Lucene search

[email protected]CVE-2021-22640

HistoryJul 28, 2022 - 3:15 p.m.

CVE-2021-22640

2022-07-2815:15:07

CWE-294

CWE-307

[email protected]

web.nvd.nist.gov

cve

2021

22640

attacker

decrypt

ovarro tbox

communication capture

brute force

nvd

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.5 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

57.0%

JSON

An attacker can decrypt the Ovarro TBox login password by communication capture and brute force attacks.

Affected configurations

NVD

Node

ovarrotwinsoftRange<12.4

Node

ovarrotbox_lt2-530Match-

AND

ovarrotbox_lt2-530_firmwareRange<1.46

Node

ovarrotbox_lt2-532Match-

AND

ovarrotbox_lt2-532_firmwareRange<1.46

Node

ovarrotbox_lt2-540Match-

AND

ovarrotbox_lt2-540_firmwareRange<1.46

Node

ovarrotbox_ms-cpu32Match-

AND

ovarrotbox_ms-cpu32_firmwareRange<1.46

Node

ovarrotbox_ms-cpu32-s2Match-

AND

ovarrotbox_ms-cpu32-s2_firmwareRange<1.46

Node

ovarrotbox_rm2Match-

AND

ovarrotbox_rm2_firmwareRange<1.46

Node

ovarrotbox_tg2Match-

AND

ovarrotbox_tg2_firmwareRange<1.46

CPENameOperatorVersion
ovarro:twinsoftovarro twinsoftlt12.4

CPE	Name	Operator	Version
ovarro:twinsoft	ovarro twinsoft	lt	12.4

CNA Affected

[
  {
    "product": "TBox",
    "vendor": "Ovarro",
    "versions": [
      {
        "status": "affected",
        "version": "LT2"
      },
      {
        "status": "affected",
        "version": "MS-CPU32"
      },
      {
        "status": "affected",
        "version": "MS-CPU32-S2"
      },
      {
        "status": "affected",
        "version": "RM2"
      },
      {
        "status": "affected",
        "version": "TG2"
      }
    ]
  }
]