9.8
CVE-2021-45428
- EPSS 91.55%
- Veröffentlicht 03.01.2022 14:15:07
- Zuletzt bearbeitet 21.11.2024 06:32:12
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginTLR-2005KSH is affected by an incorrect access control vulnerability. THe PUT method is enabled so an attacker can upload arbitrary files including HTML and CGI formats.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Telesquare ≫ Tlr-2005ksh Firmware Version-
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 91.55% | 0.997 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
CWE-639 Authorization Bypass Through User-Controlled Key
The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.