Lucene search

KrcertCVELIST:CVE-2021-26639

HistoryAug 17, 2022 - 8:21 p.m.

CVE-2021-26639 WISA Smart Wing CMS File Download Vulnerability

2022-08-1720:21:29

CWE-494

CWE-20

krcert

www.cve.org

wisa smart wing cms

input validation

remote attackers

file download

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

AI Score

8.2

Confidence

High

EPSS

0.002

Percentile

61.3%

JSON

This vulnerability is caused by the lack of validation of input values for specific functions if WISA Smart Wing CMS. Remote attackers can use this vulnerability to leak all files in the server without logging in system.

CNA Affected

[
  {
    "platforms": [
      "Linux"
    ],
    "product": "Smart Wing CMS",
    "vendor": "WISA corp.",
    "versions": [
      {
        "lessThan": "r18715.20211229",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=66875

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

AI Score

8.2

Confidence

High

EPSS

0.002

Percentile

61.3%

JSON

Related for CVELIST:CVE-2021-26639