CVE-2021-20590

Published: Apr 22, 2021Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

Improper authentication vulnerability in GOT2000 series GT27 model VNC server versions 01.39.010 and prior, GOT2000 series GT25 model VNC server versions 01.39.010 and prior, GOT2000 series GT21 model GT2107-WTBD VNC server versions 01.40.000 and prior, GOT2000 series GT21 model GT2107-WTSD VNC server versions 01.40.000 and prior, GOT SIMPLE series GS21 model GS2110-WTBD-N VNC server versions 01.40.000 and prior and GOT SIMPLE series GS21 model GS2107-WTBD-N VNC server versions 01.40.000 and prior allows a remote unauthenticated attacker to gain unauthorized access via specially crafted packets when the "VNC server" function is used.

Affected (6)

Products: Mitsubishielectric: Got2000 Gt27 Firmware, Got2000 Gt25 Firmware, Gt2107 Wtbd Firmware, Gt2107 Wtsd Firmware, Gs2110 Wtbd N Firmware, Gs2107 Wtbd N Firmware

Mitsubishielectric

6 products

Got2000 Gt27 Firmware

Got2000 Gt25 Firmware

Gt2107 Wtbd Firmware

Gt2107 Wtsd Firmware

Gs2110 Wtbd N Firmware

Gs2107 Wtbd N Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mitsubishielectric Got2000 Gt27 Firmware	Up to 01.39.010

Running on/with	Platform Versions
Mitsubishielectric Got2000 Gt27	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mitsubishielectric Got2000 Gt25 Firmware	Up to 01.39.010

Running on/with	Platform Versions
Mitsubishielectric Got2000 Gt25	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mitsubishielectric Gt2107 Wtbd Firmware	Up to 01.40.000

Running on/with	Platform Versions
Mitsubishielectric Gt2107 Wtbd	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mitsubishielectric Gt2107 Wtsd Firmware	Up to 01.40.000

Running on/with	Platform Versions
Mitsubishielectric Gt2107 Wtsd	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mitsubishielectric Gs2110 Wtbd N Firmware	Up to 01.40.000

Running on/with	Platform Versions
Mitsubishielectric Gs2110 Wtbd N	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mitsubishielectric Gs2107 Wtbd N Firmware	Up to 01.40.000

Running on/with	Platform Versions
Mitsubishielectric Gs2107 Wtbd N	All versions

Related CWEs

CWE-287

Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (4)

https://jvn.jp/vu/JVNVU97615777/index.html

Source: Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp

https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-001_en.pdf

Source: Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp

https://jvn.jp/vu/JVNVU97615777/index.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-001_en.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.