Lucene search
KrcertCVE-2021-26639HistoryAug 17, 2022 - 9:15 p.m.
CVE-2021-26639
2022-08-1721:15:08
CWE-20
CWE-494
krcert
web.nvd.nist.gov
30
5
vulnerability
wisa smart wing cms
remote attackers
file leak
input validation
CVSS3
8.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
EPSS
0.002
Percentile
61.3%
This vulnerability is caused by the lack of validation of input values for specific functions if WISA Smart Wing CMS. Remote attackers can use this vulnerability to leak all files in the server without logging in system.
Affected configurations
Node
linuxlinux_kernelMatch-
wisasmart_wing_cmsRange<r18715.20211229
| Vendor | Product | Version | CPE |
|---|---|---|---|
| linux | linux_kernel | - | cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:* |
| wisa | smart_wing_cms | * | cpe:2.3:a:wisa:smart_wing_cms:*:*:*:*:*:*:*:* |
CNA Affected
[
{
"platforms": [
"Linux"
],
"product": "Smart Wing CMS",
"vendor": "WISA corp.",
"versions": [
{
"lessThan": "r18715.20211229",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
]Social References
More
Related
cvelist
cvelist
CVE-2021-26639 WISA Smart Wing CMS File Download Vulnerability
2022-08-17 20:21:29
nvd
nvd
CVE-2021-26639
2022-08-17 21:15:08
prion
prion
Input validation
2022-08-17 21:15:00
CVSS3
8.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
EPSS
0.002
Percentile
61.3%
Related for CVE-2021-26639