CVE-2021-20843

Published: Nov 24, 2021Modified: Nov 21, 2024

5.4

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.3 / Impact: 2.7

Source: NVD

Description

Cross-site script inclusion vulnerability in the Web GUI of RTX830 Rev.15.02.17 and earlier, NVR510 Rev.15.01.18 and earlier, NVR700W Rev.15.00.19 and earlier, and RTX1210 Rev.14.01.38 and earlier allows a remote authenticated attacker to alter the settings of the product via a specially crafted web page.

Affected (8)

Products: Yamaha: Rtx830 Firmware, Nvr510 Firmware, Nvr700w Firmware, Rtx1210 Firmware · Ntt West: Biz Box Rtx830 Firmware, Biz Box Nvr510 Firmware, Biz Box Nvr700w Firmware, Biz Box Rtx1210 Firmware

4 products

4 products

Biz Box Rtx830 Firmware

Biz Box Nvr510 Firmware

Biz Box Nvr700w Firmware

Biz Box Rtx1210 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Yamaha Rtx830 Firmware	Up to 15.02.17

Running on/with	Platform Versions
Yamaha Rtx830	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Yamaha Nvr510 Firmware	Up to 15.01.18

Running on/with	Platform Versions
Yamaha Nvr510	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Yamaha Nvr700w Firmware	Up to 15.00.19

Running on/with	Platform Versions
Yamaha Nvr700w	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Yamaha Rtx1210 Firmware	Up to 14.01.38

Running on/with	Platform Versions
Yamaha Rtx1210	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ntt West Biz Box Rtx830 Firmware	Up to 15.02.17

Running on/with	Platform Versions
Ntt West Biz Box Rtx830	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ntt West Biz Box Nvr510 Firmware	Before 15.01.18

Running on/with	Platform Versions
Ntt West Biz Box Nvr510	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ntt West Biz Box Nvr700w Firmware	Up to 15.00.19

Running on/with	Platform Versions
Ntt West Biz Box Nvr700w	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ntt West Biz Box Rtx1210 Firmware	Up to 14.01.38

Running on/with	Platform Versions
Ntt West Biz Box Rtx1210	All versions

Related CWEs

CWE-829

Inclusion of Functionality from Untrusted Control Sphere

The product imports, requires, or includes executable functionality (such as a library) from a source that is outside of the intended control sphere.

References (8)

http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVNVU91161784.html

Source: vultures@jpcert.or.jp

MitigationVendor Advisory

https://business.ntt-east.co.jp/topics/2021/11_09.html

Source: vultures@jpcert.or.jp

MitigationVendor Advisory

https://jvn.jp/en/vu/JVNVU91161784/index.html

Source: vultures@jpcert.or.jp

MitigationThird Party Advisory

https://www.ntt-west.co.jp/smb/kiki_info/info/211109.html

Source: vultures@jpcert.or.jp

MitigationVendor Advisory

http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVNVU91161784.html

Source: af854a3a-2127-422b-91ae-364da2661108

MitigationVendor Advisory

https://business.ntt-east.co.jp/topics/2021/11_09.html

Source: af854a3a-2127-422b-91ae-364da2661108

MitigationVendor Advisory

https://jvn.jp/en/vu/JVNVU91161784/index.html

Source: af854a3a-2127-422b-91ae-364da2661108

MitigationThird Party Advisory

https://www.ntt-west.co.jp/smb/kiki_info/info/211109.html

Source: af854a3a-2127-422b-91ae-364da2661108

MitigationVendor Advisory

Timeline

No history available yet.