CVE-2021-39291

Published Aug 23, 2021

Last updated a year ago

CVSS high 8.8

Overview

Description: Certain NetModule devices allow credentials via GET parameters to CLI-PHP. These models with firmware before 4.3.0.113, 4.4.0.111, and 4.5.0.105 are affected: NB800, NB1600, NB1601, NB1800, NB1810, NB2700, NB2710, NB2800, NB2810, NB3700, NB3701, NB3710, NB3711, NB3720, and NB3800.
Source: cve@mitre.org
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 8.8
Impact score: 5.9
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity: HIGH

CVSS 2.0

Type: Primary
Base score: 6.5
Impact score: 6.4
Exploitability score: 8
Vector string: AV:N/AC:L/Au:S/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-532

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:netmodule:netmodule_router_software:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "012DBD5F-C5F7-472F-98F0-0EE481A1A39D",
            "versionEndExcluding": "4.3.0.113"
          },
          {
            "criteria": "cpe:2.3:a:netmodule:netmodule_router_software:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "46A74835-CD8C-4CD7-98B5-0820A02DEAA0",
            "versionEndExcluding": "4.4.0.111",
            "versionStartIncluding": "4.4.0.0"
          },
          {
            "criteria": "cpe:2.3:a:netmodule:netmodule_router_software:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "09DCDB3A-0E51-4C6E-8423-DD2F84C64478",
            "versionEndExcluding": "4.5.0.105",
            "versionStartIncluding": "4.5.0.0"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:netmodule:nb1600:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "6D275CDC-0FE9-40C6-8CD4-3C836458C6C6"
          },
          {
            "criteria": "cpe:2.3:h:netmodule:nb1601:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "5C90BC32-C405-4178-B944-9CF39C212C46"
          },
          {
            "criteria": "cpe:2.3:h:netmodule:nb1800:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "A80AE348-C415-4B5F-B359-26E2F2A132F7"
          },
          {
            "criteria": "cpe:2.3:h:netmodule:nb1810:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "A3CF8E81-2EB5-4CDC-9FC9-CEAF4E1E7514"
          },
          {
            "criteria": "cpe:2.3:h:netmodule:nb2700:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "7751755B-A1A8-4538-94D1-A49FC40565A5"
          },
          {
            "criteria": "cpe:2.3:h:netmodule:nb2710:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "0AFE5094-EA46-4389-880F-32E892BC703D"
          },
          {
            "criteria": "cpe:2.3:h:netmodule:nb2800:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "EFF579A1-A31C-47F3-912A-43F5B4894497"
          },
          {
            "criteria": "cpe:2.3:h:netmodule:nb2810:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "41310FAF-CD23-4126-942D-DA950A96DF3E"
          },
          {
            "criteria": "cpe:2.3:h:netmodule:nb3700:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "79C621EF-0650-418D-B39D-C07FE4728DB9"
          },
          {
            "criteria": "cpe:2.3:h:netmodule:nb3701:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "962F7AFA-76A3-4F83-AA2C-AB168C644104"
          },
          {
            "criteria": "cpe:2.3:h:netmodule:nb3710:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "78EBE526-E036-4FCC-B617-376ABC679111"
          },
          {
            "criteria": "cpe:2.3:h:netmodule:nb3711:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "923D8D38-E3DB-47C0-92C3-AD1A05EEAC83"
          },
          {
            "criteria": "cpe:2.3:h:netmodule:nb3720:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "C2E345B5-CF76-4385-B4C3-B7F00DB0C52B"
          },
          {
            "criteria": "cpe:2.3:h:netmodule:nb3800:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "7120564A-4FE0-403E-A976-9658A665E51A"
          },
          {
            "criteria": "cpe:2.3:h:netmodule:nb800:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "3B550124-772B-4384-BA89-72B68E01F61E"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References