Lucene search

[email protected]CVE-2021-20641

HistoryFeb 12, 2021 - 7:15 a.m.

CVE-2021-20641

2021-02-1207:15:00

CWE-352

[email protected]

web.nvd.nist.gov

cve

2021

20641

csrf

vulnerability

logitec

lan-w300n/rs

hijacking

admin authentication

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

6.6 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

32.8%

JSON

Cross-site request forgery (CSRF) vulnerability in LOGITEC LAN-W300N/RS allows remote attackers to hijack the authentication of administrators via a specially crafted URL. As a result, unintended operations to the device such as changes of the device settings may be conducted.

CPENameOperatorVersion
logitech:lan-w300n\/rs_firmwarelogitech lan-w300n\/rs firmwareeq-

CPE	Name	Operator	Version
logitech:lan-w300n\/rs_firmware	logitech lan-w300n\/rs firmware	eq	-

References

jvn.jp/en/jp/JVN96783542/index.html

www.elecom.co.jp/news/security/20210126-01/

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

6.6 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

32.8%

JSON

Related for CVE-2021-20641

prion1 cvelist1 jvn1