Lucene search

K
nvd[email protected]NVD:CVE-2021-27442
HistoryMay 16, 2022 - 6:15 p.m.

CVE-2021-27442

2022-05-1618:15:08
CWE-79
web.nvd.nist.gov
weintek cmt
cross-site scripting
remote attacker
malicious code

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.002

Percentile

55.8%

The Weintek cMT product line is vulnerable to a cross-site scripting vulnerability, which could allow an unauthenticated remote attacker to inject malicious JavaScript code.

Affected configurations

NVD
Node
weintekcmt-svr-100_firmwareRange<20210305
AND
weintekcmt-svr-100Match-
Node
weintekcmt-svr-102_firmwareRange<20210305
AND
weintekcmt-svr-102Match-
Node
weintekcmt-svr-200_firmwareRange<20210305
AND
weintekcmt-svr-200Match-
Node
weintekcmt-svr-202_firmwareRange<20210305
AND
weintekcmt-svr-202Match-
Node
weintekcmt-g01_firmwareRange<20210209
AND
weintekcmt-g01Match-
Node
weintekcmt-g02_firmwareRange<20210209
AND
weintekcmt-g02Match-
Node
weintekcmt-g03_firmwareRange<20210222
AND
weintekcmt-g03Match-
Node
weintekcmt-g04_firmwareRange<20210222
AND
weintekcmt-g04Match-
Node
weintekcmt3071_firmwareRange<20210218
AND
weintekcmt3071Match-
Node
weintekcmt3072_firmwareRange<20210218
AND
weintekcmt3072Match-
Node
weintekcmt3090_firmwareRange<20210218
AND
weintekcmt3090Match-
Node
weintekcmt3103_firmwareRange<20210218
AND
weintekcmt3103Match-
Node
weintekcmt3151_firmwareRange<20210218
AND
weintekcmt3151Match-
Node
weintekcmt-hdm_firmwareRange<20210204
AND
weintekcmt-hdmMatch-
Node
weintekcmt-fhd_firmwareRange<20210208
AND
weintekcmt-fhdMatch-
Node
weintekcmt-ctrl01_firmwareRange<20210302
AND
weintekcmt-ctrl01Match-

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.002

Percentile

55.8%

Related for NVD:CVE-2021-27442