6.8
CVE-2021-20852
- EPSS 0.15%
- Veröffentlicht 01.12.2021 03:15:06
- Zuletzt bearbeitet 21.11.2024 05:47:16
- Quelle vultures@jpcert.or.jp
- CVE-Watchlists
- Unerledigt
LoginBuffer overflow vulnerability in ELECOM LAN routers (WRH-733GBK firmware v1.02.9 and prior and WRH-733GWH firmware v1.02.9 and prior) allows a network-adjacent attacker with an administrator privilege to execute an arbitrary OS command via unspecified vectors.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Elecom ≫ Wrh-733gbk Firmware Version <= 1.02.9
Elecom ≫ Wrh-733gwh Firmware Version <= 1.02.9
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.15% | 0.323 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.8 | 0.9 | 5.9 |
CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 5.2 | 5.1 | 6.4 |
AV:A/AC:L/Au:S/C:P/I:P/A:P
|
CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.