CVE-2021-39243

Exploit

EPSS 0.12%
Veröffentlicht 23.08.2021 05:15:08
Zuletzt bearbeitet 21.11.2024 06:19:00
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

Cross-Site Request Forgery (CSRF) exists on Altus Nexto, Nexto Xpress, and Hadron Xtorm devices via any CGI endpoint. This affects Nexto NX3003 1.8.11.0, Nexto NX3004 1.8.11.0, Nexto NX3005 1.8.11.0, Nexto NX3010 1.8.3.0, Nexto NX3020 1.8.3.0, Nexto NX3030 1.8.3.0, Nexto NX5100 1.8.11.0, Nexto NX5101 1.8.11.0, Nexto NX5110 1.1.2.8, Nexto NX5210 1.1.2.8, Nexto Xpress XP300 1.8.11.0, Nexto Xpress XP315 1.8.11.0, Nexto Xpress XP325 1.8.11.0, Nexto Xpress XP340 1.8.11.0, and Hadron Xtorm HX3040 1.7.58.0.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Altus ≫ Nexto Nx3003 Firmware Version1.8.11.0

Altus ≫ Nexto Nx3003 Version-

Altus ≫ Nexto Nx3004 Firmware Version1.8.11.0

Altus ≫ Nexto Nx3004 Version-

Altus ≫ Nexto Nx3005 Firmware Version1.8.11.0

Altus ≫ Nexto Nx3005 Version-

Altus ≫ Nexto Nx3010 Firmware Version1.8.3.0

Altus ≫ Nexto Nx3010 Version-

Altus ≫ Nexto Nx3020 Firmware Version1.8.3.0

Altus ≫ Nexto Nx3020 Version-

Altus ≫ Nexto Nx3030 Firmware Version1.8.3.0

Altus ≫ Nexto Nx3030 Version-

Altus ≫ Nexto Nx5100 Firmware Version1.8.11.0

Altus ≫ Nexto Nx5100 Version-

Altus ≫ Nexto Nx5101 Firmware Version1.8.11.0

Altus ≫ Nexto Nx5101 Version-

Altus ≫ Nexto Nx5110 Firmware Version1.1.2.8

Altus ≫ Nexto Nx5110 Version-

Altus ≫ Nexto Nx5210 Firmware Version1.1.2.8

Altus ≫ Nexto Nx5210 Version-

Altus ≫ Nexto Xpress Xp300 Firmware Version1.8.11.0

Altus ≫ Nexto Xpress Xp300 Version-

Altus ≫ Nexto Xpress Xp315 Firmware Version1.8.11.0

Altus ≫ Nexto Xpress Xp315 Version-

Altus ≫ Nexto Xpress Xp325 Firmware Version1.8.11.0

Altus ≫ Nexto Xpress Xp325 Version-

Altus ≫ Nexto Xpress Xp340 Firmware Version1.8.11.0

Altus ≫ Nexto Xpress Xp340 Version-

Altus ≫ Hadron Xtorm Hx3040 Firmware Version1.7.58.0

Altus ≫ Hadron Xtorm Hx3040 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.12%	0.277

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:P/A:N

CWE-352 Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

http://seclists.org/fulldisclosure/2021/Aug/21

Third Party Advisory

Exploit

Mailing List

https://www.altus.com.br/

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-39243

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-39243

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-39243

EUVD