CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2021-26637

There is no account authentication and permission check logic in the firmware and existing apps of SiHAS's SGW-300, ACM-300, GCM-300, so unauthorized users can remotely control the device.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.009

EPSS Ranking 75.2%

CVSS Severity

CVSS v3 Score 8.8

CVSS v2 Score 7.5

References

https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=66782
https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=66782

Products affected by CVE-2021-26637

Shinasys » Sihas Acm-300 » Version: N/A

cpe:2.3:h:shinasys:sihas_acm-300:-
Shinasys » Sihas Gcm-300 » Version: N/A

cpe:2.3:h:shinasys:sihas_gcm-300:-
Shinasys » Sihas Sgw-300 » Version: N/A

cpe:2.3:h:shinasys:sihas_sgw-300:-
Shinasys » Sihas Acm-300 Firmware » Version: N/A

cpe:2.3:o:shinasys:sihas_acm-300_firmware:-
Shinasys » Sihas Gcm-300 Firmware » Version: N/A

cpe:2.3:o:shinasys:sihas_gcm-300_firmware:-
Shinasys » Sihas Sgw-300 Firmware » Version: N/A

cpe:2.3:o:shinasys:sihas_sgw-300_firmware:-

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-26637

Products

Pricing

Contact Us