cnvd - cnvd-2021-103399

cnvd-2021-103399

Vulnerability from cnvd

Title: Lancom Lcos存在未明漏洞

Description:

Lancom Lcos是希腊Lancom公司的一个为Lancom路由器、无线建立的Lancom操作系统。

LCOS 10.40至10.42.0473-RU3版本存在安全漏洞，攻击者可利用该漏洞通过CLI修改root用户密码。

Severity: 高

Formal description:

厂商尚未提供漏洞修复方案，请关注厂商主页更新： https://www.ovt.com/lcos

Reference: https://www.nmedv.de/wp-content/uploads/2021/09/NME-2021-001.txt

Impacted products

Name
LANCOM LCOS >=10.40，<=10.42.0473-RU3

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2021-33903"
    }
  },
  "description": "Lancom Lcos\u662f\u5e0c\u814aLancom\u516c\u53f8\u7684\u4e00\u4e2a\u4e3aLancom\u8def\u7531\u5668\u3001\u65e0\u7ebf\u5efa\u7acb\u7684Lancom\u64cd\u4f5c\u7cfb\u7edf\u3002\n\nLCOS 10.40\u81f310.42.0473-RU3\u7248\u672c\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u901a\u8fc7CLI\u4fee\u6539root\u7528\u6237\u5bc6\u7801\u3002",
  "formalWay": "\u5382\u5546\u5c1a\u672a\u63d0\u4f9b\u6f0f\u6d1e\u4fee\u590d\u65b9\u6848\uff0c\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\u66f4\u65b0\uff1a\r\nhttps://www.ovt.com/lcos",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2021-103399",
  "openTime": "2021-12-30",
  "products": {
    "product": "LANCOM LCOS \u003e=10.40\uff0c\u003c=10.42.0473-RU3"
  },
  "referenceLink": "https://www.nmedv.de/wp-content/uploads/2021/09/NME-2021-001.txt",
  "serverity": "\u9ad8",
  "submitTime": "2021-10-12",
  "title": "Lancom Lcos\u5b58\u5728\u672a\u660e\u6f0f\u6d1e"
}

CVE-2021-33903 (GCVE-0-2021-33903)

Vulnerability from cvelistv5

Published

2021-10-07 14:48

Modified

2024-08-04 00:05

Severity ?

CWE

Summary

In LCOS 10.40 to 10.42.0473-RU3 with SNMPv3 enabled on LANCOM devices, changing the password of the root user via the CLI does not change the password of the root user for SNMPv3 access. (However, changing the password of the root user via LANconfig does change the password of the root user for SNMPv3 access.)

References

▼	URL	Tags
	https://www.nmedv.de/wp-content/uploads/2021/10/NME-2021-001.txt	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T00:05:52.083Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.nmedv.de/wp-content/uploads/2021/10/NME-2021-001.txt"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In LCOS 10.40 to 10.42.0473-RU3 with SNMPv3 enabled on LANCOM devices, changing the password of the root user via the CLI does not change the password of the root user for SNMPv3 access. (However, changing the password of the root user via LANconfig does change the password of the root user for SNMPv3 access.)"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-10-11T16:39:41",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.nmedv.de/wp-content/uploads/2021/10/NME-2021-001.txt"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2021-33903",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In LCOS 10.40 to 10.42.0473-RU3 with SNMPv3 enabled on LANCOM devices, changing the password of the root user via the CLI does not change the password of the root user for SNMPv3 access. (However, changing the password of the root user via LANconfig does change the password of the root user for SNMPv3 access.)"
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.nmedv.de/wp-content/uploads/2021/10/NME-2021-001.txt",
              "refsource": "MISC",
              "url": "https://www.nmedv.de/wp-content/uploads/2021/10/NME-2021-001.txt"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2021-33903",
    "datePublished": "2021-10-07T14:48:15",
    "dateReserved": "2021-06-07T00:00:00",
    "dateUpdated": "2024-08-04T00:05:52.083Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted