Vulnerability Details CVE-2021-20844
Improper neutralization of HTTP request headers for scripting syntax vulnerability in the Web GUI of RTX830 Rev.15.02.17 and earlier, NVR510 Rev.15.01.18 and earlier, NVR700W Rev.15.00.19 and earlier, and RTX1210 Rev.14.01.38 and earlier allows a remote authenticated attacker to obtain sensitive information via a specially crafted web page.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 55.8%
CVSS Severity
CVSS v3 Score 5.7
CVSS v2 Score 3.5
References
- http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVNVU91161784.html
- https://business.ntt-east.co.jp/topics/2021/11_09.html
- https://jvn.jp/en/vu/JVNVU91161784/index.html
- https://www.ntt-west.co.jp/smb/kiki_info/info/211109.html
- http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVNVU91161784.html
- https://business.ntt-east.co.jp/topics/2021/11_09.html
- https://jvn.jp/en/vu/JVNVU91161784/index.html
- https://www.ntt-west.co.jp/smb/kiki_info/info/211109.html
Products affected by CVE-2021-20844
-
cpe:2.3:h:ntt-west:biz_box_nvr510:-
-
cpe:2.3:h:ntt-west:biz_box_nvr700w:-
-
cpe:2.3:h:ntt-west:biz_box_rtx1210:-
-
cpe:2.3:h:ntt-west:biz_box_rtx830:-
-
cpe:2.3:h:yamaha:nvr510:-
-
cpe:2.3:h:yamaha:nvr700w:-
-
cpe:2.3:h:yamaha:rtx1210:-
-
cpe:2.3:h:yamaha:rtx830:-
-
cpe:2.3:o:ntt-west:biz_box_nvr510_firmware:-
-
cpe:2.3:o:ntt-west:biz_box_nvr700w_firmware:-
-
cpe:2.3:o:ntt-west:biz_box_nvr700w_firmware:15.00.19
-
cpe:2.3:o:ntt-west:biz_box_rtx1210_firmware:-
-
cpe:2.3:o:ntt-west:biz_box_rtx1210_firmware:14.01.38
-
cpe:2.3:o:ntt-west:biz_box_rtx830_firmware:-
-
cpe:2.3:o:ntt-west:biz_box_rtx830_firmware:15.02.17
-
cpe:2.3:o:yamaha:nvr510_firmware:15.01.14
-
cpe:2.3:o:yamaha:nvr510_firmware:15.01.18
-
cpe:2.3:o:yamaha:nvr700w_firmware:15.00.15
-
cpe:2.3:o:yamaha:nvr700w_firmware:15.00.19
-
cpe:2.3:o:yamaha:rtx1210_firmware:14.01.33
-
cpe:2.3:o:yamaha:rtx1210_firmware:14.01.38
-
cpe:2.3:o:yamaha:rtx830_firmware:15.02.09
-
cpe:2.3:o:yamaha:rtx830_firmware:15.02.17