Lucene search

[email protected]NVD:CVE-2021-26637

HistoryJun 23, 2022 - 5:15 p.m.

CVE-2021-26637

2022-06-2317:15:11

CWE-862

CWE-306

CWE-287

[email protected]

web.nvd.nist.gov

sihas

account authentication

permission checks

remote control

cve-2021-26637

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

56.3%

JSON

There is no account authentication and permission check logic in the firmware and existing apps of SiHAS’s SGW-300, ACM-300, GCM-300, so unauthorized users can remotely control the device.

Affected configurations

Nvd

Node

shinasyssihas_sgw-300_firmwareMatch-android

shinasyssihas_sgw-300_firmwareMatch-iphone_os

AND

shinasyssihas_sgw-300Match-

Node

shinasyssihas_acm-300_firmwareMatch-android

shinasyssihas_acm-300_firmwareMatch-iphone_os

AND

shinasyssihas_acm-300Match-

Node

shinasyssihas_gcm-300_firmwareMatch-android

shinasyssihas_gcm-300_firmwareMatch-iphone_os

AND

shinasyssihas_gcm-300Match-

VendorProductVersionCPE
shinasyssihas_sgw-300_firmware-cpe:2.3:o:shinasys:sihas_sgw-300_firmware:-:*:*:*:*:android:*:*
shinasyssihas_sgw-300_firmware-cpe:2.3:o:shinasys:sihas_sgw-300_firmware:-:*:*:*:*:iphone_os:*:*
shinasyssihas_sgw-300-cpe:2.3:h:shinasys:sihas_sgw-300:-:*:*:*:*:*:*:*
shinasyssihas_acm-300_firmware-cpe:2.3:o:shinasys:sihas_acm-300_firmware:-:*:*:*:*:android:*:*
shinasyssihas_acm-300_firmware-cpe:2.3:o:shinasys:sihas_acm-300_firmware:-:*:*:*:*:iphone_os:*:*
shinasyssihas_acm-300-cpe:2.3:h:shinasys:sihas_acm-300:-:*:*:*:*:*:*:*
shinasyssihas_gcm-300_firmware-cpe:2.3:o:shinasys:sihas_gcm-300_firmware:-:*:*:*:*:android:*:*
shinasyssihas_gcm-300_firmware-cpe:2.3:o:shinasys:sihas_gcm-300_firmware:-:*:*:*:*:iphone_os:*:*
shinasyssihas_gcm-300-cpe:2.3:h:shinasys:sihas_gcm-300:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
shinasys	sihas_sgw-300_firmware	-	cpe:2.3:o:shinasys:sihas_sgw-300_firmware:-:::::android::
shinasys	sihas_sgw-300_firmware	-	cpe:2.3:o:shinasys:sihas_sgw-300_firmware:-:::::iphone_os::
shinasys	sihas_sgw-300	-	cpe:2.3:h:shinasys:sihas_sgw-300:-:::::::*
shinasys	sihas_acm-300_firmware	-	cpe:2.3:o:shinasys:sihas_acm-300_firmware:-:::::android::
shinasys	sihas_acm-300_firmware	-	cpe:2.3:o:shinasys:sihas_acm-300_firmware:-:::::iphone_os::
shinasys	sihas_acm-300	-	cpe:2.3:h:shinasys:sihas_acm-300:-:::::::*
shinasys	sihas_gcm-300_firmware	-	cpe:2.3:o:shinasys:sihas_gcm-300_firmware:-:::::android::
shinasys	sihas_gcm-300_firmware	-	cpe:2.3:o:shinasys:sihas_gcm-300_firmware:-:::::iphone_os::
shinasys	sihas_gcm-300	-	cpe:2.3:h:shinasys:sihas_gcm-300:-:::::::*

References

www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=66782

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

56.3%

JSON

Related for NVD:CVE-2021-26637

prion1 cve1 cvelist1