CVE-2021-39245

Published Aug 23, 2021

Last updated 3 years ago

CVSS high 7.5

Overview

Description: Hardcoded .htaccess Credentials for getlogs.cgi exist on Altus Nexto, Nexto Xpress, and Hadron Xtorm devices. This affects Nexto NX3003 1.8.11.0, Nexto NX3004 1.8.11.0, Nexto NX3005 1.8.11.0, Nexto NX3010 1.8.3.0, Nexto NX3020 1.8.3.0, Nexto NX3030 1.8.3.0, Nexto NX5100 1.8.11.0, Nexto NX5101 1.8.11.0, Nexto NX5110 1.1.2.8, Nexto NX5210 1.1.2.8, Nexto Xpress XP300 1.8.11.0, Nexto Xpress XP315 1.8.11.0, Nexto Xpress XP325 1.8.11.0, Nexto Xpress XP340 1.8.11.0, and Hadron Xtorm HX3040 1.7.58.0.
Source: cve@mitre.org
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 7.5
Impact score: 3.6
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Severity: HIGH

CVSS 2.0

Type: Primary
Base score: 5
Impact score: 2.9
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:N/A:N

Weaknesses

nvd@nist.gov: CWE-798

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:altus:nexto_nx3003_firmware:1.8.11.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7A5848CF-312E-4053-B838-27CEDF388204"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:altus:nexto_nx3003:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "50B12BD3-2585-4504-A61F-7FF929604269"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:altus:nexto_nx3004_firmware:1.8.11.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3152151F-5313-4016-BA72-68B26F9AD5DC"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:altus:nexto_nx3004:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "5360B24F-4EFA-404D-95AF-6F9A60064594"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:altus:nexto_nx3005_firmware:1.8.11.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4FF5DDB4-4E37-4F02-BA5C-9FB6B9DEFDF0"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:altus:nexto_nx3005:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "B0C06EAE-E56C-405C-8E01-807F21F8E959"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:altus:nexto_nx3010_firmware:1.8.3.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6A8ADE03-CCFF-4E02-A800-0F493BBF893C"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:altus:nexto_nx3010:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "AB8D19E7-4346-4190-9C1E-8E8DE27F1097"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:altus:nexto_nx3020_firmware:1.8.3.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "28992202-3C21-4C5C-BEC3-190DDCA4BDB2"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:altus:nexto_nx3020:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "8848DA89-0ECA-4CB7-AC13-E08CD3FCBBC8"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:altus:nexto_nx3030_firmware:1.8.3.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "115AA6E9-89A1-49D7-967C-5C41F114C166"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:altus:nexto_nx3030:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "14DF8FB7-9BED-4195-A496-26087C4B0E53"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:altus:nexto_nx5100_firmware:1.8.11.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DA3F5402-EA1C-46EC-9AC1-BC38C4904B18"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:altus:nexto_nx5100:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "548AF25D-1275-4881-8740-E5A0EA7374C2"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:altus:nexto_nx5101_firmware:1.8.11.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E1431A2A-DC65-4B6B-AB7D-35BFDA97555B"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:altus:nexto_nx5101:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "E11B7273-046E-458F-AE2E-A5AEFABDA577"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:altus:nexto_nx5110_firmware:1.1.2.8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CEEA3B8D-1E80-4A56-9840-150DCAA7A192"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:altus:nexto_nx5110:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "8DBF577A-EA51-41B8-915C-75EDBEE2AAE5"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:altus:nexto_nx5210_firmware:1.1.2.8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "66F25371-1B64-4D5A-A4BD-D1F90CB2B7C3"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:altus:nexto_nx5210:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "571E4999-3708-4F95-8436-ACFAF7F13A37"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:altus:nexto_xpress_xp300_firmware:1.8.11.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "641542F1-E275-42D6-B0E2-EF677DC7E760"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:altus:nexto_xpress_xp300:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "AA8AA07F-E8FE-4599-A65B-71E2416EFBF0"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:altus:nexto_xpress_xp315_firmware:1.8.11.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3CBAB5F2-E302-494D-9D81-938DCF9510B3"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:altus:nexto_xpress_xp315:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "7AAB7834-2BBF-40C5-9671-4696C889ADA1"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:altus:nexto_xpress_xp325_firmware:1.8.11.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B81B3D6D-3F37-45DE-82F9-DA32925F965F"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:altus:nexto_xpress_xp325:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "4B9D2F20-49F8-4BBE-81C8-C7B7ED58B524"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:altus:nexto_xpress_xp340_firmware:1.8.11.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "035270A8-485C-4109-A61F-A5B22B63D3BF"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:altus:nexto_xpress_xp340:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "F09EAD1C-9A59-4E82-B267-AF99BDFDDBD8"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:altus:hadron_xtorm_hx3040_firmware:1.7.58.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "671F0A89-017A-4552-8408-7E39C01421E6"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:altus:hadron_xtorm_hx3040:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "A81D05A0-BC2F-40AD-8E06-AF5E0D1B85AB"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References