N/RS allows remote attackers to hijack the authentication of administrators via a specially crafted URL. As a result, unintended operations to the device such as changes of the device settings may be conducted.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | https://jvn.jp/en/jp/JVN96783542/index.html | Third Party Advisory | |
| vultures@jpcert.or.jp | https://www.elecom.co.jp/news/security/20210126-01/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/en/jp/JVN96783542/index.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.elecom.co.jp/news/security/20210126-01/ | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| logitech | lan-w300n\/rs_firmware | - | |
| logitech | lan-w300n\/rs | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:logitech:lan-w300n\\/rs_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "58C9E26A-BDBC-44AD-AC82-A75B6D01868A", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:logitech:lan-w300n\\/rs:-:*:*:*:*:*:*:*", matchCriteriaId: "9D0B570C-E90F-4AE1-80F5-1083DB612F1D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cross-site request forgery (CSRF) vulnerability in LOGITEC LAN-W300N/RS allows remote attackers to hijack the authentication of administrators via a specially crafted URL. As a result, unintended operations to the device such as changes of the device settings may be conducted.", }, { lang: "es", value: "Una vulnerabilidad de tipo cross-site request forgery (CSRF) en LOGITEC LAN-W300N/RS, permite a atacantes remotos secuestrar la autenticación de los administradores por medio de una URL especialmente diseñada. Como resultado, se pueden realizar operaciones no deseadas en el dispositivo, como cambios en la configuración del dispositivo", }, ], id: "CVE-2021-20641", lastModified: "2024-11-21T05:46:55.733", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-02-12T07:15:14.873", references: [ { source: "vultures@jpcert.or.jp", tags: [ "Third Party Advisory", ], url: "https://jvn.jp/en/jp/JVN96783542/index.html", }, { source: "vultures@jpcert.or.jp", tags: [ "Vendor Advisory", ], url: "https://www.elecom.co.jp/news/security/20210126-01/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://jvn.jp/en/jp/JVN96783542/index.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.elecom.co.jp/news/security/20210126-01/", }, ], sourceIdentifier: "vultures@jpcert.or.jp", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-352", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-02-12 07:15
Modified
2024-11-21 05:46
Severity ?
Summary
Improper check or handling of exceptional conditions in LOGITEC LAN-W300N/RS allows a remote attacker to cause a denial-of-service (DoS) condition by sending a specially crafted URL.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | https://jvn.jp/en/jp/JVN96783542/index.html | Third Party Advisory | |
| vultures@jpcert.or.jp | https://www.elecom.co.jp/news/security/20210126-01/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/en/jp/JVN96783542/index.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.elecom.co.jp/news/security/20210126-01/ | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| logitech | lan-w300n\/rs_firmware | - | |
| logitech | lan-w300n\/rs | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:logitech:lan-w300n\\/rs_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "58C9E26A-BDBC-44AD-AC82-A75B6D01868A", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:logitech:lan-w300n\\/rs:-:*:*:*:*:*:*:*", matchCriteriaId: "9D0B570C-E90F-4AE1-80F5-1083DB612F1D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Improper check or handling of exceptional conditions in LOGITEC LAN-W300N/RS allows a remote attacker to cause a denial-of-service (DoS) condition by sending a specially crafted URL.", }, { lang: "es", value: "Una comprobación inapropiada o el manejo de condiciones excepcionales en LOGITEC LAN-W300N/RS, permite a un atacante remoto causar una condición de denegación de servicio (DoS) al enviar una URL especialmente diseñada", }, ], id: "CVE-2021-20642", lastModified: "2024-11-21T05:46:55.840", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-02-12T07:15:14.937", references: [ { source: "vultures@jpcert.or.jp", tags: [ "Third Party Advisory", ], url: "https://jvn.jp/en/jp/JVN96783542/index.html", }, { source: "vultures@jpcert.or.jp", tags: [ "Vendor Advisory", ], url: "https://www.elecom.co.jp/news/security/20210126-01/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://jvn.jp/en/jp/JVN96783542/index.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.elecom.co.jp/news/security/20210126-01/", }, ], sourceIdentifier: "vultures@jpcert.or.jp", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
cve-2021-20641
Vulnerability from cvelistv5
Published
2021-02-12 06:15
Modified
2024-08-03 17:45
Severity ?
EPSS score ?
Summary
Cross-site request forgery (CSRF) vulnerability in LOGITEC LAN-W300N/RS allows remote attackers to hijack the authentication of administrators via a specially crafted URL. As a result, unintended operations to the device such as changes of the device settings may be conducted.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.elecom.co.jp/news/security/20210126-01/ | x_refsource_MISC | |
| https://jvn.jp/en/jp/JVN96783542/index.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| LOGITEC CORPORATION | LAN-W300N/RS |
Version: LAN-W300N/RS |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T17:45:44.987Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.elecom.co.jp/news/security/20210126-01/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://jvn.jp/en/jp/JVN96783542/index.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "LAN-W300N/RS", vendor: "LOGITEC CORPORATION", versions: [ { status: "affected", version: "LAN-W300N/RS", }, ], }, ], descriptions: [ { lang: "en", value: "Cross-site request forgery (CSRF) vulnerability in LOGITEC LAN-W300N/RS allows remote attackers to hijack the authentication of administrators via a specially crafted URL. As a result, unintended operations to the device such as changes of the device settings may be conducted.", }, ], problemTypes: [ { descriptions: [ { description: "Cross-site request forgery", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-02-12T06:15:45", orgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", shortName: "jpcert", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.elecom.co.jp/news/security/20210126-01/", }, { tags: [ "x_refsource_MISC", ], url: "https://jvn.jp/en/jp/JVN96783542/index.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "vultures@jpcert.or.jp", ID: "CVE-2021-20641", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "LAN-W300N/RS", version: { version_data: [ { version_value: "LAN-W300N/RS", }, ], }, }, ], }, vendor_name: "LOGITEC CORPORATION", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cross-site request forgery (CSRF) vulnerability in LOGITEC LAN-W300N/RS allows remote attackers to hijack the authentication of administrators via a specially crafted URL. As a result, unintended operations to the device such as changes of the device settings may be conducted.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Cross-site request forgery", }, ], }, ], }, references: { reference_data: [ { name: "https://www.elecom.co.jp/news/security/20210126-01/", refsource: "MISC", url: "https://www.elecom.co.jp/news/security/20210126-01/", }, { name: "https://jvn.jp/en/jp/JVN96783542/index.html", refsource: "MISC", url: "https://jvn.jp/en/jp/JVN96783542/index.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", assignerShortName: "jpcert", cveId: "CVE-2021-20641", datePublished: "2021-02-12T06:15:45", dateReserved: "2020-12-17T00:00:00", dateUpdated: "2024-08-03T17:45:44.987Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-20642
Vulnerability from cvelistv5
Published
2021-02-12 06:15
Modified
2024-08-03 17:45
Severity ?
EPSS score ?
Summary
Improper check or handling of exceptional conditions in LOGITEC LAN-W300N/RS allows a remote attacker to cause a denial-of-service (DoS) condition by sending a specially crafted URL.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.elecom.co.jp/news/security/20210126-01/ | x_refsource_MISC | |
| https://jvn.jp/en/jp/JVN96783542/index.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| LOGITEC CORPORATION | LAN-W300N/RS |
Version: LAN-W300N/RS |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T17:45:45.349Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.elecom.co.jp/news/security/20210126-01/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://jvn.jp/en/jp/JVN96783542/index.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "LAN-W300N/RS", vendor: "LOGITEC CORPORATION", versions: [ { status: "affected", version: "LAN-W300N/RS", }, ], }, ], descriptions: [ { lang: "en", value: "Improper check or handling of exceptional conditions in LOGITEC LAN-W300N/RS allows a remote attacker to cause a denial-of-service (DoS) condition by sending a specially crafted URL.", }, ], problemTypes: [ { descriptions: [ { description: "Improper check or handling of exceptional conditions", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-02-12T06:15:45", orgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", shortName: "jpcert", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.elecom.co.jp/news/security/20210126-01/", }, { tags: [ "x_refsource_MISC", ], url: "https://jvn.jp/en/jp/JVN96783542/index.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "vultures@jpcert.or.jp", ID: "CVE-2021-20642", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "LAN-W300N/RS", version: { version_data: [ { version_value: "LAN-W300N/RS", }, ], }, }, ], }, vendor_name: "LOGITEC CORPORATION", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Improper check or handling of exceptional conditions in LOGITEC LAN-W300N/RS allows a remote attacker to cause a denial-of-service (DoS) condition by sending a specially crafted URL.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Improper check or handling of exceptional conditions", }, ], }, ], }, references: { reference_data: [ { name: "https://www.elecom.co.jp/news/security/20210126-01/", refsource: "MISC", url: "https://www.elecom.co.jp/news/security/20210126-01/", }, { name: "https://jvn.jp/en/jp/JVN96783542/index.html", refsource: "MISC", url: "https://jvn.jp/en/jp/JVN96783542/index.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", assignerShortName: "jpcert", cveId: "CVE-2021-20642", datePublished: "2021-02-12T06:15:45", dateReserved: "2020-12-17T00:00:00", dateUpdated: "2024-08-03T17:45:45.349Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2012-1250
Vulnerability from cvelistv5
Published
2012-06-04 17:00
Modified
2024-08-06 18:53
Severity ?
EPSS score ?
Summary
Logitec LAN-W300N/R routers with firmware before 2.27 do not properly restrict login access, which allows remote attackers to obtain administrative privileges and modify settings via vectors related to PPPoE authentication.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/49289 | third-party-advisory, x_refsource_SECUNIA | |
| http://jvn.jp/en/jp/JVN85934986/index.html | third-party-advisory, x_refsource_JVN | |
| http://jvndb.jvn.jp/jvndb/JVNDB-2012-000051 | third-party-advisory, x_refsource_JVNDB | |
| http://www.securityfocus.com/bid/53685 | vdb-entry, x_refsource_BID | |
| http://www.logitec.co.jp/info/2012/0516.html | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T18:53:36.536Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "49289", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/49289", }, { name: "JVN#85934986", tags: [ "third-party-advisory", "x_refsource_JVN", "x_transferred", ], url: "http://jvn.jp/en/jp/JVN85934986/index.html", }, { name: "JVNDB-2012-000051", tags: [ "third-party-advisory", "x_refsource_JVNDB", "x_transferred", ], url: "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000051", }, { name: "53685", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/53685", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.logitec.co.jp/info/2012/0516.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2012-05-25T00:00:00", descriptions: [ { lang: "en", value: "Logitec LAN-W300N/R routers with firmware before 2.27 do not properly restrict login access, which allows remote attackers to obtain administrative privileges and modify settings via vectors related to PPPoE authentication.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2012-11-27T10:00:00", orgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", shortName: "jpcert", }, references: [ { name: "49289", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/49289", }, { name: "JVN#85934986", tags: [ "third-party-advisory", "x_refsource_JVN", ], url: "http://jvn.jp/en/jp/JVN85934986/index.html", }, { name: "JVNDB-2012-000051", tags: [ "third-party-advisory", "x_refsource_JVNDB", ], url: "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000051", }, { name: "53685", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/53685", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.logitec.co.jp/info/2012/0516.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "vultures@jpcert.or.jp", ID: "CVE-2012-1250", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Logitec LAN-W300N/R routers with firmware before 2.27 do not properly restrict login access, which allows remote attackers to obtain administrative privileges and modify settings via vectors related to PPPoE authentication.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "49289", refsource: "SECUNIA", url: "http://secunia.com/advisories/49289", }, { name: "JVN#85934986", refsource: "JVN", url: "http://jvn.jp/en/jp/JVN85934986/index.html", }, { name: "JVNDB-2012-000051", refsource: "JVNDB", url: "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000051", }, { name: "53685", refsource: "BID", url: "http://www.securityfocus.com/bid/53685", }, { name: "http://www.logitec.co.jp/info/2012/0516.html", refsource: "CONFIRM", url: "http://www.logitec.co.jp/info/2012/0516.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", assignerShortName: "jpcert", cveId: "CVE-2012-1250", datePublished: "2012-06-04T17:00:00", dateReserved: "2012-02-21T00:00:00", dateUpdated: "2024-08-06T18:53:36.536Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
var-202102-0482
Vulnerability from variot
Cross-site request forgery (CSRF) vulnerability in LOGITEC LAN-W300N/RS allows remote attackers to hijack the authentication of administrators via a specially crafted URL. As a result, unintended operations to the device such as changes of the device settings may be conducted. The following multiple vulnerabilities exist in multiple products provided by Logitec Co., Ltd. -Inappropriate restriction of excessive authentication attempts (CWE-307) - CVE-2021-20635 ・ Cross-site request forgery (CWE-352) - CVE-2021-20636, CVE-2021-20641 • Improper checking or handling for exceptional situations (CWE-703) - CVE-2021-20637, CVE-2021-20642 ・ OS Command injection (CWE-78) - CVE-2021-20638 ・ OS Command injection (CWE-78) - CVE-2021-20639 ・ Buffer overflow (CWE-119) - CVE-2021-20640 CVE-2021-20635 This vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Kanagawa Institute of Technology Minegishi Takaaki Mr. Okamoto Tsuyoshi Mr CVE-2021-20636, CVE-2021-20637, CVE-2021-20642 These vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : LAC Co., Ltd. Shuto Kono Mr CVE-2021-20638, CVE-2021-20639, CVE-2021-20640 These vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Mitsui Bussan Secure Direction Co., Ltd. Tsukamoto Taizo Mr CVE-2021-20641 This vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : LAC Co., Ltd. Shuto Kono Mr. Techmatrix Corporation Atsuo Sakurai MrThe expected impact depends on each vulnerability, but it may be affected as follows. ・ Wireless of the corresponding device LAN By a third party within reach PIN Is decrypted and the network provided by the device is accessed. - CVE-2021-20635 ・ Of the product Web The user logged in to the admin page has been crafted URL You can unintentionally change the settings of the product by accessing - CVE-2021-20636, CVE-2021-20641 ・ Of the product Web The user logged in to the admin page has been crafted URL Interfering with service operations by accessing (DoS) Be attacked - CVE-2021-20637, CVE-2021-20642 ・ Of the product Web Arbitrary by an attacker with access to the admin page OS Command is executed - CVE-2021-20638, CVE-2021-20639, CVE-2021-20640. Logitec LAN-W300N/RS is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By persuading an authenticated user to visit a malicious Web site, a remote attacker could send a malformed HTTP request to change device settings. An attacker could exploit this vulnerability to perform cross-site scripting attacks, Web cache poisoning, and other malicious activities
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202102-0482", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "lan-w300n\\/rs", scope: "eq", trust: 1, vendor: "logitech", version: null, }, { model: "lan-w300n/pgrb", scope: "eq", trust: 0.8, vendor: "logitec", version: "(cve-2021-20638, cve-2021-20639, cve-2021-20640)", }, { model: "lan-w300n/pr5b", scope: "eq", trust: 0.8, vendor: "logitec", version: "(cve-2021-20636, cve-2021-20637)", }, { model: "lan-w300n/rs", scope: "eq", trust: 0.8, vendor: "logitec", version: "(cve-2021-20641, cve-2021-20642)", }, { model: "lan-wh450n/gr", scope: "eq", trust: 0.8, vendor: "logitec", version: "(cve-2021-20635)", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-000010", }, { db: "NVD", id: "CVE-2021-20641", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { cpe_match: [ { cpe22Uri: "cpe:/h:logitec:lan-w300n%2fpgrb", vulnerable: true, }, { cpe22Uri: "cpe:/h:logitec:lan-w300n%2fpr5b", vulnerable: true, }, { cpe22Uri: "cpe:/h:logitec:lan-w300n%2frs", vulnerable: true, }, { cpe22Uri: "cpe:/h:logitec:lan-wh450n%2fgr", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-000010", }, ], }, cve: "CVE-2021-20641", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: null, accessComplexity: "Low", accessVector: "Adjacent Network", authentication: "Single", author: "IPA", availabilityImpact: "Partial", baseScore: 5.2, confidentialityImpact: "Partial", exploitabilityScore: null, id: "JVNDB-2021-000010", impactScore: null, integrityImpact: "Partial", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 2.4, userInteractionRequired: null, vectorString: "AV:A/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", author: "nvd@nist.gov", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", exploitabilityScore: 8.6, id: "CVE-2021-20641", impactScore: 2.9, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 1, vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Adjacent Network", authentication: "None", author: "IPA", availabilityImpact: "None", baseScore: 3.3, confidentialityImpact: "Partial", exploitabilityScore: null, id: "JVNDB-2021-000010", impactScore: null, integrityImpact: "None", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Low", trust: 0.8, userInteractionRequired: null, vectorString: "AV:A/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, { acInsufInfo: null, accessComplexity: "High", accessVector: "Network", authentication: "None", author: "IPA", availabilityImpact: "None", baseScore: 4, confidentialityImpact: "Partial", exploitabilityScore: null, id: "JVNDB-2021-000010", impactScore: null, integrityImpact: "Partial", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.8, userInteractionRequired: null, vectorString: "AV:N/AC:H/Au:N/C:P/I:P/A:N", version: "2.0", }, { acInsufInfo: null, accessComplexity: "High", accessVector: "Network", authentication: "None", author: "IPA", availabilityImpact: "Partial", baseScore: 2.6, confidentialityImpact: "None", exploitabilityScore: null, id: "JVNDB-2021-000010", impactScore: null, integrityImpact: "None", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Low", trust: 0.8, userInteractionRequired: null, vectorString: "AV:N/AC:H/Au:N/C:N/I:N/A:P", version: "2.0", }, ], cvssV3: [ { attackComplexity: "Low", attackVector: "Adjacent Network", author: "IPA", availabilityImpact: "High", baseScore: 6.8, baseSeverity: "Medium", confidentialityImpact: "High", exploitabilityScore: null, id: "JVNDB-2021-000010", impactScore: null, integrityImpact: "High", privilegesRequired: "High", scope: "Unchanged", trust: 2.4, userInteraction: "None", vectorString: "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, { attackComplexity: "LOW", attackVector: "NETWORK", author: "nvd@nist.gov", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", exploitabilityScore: 2.8, id: "CVE-2021-20641", impactScore: 3.6, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", version: "3.1", }, { attackComplexity: "Low", attackVector: "Adjacent Network", author: "IPA", availabilityImpact: "None", baseScore: 4.3, baseSeverity: "Medium", confidentialityImpact: "Low", exploitabilityScore: null, id: "JVNDB-2021-000010", impactScore: null, integrityImpact: "None", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, { attackComplexity: "Low", attackVector: "Network", author: "IPA", availabilityImpact: "None", baseScore: 4.3, baseSeverity: "Medium", confidentialityImpact: "None", exploitabilityScore: null, id: "JVNDB-2021-000010", impactScore: null, integrityImpact: "Low", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "Required", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", version: "3.0", }, { attackComplexity: "Low", attackVector: "Network", author: "IPA", availabilityImpact: "Low", baseScore: 4.3, baseSeverity: "Medium", confidentialityImpact: "None", exploitabilityScore: null, id: "JVNDB-2021-000010", impactScore: null, integrityImpact: "None", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "Required", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", version: "3.0", }, ], severity: [ { author: "IPA", id: "JVNDB-2021-000010", trust: 4.8, value: "Medium", }, { author: "nvd@nist.gov", id: "CVE-2021-20641", trust: 1, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-202101-2380", trust: 0.6, value: "MEDIUM", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-000010", }, { db: "JVNDB", id: "JVNDB-2021-000010", }, { db: "JVNDB", id: "JVNDB-2021-000010", }, { db: "JVNDB", id: "JVNDB-2021-000010", }, { db: "JVNDB", id: "JVNDB-2021-000010", }, { db: "JVNDB", id: "JVNDB-2021-000010", }, { db: "CNNVD", id: "CNNVD-202101-2380", }, { db: "NVD", id: "CVE-2021-20641", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Cross-site request forgery (CSRF) vulnerability in LOGITEC LAN-W300N/RS allows remote attackers to hijack the authentication of administrators via a specially crafted URL. As a result, unintended operations to the device such as changes of the device settings may be conducted. The following multiple vulnerabilities exist in multiple products provided by Logitec Co., Ltd. -Inappropriate restriction of excessive authentication attempts (CWE-307) - CVE-2021-20635 ・ Cross-site request forgery (CWE-352) - CVE-2021-20636, CVE-2021-20641 • Improper checking or handling for exceptional situations (CWE-703) - CVE-2021-20637, CVE-2021-20642 ・ OS Command injection (CWE-78) - CVE-2021-20638 ・ OS Command injection (CWE-78) - CVE-2021-20639 ・ Buffer overflow (CWE-119) - CVE-2021-20640 CVE-2021-20635 This vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Kanagawa Institute of Technology Minegishi Takaaki Mr. Okamoto Tsuyoshi Mr CVE-2021-20636, CVE-2021-20637, CVE-2021-20642 These vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : LAC Co., Ltd. Shuto Kono Mr CVE-2021-20638, CVE-2021-20639, CVE-2021-20640 These vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Mitsui Bussan Secure Direction Co., Ltd. Tsukamoto Taizo Mr CVE-2021-20641 This vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : LAC Co., Ltd. Shuto Kono Mr. Techmatrix Corporation Atsuo Sakurai MrThe expected impact depends on each vulnerability, but it may be affected as follows. ・ Wireless of the corresponding device LAN By a third party within reach PIN Is decrypted and the network provided by the device is accessed. - CVE-2021-20635 ・ Of the product Web The user logged in to the admin page has been crafted URL You can unintentionally change the settings of the product by accessing - CVE-2021-20636, CVE-2021-20641 ・ Of the product Web The user logged in to the admin page has been crafted URL Interfering with service operations by accessing (DoS) Be attacked - CVE-2021-20637, CVE-2021-20642 ・ Of the product Web Arbitrary by an attacker with access to the admin page OS Command is executed - CVE-2021-20638, CVE-2021-20639, CVE-2021-20640. Logitec LAN-W300N/RS is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By persuading an authenticated user to visit a malicious Web site, a remote attacker could send a malformed HTTP request to change device settings. An attacker could exploit this vulnerability to perform cross-site scripting attacks, Web cache poisoning, and other malicious activities", sources: [ { db: "NVD", id: "CVE-2021-20641", }, { db: "JVNDB", id: "JVNDB-2021-000010", }, { db: "VULMON", id: "CVE-2021-20641", }, ], trust: 1.71, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2021-20641", trust: 2.5, }, { db: "JVN", id: "JVN96783542", trust: 2.4, }, { db: "JVNDB", id: "JVNDB-2021-000010", trust: 1.4, }, { db: "CNNVD", id: "CNNVD-202101-2380", trust: 0.6, }, { db: "VULMON", id: "CVE-2021-20641", trust: 0.1, }, ], sources: [ { db: "VULMON", id: "CVE-2021-20641", }, { db: "JVNDB", id: "JVNDB-2021-000010", }, { db: "CNNVD", id: "CNNVD-202101-2380", }, { db: "NVD", id: "CVE-2021-20641", }, ], }, id: "VAR-202102-0482", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.47569445, }, last_update_date: "2024-11-23T21:58:49.019000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "無線LANルーターなどネットワーク製品の一部における脆弱性に関して", trust: 0.8, url: "https://www.elecom.co.jp/news/security/20210126-01/", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-000010", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-352", trust: 1.8, }, { problemtype: "CWE-78", trust: 0.8, }, { problemtype: "CWE-Other", trust: 0.8, }, { problemtype: "CWE-119", trust: 0.8, }, { problemtype: "CWE-287", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-000010", }, { db: "NVD", id: "CVE-2021-20641", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.6, url: "https://jvn.jp/en/jp/jvn96783542/index.html", }, { trust: 1.6, url: "https://www.elecom.co.jp/news/security/20210126-01/", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2021-20641", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2021-20642", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2021-20635", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2021-20636", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2021-20637", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2021-20638", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2021-20639", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2021-20640", }, { trust: 0.8, url: "https://jvn.jp/jp/jvn96783542/index.html", }, { trust: 0.6, url: "https://jvndb.jvn.jp/en/contents/2021/jvndb-2021-000010.html", }, { trust: 0.6, url: "https://nvd.nist.gov/vuln/detail/cve-2021-20641", }, { trust: 0.1, url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/195621", }, ], sources: [ { db: "VULMON", id: "CVE-2021-20641", }, { db: "JVNDB", id: "JVNDB-2021-000010", }, { db: "CNNVD", id: "CNNVD-202101-2380", }, { db: "NVD", id: "CVE-2021-20641", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULMON", id: "CVE-2021-20641", }, { db: "JVNDB", id: "JVNDB-2021-000010", }, { db: "CNNVD", id: "CNNVD-202101-2380", }, { db: "NVD", id: "CVE-2021-20641", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-02-12T00:00:00", db: "VULMON", id: "CVE-2021-20641", }, { date: "2021-01-26T03:17:11", db: "JVNDB", id: "JVNDB-2021-000010", }, { date: "2021-01-26T00:00:00", db: "CNNVD", id: "CNNVD-202101-2380", }, { date: "2021-02-12T07:15:14.873000", db: "NVD", id: "CVE-2021-20641", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-02-18T00:00:00", db: "VULMON", id: "CVE-2021-20641", }, { date: "2021-01-26T03:17:11", db: "JVNDB", id: "JVNDB-2021-000010", }, { date: "2021-02-19T00:00:00", db: "CNNVD", id: "CNNVD-202101-2380", }, { date: "2024-11-21T05:46:55.733000", db: "NVD", id: "CVE-2021-20641", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202101-2380", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Multiple vulnerabilities in multiple Logitec products", sources: [ { db: "JVNDB", id: "JVNDB-2021-000010", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "cross-site request forgery", sources: [ { db: "CNNVD", id: "CNNVD-202101-2380", }, ], trust: 0.6, }, }
var-202102-0483
Vulnerability from variot
Improper check or handling of exceptional conditions in LOGITEC LAN-W300N/RS allows a remote attacker to cause a denial-of-service (DoS) condition by sending a specially crafted URL. The following multiple vulnerabilities exist in multiple products provided by Logitec Co., Ltd. -Inappropriate restriction of excessive authentication attempts (CWE-307) - CVE-2021-20635 ・ Cross-site request forgery (CWE-352) - CVE-2021-20636, CVE-2021-20641 • Improper checking or handling for exceptional situations (CWE-703) - CVE-2021-20637, CVE-2021-20642 ・ OS Command injection (CWE-78) - CVE-2021-20638 ・ OS Command injection (CWE-78) - CVE-2021-20639 ・ Buffer overflow (CWE-119) - CVE-2021-20640 CVE-2021-20635 This vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Kanagawa Institute of Technology Minegishi Takaaki Mr. Okamoto Tsuyoshi Mr CVE-2021-20636, CVE-2021-20637, CVE-2021-20642 These vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : LAC Co., Ltd. Shuto Kono Mr CVE-2021-20638, CVE-2021-20639, CVE-2021-20640 These vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Mitsui Bussan Secure Direction Co., Ltd. Tsukamoto Taizo Mr CVE-2021-20641 This vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : LAC Co., Ltd. Shuto Kono Mr. Techmatrix Corporation Atsuo Sakurai MrThe expected impact depends on each vulnerability, but it may be affected as follows. ・ Wireless of the corresponding device LAN By a third party within reach PIN Is decrypted and the network provided by the device is accessed. - CVE-2021-20635 ・ Of the product Web The user logged in to the admin page has been crafted URL You can unintentionally change the settings of the product by accessing - CVE-2021-20636, CVE-2021-20641 ・ Of the product Web The user logged in to the admin page has been crafted URL Interfering with service operations by accessing (DoS) Be attacked - CVE-2021-20637, CVE-2021-20642 ・ Of the product Web Arbitrary by an attacker with access to the admin page OS Command is executed - CVE-2021-20638, CVE-2021-20639, CVE-2021-20640. A remote attacker could exploit this vulnerability to cause the device to crash
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202102-0483", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "lan-w300n\\/rs", scope: "eq", trust: 1, vendor: "logitech", version: null, }, { model: "lan-w300n/pgrb", scope: "eq", trust: 0.8, vendor: "logitec", version: "(cve-2021-20638, cve-2021-20639, cve-2021-20640)", }, { model: "lan-w300n/pr5b", scope: "eq", trust: 0.8, vendor: "logitec", version: "(cve-2021-20636, cve-2021-20637)", }, { model: "lan-w300n/rs", scope: "eq", trust: 0.8, vendor: "logitec", version: "(cve-2021-20641, cve-2021-20642)", }, { model: "lan-wh450n/gr", scope: "eq", trust: 0.8, vendor: "logitec", version: "(cve-2021-20635)", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-000010", }, { db: "NVD", id: "CVE-2021-20642", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { cpe_match: [ { cpe22Uri: "cpe:/h:logitec:lan-w300n%2fpgrb", vulnerable: true, }, { cpe22Uri: "cpe:/h:logitec:lan-w300n%2fpr5b", vulnerable: true, }, { cpe22Uri: "cpe:/h:logitec:lan-w300n%2frs", vulnerable: true, }, { cpe22Uri: "cpe:/h:logitec:lan-wh450n%2fgr", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-000010", }, ], }, cve: "CVE-2021-20642", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: null, accessComplexity: "Low", accessVector: "Adjacent Network", authentication: "Single", author: "IPA", availabilityImpact: "Partial", baseScore: 5.2, confidentialityImpact: "Partial", exploitabilityScore: null, id: "JVNDB-2021-000010", impactScore: null, integrityImpact: "Partial", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 2.4, userInteractionRequired: null, vectorString: "AV:A/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", author: "nvd@nist.gov", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", exploitabilityScore: 8.6, id: "CVE-2021-20642", impactScore: 2.9, integrityImpact: "NONE", severity: "MEDIUM", trust: 1, vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Adjacent Network", authentication: "None", author: "IPA", availabilityImpact: "None", baseScore: 3.3, confidentialityImpact: "Partial", exploitabilityScore: null, id: "JVNDB-2021-000010", impactScore: null, integrityImpact: "None", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Low", trust: 0.8, userInteractionRequired: null, vectorString: "AV:A/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, { acInsufInfo: null, accessComplexity: "High", accessVector: "Network", authentication: "None", author: "IPA", availabilityImpact: "None", baseScore: 4, confidentialityImpact: "Partial", exploitabilityScore: null, id: "JVNDB-2021-000010", impactScore: null, integrityImpact: "Partial", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.8, userInteractionRequired: null, vectorString: "AV:N/AC:H/Au:N/C:P/I:P/A:N", version: "2.0", }, { acInsufInfo: null, accessComplexity: "High", accessVector: "Network", authentication: "None", author: "IPA", availabilityImpact: "Partial", baseScore: 2.6, confidentialityImpact: "None", exploitabilityScore: null, id: "JVNDB-2021-000010", impactScore: null, integrityImpact: "None", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Low", trust: 0.8, userInteractionRequired: null, vectorString: "AV:N/AC:H/Au:N/C:N/I:N/A:P", version: "2.0", }, ], cvssV3: [ { attackComplexity: "Low", attackVector: "Adjacent Network", author: "IPA", availabilityImpact: "High", baseScore: 6.8, baseSeverity: "Medium", confidentialityImpact: "High", exploitabilityScore: null, id: "JVNDB-2021-000010", impactScore: null, integrityImpact: "High", privilegesRequired: "High", scope: "Unchanged", trust: 2.4, userInteraction: "None", vectorString: "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, { attackComplexity: "LOW", attackVector: "NETWORK", author: "nvd@nist.gov", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", exploitabilityScore: 2.8, id: "CVE-2021-20642", impactScore: 3.6, integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, { attackComplexity: "Low", attackVector: "Adjacent Network", author: "IPA", availabilityImpact: "None", baseScore: 4.3, baseSeverity: "Medium", confidentialityImpact: "Low", exploitabilityScore: null, id: "JVNDB-2021-000010", impactScore: null, integrityImpact: "None", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, { attackComplexity: "Low", attackVector: "Network", author: "IPA", availabilityImpact: "None", baseScore: 4.3, baseSeverity: "Medium", confidentialityImpact: "None", exploitabilityScore: null, id: "JVNDB-2021-000010", impactScore: null, integrityImpact: "Low", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "Required", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", version: "3.0", }, { attackComplexity: "Low", attackVector: "Network", author: "IPA", availabilityImpact: "Low", baseScore: 4.3, baseSeverity: "Medium", confidentialityImpact: "None", exploitabilityScore: null, id: "JVNDB-2021-000010", impactScore: null, integrityImpact: "None", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "Required", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", version: "3.0", }, ], severity: [ { author: "IPA", id: "JVNDB-2021-000010", trust: 4.8, value: "Medium", }, { author: "nvd@nist.gov", id: "CVE-2021-20642", trust: 1, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-202101-2377", trust: 0.6, value: "MEDIUM", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-000010", }, { db: "JVNDB", id: "JVNDB-2021-000010", }, { db: "JVNDB", id: "JVNDB-2021-000010", }, { db: "JVNDB", id: "JVNDB-2021-000010", }, { db: "JVNDB", id: "JVNDB-2021-000010", }, { db: "JVNDB", id: "JVNDB-2021-000010", }, { db: "CNNVD", id: "CNNVD-202101-2377", }, { db: "NVD", id: "CVE-2021-20642", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Improper check or handling of exceptional conditions in LOGITEC LAN-W300N/RS allows a remote attacker to cause a denial-of-service (DoS) condition by sending a specially crafted URL. The following multiple vulnerabilities exist in multiple products provided by Logitec Co., Ltd. -Inappropriate restriction of excessive authentication attempts (CWE-307) - CVE-2021-20635 ・ Cross-site request forgery (CWE-352) - CVE-2021-20636, CVE-2021-20641 • Improper checking or handling for exceptional situations (CWE-703) - CVE-2021-20637, CVE-2021-20642 ・ OS Command injection (CWE-78) - CVE-2021-20638 ・ OS Command injection (CWE-78) - CVE-2021-20639 ・ Buffer overflow (CWE-119) - CVE-2021-20640 CVE-2021-20635 This vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Kanagawa Institute of Technology Minegishi Takaaki Mr. Okamoto Tsuyoshi Mr CVE-2021-20636, CVE-2021-20637, CVE-2021-20642 These vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : LAC Co., Ltd. Shuto Kono Mr CVE-2021-20638, CVE-2021-20639, CVE-2021-20640 These vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Mitsui Bussan Secure Direction Co., Ltd. Tsukamoto Taizo Mr CVE-2021-20641 This vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : LAC Co., Ltd. Shuto Kono Mr. Techmatrix Corporation Atsuo Sakurai MrThe expected impact depends on each vulnerability, but it may be affected as follows. ・ Wireless of the corresponding device LAN By a third party within reach PIN Is decrypted and the network provided by the device is accessed. - CVE-2021-20635 ・ Of the product Web The user logged in to the admin page has been crafted URL You can unintentionally change the settings of the product by accessing - CVE-2021-20636, CVE-2021-20641 ・ Of the product Web The user logged in to the admin page has been crafted URL Interfering with service operations by accessing (DoS) Be attacked - CVE-2021-20637, CVE-2021-20642 ・ Of the product Web Arbitrary by an attacker with access to the admin page OS Command is executed - CVE-2021-20638, CVE-2021-20639, CVE-2021-20640. A remote attacker could exploit this vulnerability to cause the device to crash", sources: [ { db: "NVD", id: "CVE-2021-20642", }, { db: "JVNDB", id: "JVNDB-2021-000010", }, { db: "VULMON", id: "CVE-2021-20642", }, ], trust: 1.71, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2021-20642", trust: 2.5, }, { db: "JVN", id: "JVN96783542", trust: 2.4, }, { db: "JVNDB", id: "JVNDB-2021-000010", trust: 1.4, }, { db: "CNNVD", id: "CNNVD-202101-2377", trust: 0.6, }, { db: "VULMON", id: "CVE-2021-20642", trust: 0.1, }, ], sources: [ { db: "VULMON", id: "CVE-2021-20642", }, { db: "JVNDB", id: "JVNDB-2021-000010", }, { db: "CNNVD", id: "CNNVD-202101-2377", }, { db: "NVD", id: "CVE-2021-20642", }, ], }, id: "VAR-202102-0483", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.47569445, }, last_update_date: "2024-11-23T21:58:48.939000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "無線LANルーターなどネットワーク製品の一部における脆弱性に関して", trust: 0.8, url: "https://www.elecom.co.jp/news/security/20210126-01/", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-000010", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "NVD-CWE-Other", trust: 1, }, { problemtype: "CWE-78", trust: 0.8, }, { problemtype: "CWE-Other", trust: 0.8, }, { problemtype: "CWE-352", trust: 0.8, }, { problemtype: "CWE-119", trust: 0.8, }, { problemtype: "CWE-287", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-000010", }, { db: "NVD", id: "CVE-2021-20642", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.6, url: "https://jvn.jp/en/jp/jvn96783542/index.html", }, { trust: 1.6, url: "https://www.elecom.co.jp/news/security/20210126-01/", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2021-20641", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2021-20642", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2021-20635", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2021-20636", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2021-20637", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2021-20638", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2021-20639", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2021-20640", }, { trust: 0.8, url: "https://jvn.jp/jp/jvn96783542/index.html", }, { trust: 0.6, url: "https://nvd.nist.gov/vuln/detail/cve-2021-20642", }, { trust: 0.6, url: "https://jvndb.jvn.jp/en/contents/2021/jvndb-2021-000010.html", }, { trust: 0.1, url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/195620", }, ], sources: [ { db: "VULMON", id: "CVE-2021-20642", }, { db: "JVNDB", id: "JVNDB-2021-000010", }, { db: "CNNVD", id: "CNNVD-202101-2377", }, { db: "NVD", id: "CVE-2021-20642", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULMON", id: "CVE-2021-20642", }, { db: "JVNDB", id: "JVNDB-2021-000010", }, { db: "CNNVD", id: "CNNVD-202101-2377", }, { db: "NVD", id: "CVE-2021-20642", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-02-12T00:00:00", db: "VULMON", id: "CVE-2021-20642", }, { date: "2021-01-26T03:17:11", db: "JVNDB", id: "JVNDB-2021-000010", }, { date: "2021-01-26T00:00:00", db: "CNNVD", id: "CNNVD-202101-2377", }, { date: "2021-02-12T07:15:14.937000", db: "NVD", id: "CVE-2021-20642", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-02-18T00:00:00", db: "VULMON", id: "CVE-2021-20642", }, { date: "2021-01-26T03:17:11", db: "JVNDB", id: "JVNDB-2021-000010", }, { date: "2022-05-05T00:00:00", db: "CNNVD", id: "CNNVD-202101-2377", }, { date: "2024-11-21T05:46:55.840000", db: "NVD", id: "CVE-2021-20642", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202101-2377", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Multiple vulnerabilities in multiple Logitec products", sources: [ { db: "JVNDB", id: "JVNDB-2021-000010", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "other", sources: [ { db: "CNNVD", id: "CNNVD-202101-2377", }, ], trust: 0.6, }, }