CVE-2021-21968

Exploit

EPSS 0.42%
Veröffentlicht 04.02.2022 23:15:10
Zuletzt bearbeitet 21.11.2024 05:49:20
Quelle talos-cna@cisco.com
CVE-Watchlists
Login
Unerledigt
Login

A file write vulnerability exists in the OTA update task functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. A specially-crafted MQTT payload can lead to arbitrary file overwrite. An attacker can perform a man-in-the-middle attack to trigger this vulnerability.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Sealevel ≫ Seaconnect 370w Firmware Version1.3.34

Sealevel ≫ Seaconnect 370w Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.42%	0.61

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.3	1.6	6	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P
talos-cna@cisco.com	8.1	2.2	5.9	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://talosintelligence.com/vulnerability_reports/TALOS-2021-1395

Third Party Advisory

Exploit

Technical Description

https://nvd.nist.gov/vuln/detail/CVE-2021-21968

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-21968

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-21968

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2021-21968