Lucene search

[email protected]CVE-2021-39245

HistoryAug 23, 2021 - 5:15 a.m.

CVE-2021-39245

2021-08-2305:15:00

CWE-798

[email protected]

web.nvd.nist.gov

cve-2021-39245

hardcoded credentials

altus nexto

nexto xpress

hadron xtorm

security vulnerability

getlogs.cgi

nvd

device security

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

8.2 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.003 Low

EPSS

Percentile

67.3%

JSON

Hardcoded .htaccess Credentials for getlogs.cgi exist on Altus Nexto, Nexto Xpress, and Hadron Xtorm devices. This affects Nexto NX3003 1.8.11.0, Nexto NX3004 1.8.11.0, Nexto NX3005 1.8.11.0, Nexto NX3010 1.8.3.0, Nexto NX3020 1.8.3.0, Nexto NX3030 1.8.3.0, Nexto NX5100 1.8.11.0, Nexto NX5101 1.8.11.0, Nexto NX5110 1.1.2.8, Nexto NX5210 1.1.2.8, Nexto Xpress XP300 1.8.11.0, Nexto Xpress XP315 1.8.11.0, Nexto Xpress XP325 1.8.11.0, Nexto Xpress XP340 1.8.11.0, and Hadron Xtorm HX3040 1.7.58.0.

CPENameOperatorVersion
altus:nexto_nx3003_firmwarealtus nexto nx3003 firmwareeq1.8.11.0
altus:nexto_nx3004_firmwarealtus nexto nx3004 firmwareeq1.8.11.0
altus:nexto_nx3005_firmwarealtus nexto nx3005 firmwareeq1.8.11.0
altus:nexto_nx3010_firmwarealtus nexto nx3010 firmwareeq1.8.3.0
altus:nexto_nx3020_firmwarealtus nexto nx3020 firmwareeq1.8.3.0
altus:nexto_nx3030_firmwarealtus nexto nx3030 firmwareeq1.8.3.0
altus:nexto_nx5100_firmwarealtus nexto nx5100 firmwareeq1.8.11.0
altus:nexto_nx5101_firmwarealtus nexto nx5101 firmwareeq1.8.11.0
altus:nexto_nx5110_firmwarealtus nexto nx5110 firmwareeq1.1.2.8
altus:nexto_nx5210_firmwarealtus nexto nx5210 firmwareeq1.1.2.8

CPE	Name	Operator	Version
altus:nexto_nx3003_firmware	altus nexto nx3003 firmware	eq	1.8.11.0
altus:nexto_nx3004_firmware	altus nexto nx3004 firmware	eq	1.8.11.0
altus:nexto_nx3005_firmware	altus nexto nx3005 firmware	eq	1.8.11.0
altus:nexto_nx3010_firmware	altus nexto nx3010 firmware	eq	1.8.3.0
altus:nexto_nx3020_firmware	altus nexto nx3020 firmware	eq	1.8.3.0
altus:nexto_nx3030_firmware	altus nexto nx3030 firmware	eq	1.8.3.0
altus:nexto_nx5100_firmware	altus nexto nx5100 firmware	eq	1.8.11.0
altus:nexto_nx5101_firmware	altus nexto nx5101 firmware	eq	1.8.11.0
altus:nexto_nx5110_firmware	altus nexto nx5110 firmware	eq	1.1.2.8
altus:nexto_nx5210_firmware	altus nexto nx5210 firmware	eq	1.1.2.8

Rows per page:

1-10 of 151

References

seclists.org/fulldisclosure/2021/Aug/21

www.altus.com.br/

Social References

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

8.2 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.003 Low

EPSS

Percentile

67.3%

JSON

Related for CVE-2021-39245

prion1 zdt1 packetstorm1