CVE-2021-20653

Published: Feb 17, 2021Modified: Nov 21, 2024

5.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Exploitability: 3.9 / Impact: 1.4

Source: NVD

Description

Calsos CSDJ (CSDJ-B 01.08.00 and earlier, CSDJ-H 01.08.00 and earlier, CSDJ-D 01.08.00 and earlier, and CSDJ-A 03.08.00 and earlier) allows remote attackers to bypass access restriction and to obtain unauthorized historical data without access privileges via unspecified vectors.

Affected (4)

Products: Nec: Csdj B Firmware, Csdj H Firmware, Csdj D Firmware, Csdj A Firmware

4 products

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Nec Csdj B Firmware	Up to 01.08.00

Running on/with	Platform Versions
Nec Csdj B	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Nec Csdj H Firmware	Up to 01.08.00

Running on/with	Platform Versions
Nec Csdj H	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Nec Csdj D Firmware	Up to 01.08.00

Running on/with	Platform Versions
Nec Csdj D	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Nec Csdj A Firmware	Up to 03.08.00

Running on/with	Platform Versions
Nec Csdj A	All versions

Related CWEs

CWE-276

Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

References (4)

https://jpn.nec.com/security-info/secinfo/nv21-006.html

Source: vultures@jpcert.or.jp

Third Party Advisory

https://jvn.jp/en/jp/JVN87164507/index.html

Source: vultures@jpcert.or.jp

Third Party Advisory

https://jpn.nec.com/security-info/secinfo/nv21-006.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://jvn.jp/en/jp/JVN87164507/index.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.