cvelistv5 - cve-2021-20658

cve-2021-20658

Vulnerability from cvelistv5

Published

2021-02-24 03:51

Modified

2024-08-03 17:45

Severity ?

Summary

SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an attacker to execute arbitrary OS commands with the web server privilege via unspecified vectors.

References

URL	Tags
vultures@jpcert.or.jp	https://jvn.jp/en/jp/JVN37417423/index.html	Third Party Advisory
vultures@jpcert.or.jp	https://www.contec.com/jp/api/downloadlogger?download=https://www.contec.com/jp/-/media/contec/jp/support/security-info/contec_security_solarview_210216.pdf	Vendor Advisory
vultures@jpcert.or.jp	https://www.contec.com/jp/download/contract/contract2/?itemid=b28c8b7c-9f40-40b2-843c-b5b04c035b0e&downloaditemid=fa248fba-8901-4d9e-8212-b139f2defbdf	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://jvn.jp/en/jp/JVN37417423/index.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.contec.com/jp/api/downloadlogger?download=https://www.contec.com/jp/-/media/contec/jp/support/security-info/contec_security_solarview_210216.pdf	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.contec.com/jp/download/contract/contract2/?itemid=b28c8b7c-9f40-40b2-843c-b5b04c035b0e&downloaditemid=fa248fba-8901-4d9e-8212-b139f2defbdf	Vendor Advisory

Impacted products

	Vendor	Product	Version
	Contec Co., Ltd.	SolarView Compact	Version: SV-CPT-MC310 prior to Ver.6.5

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T17:45:45.391Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.contec.com/jp/api/downloadlogger?download=https://www.contec.com/jp/-/media/contec/jp/support/security-info/contec_security_solarview_210216.pdf",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.contec.com/jp/download/contract/contract2/?itemid=b28c8b7c-9f40-40b2-843c-b5b04c035b0e&downloaditemid=fa248fba-8901-4d9e-8212-b139f2defbdf",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://jvn.jp/en/jp/JVN37417423/index.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "SolarView Compact",
               vendor: "Contec Co., Ltd.",
               versions: [
                  {
                     status: "affected",
                     version: "SV-CPT-MC310 prior to Ver.6.5",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an attacker to execute arbitrary OS commands with the web server privilege via unspecified vectors.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "OS Command Injection",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2021-02-24T03:51:45",
            orgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            shortName: "jpcert",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.contec.com/jp/api/downloadlogger?download=https://www.contec.com/jp/-/media/contec/jp/support/security-info/contec_security_solarview_210216.pdf",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.contec.com/jp/download/contract/contract2/?itemid=b28c8b7c-9f40-40b2-843c-b5b04c035b0e&downloaditemid=fa248fba-8901-4d9e-8212-b139f2defbdf",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://jvn.jp/en/jp/JVN37417423/index.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "vultures@jpcert.or.jp",
               ID: "CVE-2021-20658",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "SolarView Compact",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "SV-CPT-MC310 prior to Ver.6.5",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "Contec Co., Ltd.",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an attacker to execute arbitrary OS commands with the web server privilege via unspecified vectors.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "OS Command Injection",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://www.contec.com/jp/api/downloadlogger?download=https://www.contec.com/jp/-/media/contec/jp/support/security-info/contec_security_solarview_210216.pdf",
                     refsource: "MISC",
                     url: "https://www.contec.com/jp/api/downloadlogger?download=https://www.contec.com/jp/-/media/contec/jp/support/security-info/contec_security_solarview_210216.pdf",
                  },
                  {
                     name: "https://www.contec.com/jp/download/contract/contract2/?itemid=b28c8b7c-9f40-40b2-843c-b5b04c035b0e&downloaditemid=fa248fba-8901-4d9e-8212-b139f2defbdf",
                     refsource: "MISC",
                     url: "https://www.contec.com/jp/download/contract/contract2/?itemid=b28c8b7c-9f40-40b2-843c-b5b04c035b0e&downloaditemid=fa248fba-8901-4d9e-8212-b139f2defbdf",
                  },
                  {
                     name: "https://jvn.jp/en/jp/JVN37417423/index.html",
                     refsource: "MISC",
                     url: "https://jvn.jp/en/jp/JVN37417423/index.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce",
      assignerShortName: "jpcert",
      cveId: "CVE-2021-20658",
      datePublished: "2021-02-24T03:51:45",
      dateReserved: "2020-12-17T00:00:00",
      dateUpdated: "2024-08-03T17:45:45.391Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
   "vulnerability-lookup:meta": {
      nvd: "{\"cve\":{\"id\":\"CVE-2021-20658\",\"sourceIdentifier\":\"vultures@jpcert.or.jp\",\"published\":\"2021-02-24T12:15:22.830\",\"lastModified\":\"2024-11-21T05:46:57.573\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an attacker to execute arbitrary OS commands with the web server privilege via unspecified vectors.\"},{\"lang\":\"es\",\"value\":\"SolarView Compact SV-CPT-MC310 versiones anteriores a Ver.6.5, permite a un atacante ejecutar comandos arbitrarios del sistema operativo con privilegios de servidor web por medio de vectores no especificados\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":10.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-78\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:contec:sv-cpt-mc310_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"6.5\",\"matchCriteriaId\":\"F8EF2969-D593-4759-849A-FA0C3B0C7524\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:contec:sv-cpt-mc310:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F9FCCA5E-19F8-47D9-A6C6-77AF2AEFD51A\"}]}]}],\"references\":[{\"url\":\"https://jvn.jp/en/jp/JVN37417423/index.html\",\"source\":\"vultures@jpcert.or.jp\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.contec.com/jp/api/downloadlogger?download=https://www.contec.com/jp/-/media/contec/jp/support/security-info/contec_security_solarview_210216.pdf\",\"source\":\"vultures@jpcert.or.jp\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.contec.com/jp/download/contract/contract2/?itemid=b28c8b7c-9f40-40b2-843c-b5b04c035b0e&downloaditemid=fa248fba-8901-4d9e-8212-b139f2defbdf\",\"source\":\"vultures@jpcert.or.jp\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://jvn.jp/en/jp/JVN37417423/index.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.contec.com/jp/api/downloadlogger?download=https://www.contec.com/jp/-/media/contec/jp/support/security-info/contec_security_solarview_210216.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.contec.com/jp/download/contract/contract2/?itemid=b28c8b7c-9f40-40b2-843c-b5b04c035b0e&downloaditemid=fa248fba-8901-4d9e-8212-b139f2defbdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}",
   },
}

cve-2021-20658

Vulnerability from jvndb

Published

2021-02-19 16:44

Modified

2021-02-25 15:31

Severity ?

6.3 (Medium) - cvssV3_0 - CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Summary

Multiple vulnerabilities in SolarView Compact

Details

SolarView Compact provided by Contec Co., Ltd. contains multiple vulnerabilities listed below. *Exposure of information through directory listing (CWE-548) - CVE-2021-20656 *Improper access control (CWE-284) - CVE-2021-20657 *OS command injection (CWE-78) - CVE-2021-20658 *Unrestricted upload of file with dangerous type (CWE-434) - CVE-2021-20659 *Cross-site scripting (CWE-79) - CVE-2021-20660 *Directory traversal (CWE-23) - CVE-2021-20661 *Missing authentication for critical function (CWE-306) - CVE-2021-20662 *Using components with known vulnerabilities (CWE-1035) - CVE-2011-0762, CVE-2011-4362, CVE-2013-4508, CVE-2013-4559, CVE-2013-4560, CVE-2014-2323, CVE-2014-2324 The product uses previous versions of vsfpd and lighttpd with known vulnerabilities. CVE-2021-20656 Kouichirou Okada, Katsunari Yoshioka of Yokohama National University reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. CVE-2021-20657, CVE-2021-20658 Takayuki Sasak, Katsunari Yoshioka of Yokohama National University reported these vulnerabilities to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. CVE-2021-20659, CVE-2021-20660, CVE-2021-20661, CVE-2021-20662 Kouichirou Okada, Takayuki Sasaki, Katsunari Yoshioka of Yokohama National University reported these vulnerabilities to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Kouichirou Okada, Katsunari Yoshioka of Yokohama National University reported to IPA that CVE-2011-0762, CVE-2011-4362, CVE-2013-4508, CVE-2013-4559, CVE-2013-4560, CVE-2014-2323 and CVE-2014-2324 vulnerabilities still exist in the product. JPCERT/CC coordinated with the developer.

References

▼	Type	URL
	JVN	https://jvn.jp/en/jp/JVN37417423/index.html
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0762
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4362
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4508
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4559
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4560
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2323
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2324
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20656
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20657
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20658
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20659
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20660
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20661
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20662
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2011-0762
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2011-4362
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2013-4508
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2013-4559
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2013-4560
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2014-2323
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2014-2324
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2021-20656
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2021-20657
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2021-20658
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2021-20659
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2021-20660
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2021-20661
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2021-20662
	Information Exposure(CWE-200)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
	Path Traversal(CWE-22)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
	Permissions(CWE-264)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
	OS Command Injection(CWE-78)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
	Cross-site Scripting(CWE-79)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
	No Mapping(CWE-Other)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html

Impacted products

▼	Vendor	Product
	Contec	SolarView Compact SV-CPT-MC310

Show details on JVN DB website

JSON

To clipboard

{
   "@rdf:about": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-000016.html",
   "dc:date": "2021-02-25T15:31+09:00",
   "dcterms:issued": "2021-02-19T16:44+09:00",
   "dcterms:modified": "2021-02-25T15:31+09:00",
   description: "SolarView Compact provided by Contec Co., Ltd. contains multiple vulnerabilities listed below.\r\n\r\n*Exposure of information through directory listing (CWE-548) - CVE-2021-20656\r\n*Improper access control (CWE-284) - CVE-2021-20657\r\n*OS command injection (CWE-78) - CVE-2021-20658\r\n*Unrestricted upload of file with dangerous type (CWE-434) - CVE-2021-20659\r\n*Cross-site scripting (CWE-79) - CVE-2021-20660\r\n*Directory traversal (CWE-23) - CVE-2021-20661\r\n*Missing authentication for critical function (CWE-306) - CVE-2021-20662\r\n*Using components with known vulnerabilities (CWE-1035) - CVE-2011-0762, CVE-2011-4362, CVE-2013-4508, CVE-2013-4559, CVE-2013-4560, CVE-2014-2323, CVE-2014-2324\r\nThe product uses previous versions of vsfpd and lighttpd with known vulnerabilities.\r\n\r\nCVE-2021-20656\r\nKouichirou Okada, Katsunari Yoshioka of Yokohama National University reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nCVE-2021-20657, CVE-2021-20658\r\nTakayuki Sasak, Katsunari Yoshioka of Yokohama National University reported these vulnerabilities to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nCVE-2021-20659, CVE-2021-20660, CVE-2021-20661, CVE-2021-20662\r\nKouichirou Okada, Takayuki Sasaki, Katsunari Yoshioka of Yokohama National University reported these vulnerabilities to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nKouichirou Okada, Katsunari Yoshioka of Yokohama National University reported to IPA that CVE-2011-0762, CVE-2011-4362, CVE-2013-4508, CVE-2013-4559, CVE-2013-4560, CVE-2014-2323 and CVE-2014-2324 vulnerabilities still exist in the product. JPCERT/CC coordinated with the developer.",
   link: "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-000016.html",
   "sec:cpe": {
      "#text": "cpe:/o:contec:sv-cpt-mc310_firmware",
      "@product": "SolarView Compact SV-CPT-MC310",
      "@vendor": "Contec",
      "@version": "2.2",
   },
   "sec:cvss": [
      {
         "@score": "5.8",
         "@severity": "Medium",
         "@type": "Base",
         "@vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
         "@version": "2.0",
      },
      {
         "@score": "6.3",
         "@severity": "Medium",
         "@type": "Base",
         "@vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
         "@version": "3.0",
      },
   ],
   "sec:identifier": "JVNDB-2021-000016",
   "sec:references": [
      {
         "#text": "https://jvn.jp/en/jp/JVN37417423/index.html",
         "@id": "JVN#37417423",
         "@source": "JVN",
      },
      {
         "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0762",
         "@id": "CVE-2011-0762",
         "@source": "CVE",
      },
      {
         "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4362",
         "@id": "CVE-2011-4362",
         "@source": "CVE",
      },
      {
         "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4508",
         "@id": "CVE-2013-4508",
         "@source": "CVE",
      },
      {
         "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4559",
         "@id": "CVE-2013-4559",
         "@source": "CVE",
      },
      {
         "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4560",
         "@id": "CVE-2013-4560",
         "@source": "CVE",
      },
      {
         "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2323",
         "@id": "CVE-2014-2323",
         "@source": "CVE",
      },
      {
         "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2324",
         "@id": "CVE-2014-2324",
         "@source": "CVE",
      },
      {
         "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20656",
         "@id": "CVE-2021-20656",
         "@source": "CVE",
      },
      {
         "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20657",
         "@id": "CVE-2021-20657",
         "@source": "CVE",
      },
      {
         "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20658",
         "@id": "CVE-2021-20658",
         "@source": "CVE",
      },
      {
         "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20659",
         "@id": "CVE-2021-20659",
         "@source": "CVE",
      },
      {
         "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20660",
         "@id": "CVE-2021-20660",
         "@source": "CVE",
      },
      {
         "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20661",
         "@id": "CVE-2021-20661",
         "@source": "CVE",
      },
      {
         "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20662",
         "@id": "CVE-2021-20662",
         "@source": "CVE",
      },
      {
         "#text": "https://nvd.nist.gov/vuln/detail/CVE-2011-0762",
         "@id": "CVE-2011-0762",
         "@source": "NVD",
      },
      {
         "#text": "https://nvd.nist.gov/vuln/detail/CVE-2011-4362",
         "@id": "CVE-2011-4362",
         "@source": "NVD",
      },
      {
         "#text": "https://nvd.nist.gov/vuln/detail/CVE-2013-4508",
         "@id": "CVE-2013-4508",
         "@source": "NVD",
      },
      {
         "#text": "https://nvd.nist.gov/vuln/detail/CVE-2013-4559",
         "@id": "CVE-2013-4559",
         "@source": "NVD",
      },
      {
         "#text": "https://nvd.nist.gov/vuln/detail/CVE-2013-4560",
         "@id": "CVE-2013-4560",
         "@source": "NVD",
      },
      {
         "#text": "https://nvd.nist.gov/vuln/detail/CVE-2014-2323",
         "@id": "CVE-2014-2323",
         "@source": "NVD",
      },
      {
         "#text": "https://nvd.nist.gov/vuln/detail/CVE-2014-2324",
         "@id": "CVE-2014-2324",
         "@source": "NVD",
      },
      {
         "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20656",
         "@id": "CVE-2021-20656",
         "@source": "NVD",
      },
      {
         "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20657",
         "@id": "CVE-2021-20657",
         "@source": "NVD",
      },
      {
         "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20658",
         "@id": "CVE-2021-20658",
         "@source": "NVD",
      },
      {
         "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20659",
         "@id": "CVE-2021-20659",
         "@source": "NVD",
      },
      {
         "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20660",
         "@id": "CVE-2021-20660",
         "@source": "NVD",
      },
      {
         "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20661",
         "@id": "CVE-2021-20661",
         "@source": "NVD",
      },
      {
         "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20662",
         "@id": "CVE-2021-20662",
         "@source": "NVD",
      },
      {
         "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
         "@id": "CWE-200",
         "@title": "Information Exposure(CWE-200)",
      },
      {
         "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
         "@id": "CWE-22",
         "@title": "Path Traversal(CWE-22)",
      },
      {
         "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
         "@id": "CWE-264",
         "@title": "Permissions(CWE-264)",
      },
      {
         "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
         "@id": "CWE-78",
         "@title": "OS Command Injection(CWE-78)",
      },
      {
         "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
         "@id": "CWE-79",
         "@title": "Cross-site Scripting(CWE-79)",
      },
      {
         "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
         "@id": "CWE-Other",
         "@title": "No Mapping(CWE-Other)",
      },
   ],
   title: "Multiple vulnerabilities in SolarView Compact",
}

fkie_cve-2021-20658

Vulnerability from fkie_nvd

Published

2021-02-24 12:15

Modified

2024-11-21 05:46

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an attacker to execute arbitrary OS commands with the web server privilege via unspecified vectors.

References

URL	Tags
vultures@jpcert.or.jp	https://jvn.jp/en/jp/JVN37417423/index.html	Third Party Advisory
vultures@jpcert.or.jp	https://www.contec.com/jp/api/downloadlogger?download=https://www.contec.com/jp/-/media/contec/jp/support/security-info/contec_security_solarview_210216.pdf	Vendor Advisory
vultures@jpcert.or.jp	https://www.contec.com/jp/download/contract/contract2/?itemid=b28c8b7c-9f40-40b2-843c-b5b04c035b0e&downloaditemid=fa248fba-8901-4d9e-8212-b139f2defbdf	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://jvn.jp/en/jp/JVN37417423/index.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.contec.com/jp/api/downloadlogger?download=https://www.contec.com/jp/-/media/contec/jp/support/security-info/contec_security_solarview_210216.pdf	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.contec.com/jp/download/contract/contract2/?itemid=b28c8b7c-9f40-40b2-843c-b5b04c035b0e&downloaditemid=fa248fba-8901-4d9e-8212-b139f2defbdf	Vendor Advisory

Impacted products

	Vendor	Product	Version
	contec	sv-cpt-mc310_firmware	*
	contec	sv-cpt-mc310	-

JSON

To clipboard

{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:contec:sv-cpt-mc310_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "F8EF2969-D593-4759-849A-FA0C3B0C7524",
                     versionEndExcluding: "6.5",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:contec:sv-cpt-mc310:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F9FCCA5E-19F8-47D9-A6C6-77AF2AEFD51A",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an attacker to execute arbitrary OS commands with the web server privilege via unspecified vectors.",
      },
      {
         lang: "es",
         value: "SolarView Compact SV-CPT-MC310 versiones anteriores a Ver.6.5, permite a un atacante ejecutar comandos arbitrarios del sistema operativo con privilegios de servidor web por medio de vectores no especificados",
      },
   ],
   id: "CVE-2021-20658",
   lastModified: "2024-11-21T05:46:57.573",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "COMPLETE",
               baseScore: 10,
               confidentialityImpact: "COMPLETE",
               integrityImpact: "COMPLETE",
               vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 10,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 9.8,
               baseSeverity: "CRITICAL",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2021-02-24T12:15:22.830",
   references: [
      {
         source: "vultures@jpcert.or.jp",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://jvn.jp/en/jp/JVN37417423/index.html",
      },
      {
         source: "vultures@jpcert.or.jp",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.contec.com/jp/api/downloadlogger?download=https://www.contec.com/jp/-/media/contec/jp/support/security-info/contec_security_solarview_210216.pdf",
      },
      {
         source: "vultures@jpcert.or.jp",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.contec.com/jp/download/contract/contract2/?itemid=b28c8b7c-9f40-40b2-843c-b5b04c035b0e&downloaditemid=fa248fba-8901-4d9e-8212-b139f2defbdf",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://jvn.jp/en/jp/JVN37417423/index.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.contec.com/jp/api/downloadlogger?download=https://www.contec.com/jp/-/media/contec/jp/support/security-info/contec_security_solarview_210216.pdf",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.contec.com/jp/download/contract/contract2/?itemid=b28c8b7c-9f40-40b2-843c-b5b04c035b0e&downloaditemid=fa248fba-8901-4d9e-8212-b139f2defbdf",
      },
   ],
   sourceIdentifier: "vultures@jpcert.or.jp",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-78",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

gsd-2021-20658

Vulnerability from gsd

Modified

2023-12-13 01:23

Details

SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an attacker to execute arbitrary OS commands with the web server privilege via unspecified vectors.

Aliases

CVE-2021-20658

Aliases

CVE-2021-20658

JSON

To clipboard

{
   GSD: {
      alias: "CVE-2021-20658",
      description: "SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an attacker to execute arbitrary OS commands with the web server privilege via unspecified vectors.",
      id: "GSD-2021-20658",
   },
   gsd: {
      metadata: {
         exploitCode: "unknown",
         remediation: "unknown",
         reportConfidence: "confirmed",
         type: "vulnerability",
      },
      osvSchema: {
         aliases: [
            "CVE-2021-20658",
         ],
         details: "SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an attacker to execute arbitrary OS commands with the web server privilege via unspecified vectors.",
         id: "GSD-2021-20658",
         modified: "2023-12-13T01:23:12.099068Z",
         schema_version: "1.4.0",
      },
   },
   namespaces: {
      "cve.org": {
         CVE_data_meta: {
            ASSIGNER: "vultures@jpcert.or.jp",
            ID: "CVE-2021-20658",
            STATE: "PUBLIC",
         },
         affects: {
            vendor: {
               vendor_data: [
                  {
                     product: {
                        product_data: [
                           {
                              product_name: "SolarView Compact",
                              version: {
                                 version_data: [
                                    {
                                       version_value: "SV-CPT-MC310 prior to Ver.6.5",
                                    },
                                 ],
                              },
                           },
                        ],
                     },
                     vendor_name: "Contec Co., Ltd.",
                  },
               ],
            },
         },
         data_format: "MITRE",
         data_type: "CVE",
         data_version: "4.0",
         description: {
            description_data: [
               {
                  lang: "eng",
                  value: "SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an attacker to execute arbitrary OS commands with the web server privilege via unspecified vectors.",
               },
            ],
         },
         problemtype: {
            problemtype_data: [
               {
                  description: [
                     {
                        lang: "eng",
                        value: "OS Command Injection",
                     },
                  ],
               },
            ],
         },
         references: {
            reference_data: [
               {
                  name: "https://www.contec.com/jp/api/downloadlogger?download=https://www.contec.com/jp/-/media/contec/jp/support/security-info/contec_security_solarview_210216.pdf",
                  refsource: "MISC",
                  url: "https://www.contec.com/jp/api/downloadlogger?download=https://www.contec.com/jp/-/media/contec/jp/support/security-info/contec_security_solarview_210216.pdf",
               },
               {
                  name: "https://www.contec.com/jp/download/contract/contract2/?itemid=b28c8b7c-9f40-40b2-843c-b5b04c035b0e&downloaditemid=fa248fba-8901-4d9e-8212-b139f2defbdf",
                  refsource: "MISC",
                  url: "https://www.contec.com/jp/download/contract/contract2/?itemid=b28c8b7c-9f40-40b2-843c-b5b04c035b0e&downloaditemid=fa248fba-8901-4d9e-8212-b139f2defbdf",
               },
               {
                  name: "https://jvn.jp/en/jp/JVN37417423/index.html",
                  refsource: "MISC",
                  url: "https://jvn.jp/en/jp/JVN37417423/index.html",
               },
            ],
         },
      },
      "nvd.nist.gov": {
         configurations: {
            CVE_data_version: "4.0",
            nodes: [
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:contec:sv-cpt-mc310_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndExcluding: "6.5",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:contec:sv-cpt-mc310:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
            ],
         },
         cve: {
            CVE_data_meta: {
               ASSIGNER: "vultures@jpcert.or.jp",
               ID: "CVE-2021-20658",
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "en",
                     value: "SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an attacker to execute arbitrary OS commands with the web server privilege via unspecified vectors.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "en",
                           value: "CWE-78",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://www.contec.com/jp/api/downloadlogger?download=https://www.contec.com/jp/-/media/contec/jp/support/security-info/contec_security_solarview_210216.pdf",
                     refsource: "MISC",
                     tags: [
                        "Vendor Advisory",
                     ],
                     url: "https://www.contec.com/jp/api/downloadlogger?download=https://www.contec.com/jp/-/media/contec/jp/support/security-info/contec_security_solarview_210216.pdf",
                  },
                  {
                     name: "https://www.contec.com/jp/download/contract/contract2/?itemid=b28c8b7c-9f40-40b2-843c-b5b04c035b0e&downloaditemid=fa248fba-8901-4d9e-8212-b139f2defbdf",
                     refsource: "MISC",
                     tags: [
                        "Vendor Advisory",
                     ],
                     url: "https://www.contec.com/jp/download/contract/contract2/?itemid=b28c8b7c-9f40-40b2-843c-b5b04c035b0e&downloaditemid=fa248fba-8901-4d9e-8212-b139f2defbdf",
                  },
                  {
                     name: "https://jvn.jp/en/jp/JVN37417423/index.html",
                     refsource: "MISC",
                     tags: [
                        "Third Party Advisory",
                     ],
                     url: "https://jvn.jp/en/jp/JVN37417423/index.html",
                  },
               ],
            },
         },
         impact: {
            baseMetricV2: {
               acInsufInfo: false,
               cvssV2: {
                  accessComplexity: "LOW",
                  accessVector: "NETWORK",
                  authentication: "NONE",
                  availabilityImpact: "COMPLETE",
                  baseScore: 10,
                  confidentialityImpact: "COMPLETE",
                  integrityImpact: "COMPLETE",
                  vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                  version: "2.0",
               },
               exploitabilityScore: 10,
               impactScore: 10,
               obtainAllPrivilege: false,
               obtainOtherPrivilege: false,
               obtainUserPrivilege: false,
               severity: "HIGH",
               userInteractionRequired: false,
            },
            baseMetricV3: {
               cvssV3: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "HIGH",
                  baseScore: 9.8,
                  baseSeverity: "CRITICAL",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  version: "3.1",
               },
               exploitabilityScore: 3.9,
               impactScore: 5.9,
            },
         },
         lastModifiedDate: "2021-03-01T16:17Z",
         publishedDate: "2021-02-24T12:15Z",
      },
   },
}

ghsa-g664-hj5c-r32g

Vulnerability from github

Published

2022-05-24 17:43

Modified

2022-05-24 17:43

Details

SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an attacker to execute arbitrary OS commands with the web server privilege via unspecified vectors.

Show details on source website

JSON

To clipboard

{
   affected: [],
   aliases: [
      "CVE-2021-20658",
   ],
   database_specific: {
      cwe_ids: [
         "CWE-78",
      ],
      github_reviewed: false,
      github_reviewed_at: null,
      nvd_published_at: "2021-02-24T12:15:00Z",
      severity: "CRITICAL",
   },
   details: "SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an attacker to execute arbitrary OS commands with the web server privilege via unspecified vectors.",
   id: "GHSA-g664-hj5c-r32g",
   modified: "2022-05-24T17:43:00Z",
   published: "2022-05-24T17:43:00Z",
   references: [
      {
         type: "ADVISORY",
         url: "https://nvd.nist.gov/vuln/detail/CVE-2021-20658",
      },
      {
         type: "WEB",
         url: "https://jvn.jp/en/jp/JVN37417423/index.html",
      },
      {
         type: "WEB",
         url: "https://www.contec.com/jp/api/downloadlogger?download=https://www.contec.com/jp/-/media/contec/jp/support/security-info/contec_security_solarview_210216.pdf",
      },
      {
         type: "WEB",
         url: "https://www.contec.com/jp/download/contract/contract2/?itemid=b28c8b7c-9f40-40b2-843c-b5b04c035b0e&downloaditemid=fa248fba-8901-4d9e-8212-b139f2defbdf",
      },
   ],
   schema_version: "1.4.0",
   severity: [],
}

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

cve-2021-20658

Vulnerability from cvelistv5

cve-2021-20658

Vulnerability from jvndb

fkie_cve-2021-20658

Vulnerability from fkie_nvd

gsd-2021-20658

Vulnerability from gsd

ghsa-g664-hj5c-r32g

Vulnerability from github

Tags

Sightings

Nomenclature