5.7

CVE-2021-20844

Improper neutralization of HTTP request headers for scripting syntax vulnerability in the Web GUI of RTX830 Rev.15.02.17 and earlier, NVR510 Rev.15.01.18 and earlier, NVR700W Rev.15.00.19 and earlier, and RTX1210 Rev.14.01.38 and earlier allows a remote authenticated attacker to obtain sensitive information via a specially crafted web page.

Data is provided by the National Vulnerability Database (NVD)
YamahaRtx830 Firmware Version <= 15.02.17
   YamahaRtx830 Version-
YamahaNvr510 Firmware Version <= 15.01.18
   YamahaNvr510 Version-
YamahaNvr700w Firmware Version <= 15.00.19
   YamahaNvr700w Version-
YamahaRtx1210 Firmware Version <= 14.01.38
   YamahaRtx1210 Version-
Ntt-westBiz Box Rtx830 Firmware Version <= 15.02.17
   Ntt-westBiz Box Rtx830 Version-
Ntt-westBiz Box Nvr510 Firmware Version < 15.01.18
   Ntt-westBiz Box Nvr510 Version-
Ntt-westBiz Box Nvr700w Firmware Version <= 15.00.19
   Ntt-westBiz Box Nvr700w Version-
Ntt-westBiz Box Rtx1210 Firmware Version <= 14.01.38
   Ntt-westBiz Box Rtx1210 Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.34% 0.536
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 5.7 2.1 3.6
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
nvd@nist.gov 3.5 6.8 2.9
AV:N/AC:M/Au:S/C:P/I:N/A:N
CWE-116 Improper Encoding or Escaping of Output

The product prepares a structured message for communication with another component, but encoding or escaping of the data is either missing or done incorrectly. As a result, the intended structure of the message is not preserved.

https://jvn.jp/en/vu/JVNVU91161784/index.html
Third Party Advisory
Mitigation