Lucene search

JpcertCVE-2021-20847

HistoryDec 01, 2021 - 3:15 a.m.

CVE-2021-20847

2021-12-0103:15:06

CWE-79

jpcert

web.nvd.nist.gov

cve

2021

20847

cross-site scripting

wi-fi

station

sh-52a

webui

vulnerability

nvd

remote attacker

unauthenticated

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

39.0%

JSON

Cross-site scripting vulnerability in Wi-Fi STATION SH-52A (38JP_1_11G, 38JP_1_11J, 38JP_1_11K, 38JP_1_11L, 38JP_1_26F, 38JP_1_26G, 38JP_1_26J, 38JP_2_03B, and 38JP_2_03C) allows a remote unauthenticated attacker to inject an arbitrary script via WebUI of the device.

Affected configurations

Nvd

Vulners

Node

nttdocomowi-fi_station_sh-52aMatch-

AND

nttdocomowi-fi_station_sh-52a_firmwareMatch38jp_1_11g

nttdocomowi-fi_station_sh-52a_firmwareMatch38jp_1_11j

nttdocomowi-fi_station_sh-52a_firmwareMatch38jp_1_11k

nttdocomowi-fi_station_sh-52a_firmwareMatch38jp_1_11l

nttdocomowi-fi_station_sh-52a_firmwareMatch38jp_1_26f

nttdocomowi-fi_station_sh-52a_firmwareMatch38jp_1_26g

nttdocomowi-fi_station_sh-52a_firmwareMatch38jp_1_26j

nttdocomowi-fi_station_sh-52a_firmwareMatch38jp_2_03b

nttdocomowi-fi_station_sh-52a_firmwareMatch38jp_2_03c

VendorProductVersionCPE
nttdocomowi-fi_station_sh-52a-cpe:2.3:h:nttdocomo:wi-fi_station_sh-52a:-:*:*:*:*:*:*:*
nttdocomowi-fi_station_sh-52a_firmware38jp_1_11gcpe:2.3:o:nttdocomo:wi-fi_station_sh-52a_firmware:38jp_1_11g:*:*:*:*:*:*:*
nttdocomowi-fi_station_sh-52a_firmware38jp_1_11jcpe:2.3:o:nttdocomo:wi-fi_station_sh-52a_firmware:38jp_1_11j:*:*:*:*:*:*:*
nttdocomowi-fi_station_sh-52a_firmware38jp_1_11kcpe:2.3:o:nttdocomo:wi-fi_station_sh-52a_firmware:38jp_1_11k:*:*:*:*:*:*:*
nttdocomowi-fi_station_sh-52a_firmware38jp_1_11lcpe:2.3:o:nttdocomo:wi-fi_station_sh-52a_firmware:38jp_1_11l:*:*:*:*:*:*:*
nttdocomowi-fi_station_sh-52a_firmware38jp_1_26fcpe:2.3:o:nttdocomo:wi-fi_station_sh-52a_firmware:38jp_1_26f:*:*:*:*:*:*:*
nttdocomowi-fi_station_sh-52a_firmware38jp_1_26gcpe:2.3:o:nttdocomo:wi-fi_station_sh-52a_firmware:38jp_1_26g:*:*:*:*:*:*:*
nttdocomowi-fi_station_sh-52a_firmware38jp_1_26jcpe:2.3:o:nttdocomo:wi-fi_station_sh-52a_firmware:38jp_1_26j:*:*:*:*:*:*:*
nttdocomowi-fi_station_sh-52a_firmware38jp_2_03bcpe:2.3:o:nttdocomo:wi-fi_station_sh-52a_firmware:38jp_2_03b:*:*:*:*:*:*:*
nttdocomowi-fi_station_sh-52a_firmware38jp_2_03ccpe:2.3:o:nttdocomo:wi-fi_station_sh-52a_firmware:38jp_2_03c:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
nttdocomo	wi-fi_station_sh-52a	-	cpe:2.3:h:nttdocomo:wi-fi_station_sh-52a:-:::::::*
nttdocomo	wi-fi_station_sh-52a_firmware	38jp_1_11g	cpe:2.3:o:nttdocomo:wi-fi_station_sh-52a_firmware:38jp_1_11g:::::::*
nttdocomo	wi-fi_station_sh-52a_firmware	38jp_1_11j	cpe:2.3:o:nttdocomo:wi-fi_station_sh-52a_firmware:38jp_1_11j:::::::*
nttdocomo	wi-fi_station_sh-52a_firmware	38jp_1_11k	cpe:2.3:o:nttdocomo:wi-fi_station_sh-52a_firmware:38jp_1_11k:::::::*
nttdocomo	wi-fi_station_sh-52a_firmware	38jp_1_11l	cpe:2.3:o:nttdocomo:wi-fi_station_sh-52a_firmware:38jp_1_11l:::::::*
nttdocomo	wi-fi_station_sh-52a_firmware	38jp_1_26f	cpe:2.3:o:nttdocomo:wi-fi_station_sh-52a_firmware:38jp_1_26f:::::::*
nttdocomo	wi-fi_station_sh-52a_firmware	38jp_1_26g	cpe:2.3:o:nttdocomo:wi-fi_station_sh-52a_firmware:38jp_1_26g:::::::*
nttdocomo	wi-fi_station_sh-52a_firmware	38jp_1_26j	cpe:2.3:o:nttdocomo:wi-fi_station_sh-52a_firmware:38jp_1_26j:::::::*
nttdocomo	wi-fi_station_sh-52a_firmware	38jp_2_03b	cpe:2.3:o:nttdocomo:wi-fi_station_sh-52a_firmware:38jp_2_03b:::::::*
nttdocomo	wi-fi_station_sh-52a_firmware	38jp_2_03c	cpe:2.3:o:nttdocomo:wi-fi_station_sh-52a_firmware:38jp_2_03c:::::::*

CNA Affected

[
  {
    "product": "Wi-Fi STATION SH-52A",
    "vendor": "NTT DOCOMO, INC.",
    "versions": [
      {
        "status": "affected",
        "version": "38JP_1_11G, 38JP_1_11J, 38JP_1_11K, 38JP_1_11L, 38JP_1_26F, 38JP_1_26G, 38JP_1_26J, 38JP_2_03B, and 38JP_2_03C"
      }
    ]
  }
]

References

jvn.jp/en/jp/JVN19482703/index.html

www.nttdocomo.co.jp/support/product_update/sh52a/index.html

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

39.0%

JSON

Related for CVE-2021-20847