Lucene search

MitreCVE-2021-3304

HistoryJan 26, 2021 - 6:16 p.m.

CVE-2021-3304

2021-01-2618:16:29

CWE-120

mitre

web.nvd.nist.gov

cve-2021-3304

sagemcom

f@st 3686

buffer overflow

sessionkey

nvd

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.6

Confidence

High

EPSS

0.004

Percentile

72.6%

JSON

Sagemcom F@ST 3686 v2 3.495 devices have a buffer overflow via a long sessionKey to the goform/login URI.

Affected configurations

Nvd

Node

sagemcomf\@st_3686Matchv2

AND

sagemcomf\@st_3686_firmwareMatch3.495

VendorProductVersionCPE
sagemcomf\@st_3686v2cpe:2.3:h:sagemcom:f\@st_3686:v2:*:*:*:*:*:*:*
sagemcomf\@st_3686_firmware3.495cpe:2.3:o:sagemcom:f\@st_3686_firmware:3.495:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
sagemcom	f\@st_3686	v2	cpe:2.3:h:sagemcom:f\@st_3686:v2:::::::*
sagemcom	f\@st_3686_firmware	3.495	cpe:2.3:o:sagemcom:f\@st_3686_firmware:3.495:::::::*

References

twitter.com/j0nh4t/status/1349649975479840769

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.6

Confidence

High

EPSS

0.004

Percentile

72.6%

JSON

Related for CVE-2021-3304