CVE-2021-20844

Published: Nov 24, 2021Modified: Nov 21, 2024

5.7

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

Exploitability: 2.1 / Impact: 3.6

Source: NVD

Description

Improper neutralization of HTTP request headers for scripting syntax vulnerability in the Web GUI of RTX830 Rev.15.02.17 and earlier, NVR510 Rev.15.01.18 and earlier, NVR700W Rev.15.00.19 and earlier, and RTX1210 Rev.14.01.38 and earlier allows a remote authenticated attacker to obtain sensitive information via a specially crafted web page.

Affected (8)

Products: Yamaha: Rtx830 Firmware, Nvr510 Firmware, Nvr700w Firmware, Rtx1210 Firmware · Ntt West: Biz Box Rtx830 Firmware, Biz Box Nvr510 Firmware, Biz Box Nvr700w Firmware, Biz Box Rtx1210 Firmware

4 products

4 products

Biz Box Rtx830 Firmware

Biz Box Nvr510 Firmware

Biz Box Nvr700w Firmware

Biz Box Rtx1210 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Yamaha Rtx830 Firmware	Up to 15.02.17

Running on/with	Platform Versions
Yamaha Rtx830	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Yamaha Nvr510 Firmware	Up to 15.01.18

Running on/with	Platform Versions
Yamaha Nvr510	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Yamaha Nvr700w Firmware	Up to 15.00.19

Running on/with	Platform Versions
Yamaha Nvr700w	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Yamaha Rtx1210 Firmware	Up to 14.01.38

Running on/with	Platform Versions
Yamaha Rtx1210	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ntt West Biz Box Rtx830 Firmware	Up to 15.02.17

Running on/with	Platform Versions
Ntt West Biz Box Rtx830	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ntt West Biz Box Nvr510 Firmware	Before 15.01.18

Running on/with	Platform Versions
Ntt West Biz Box Nvr510	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ntt West Biz Box Nvr700w Firmware	Up to 15.00.19

Running on/with	Platform Versions
Ntt West Biz Box Nvr700w	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ntt West Biz Box Rtx1210 Firmware	Up to 14.01.38

Running on/with	Platform Versions
Ntt West Biz Box Rtx1210	All versions

Related CWEs

CWE-116

Improper Encoding or Escaping of Output

The product prepares a structured message for communication with another component, but encoding or escaping of the data is either missing or done incorrectly. As a result, the intended structure of the message is not preserved.

References (8)

http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVNVU91161784.html

Source: vultures@jpcert.or.jp

MitigationVendor Advisory

https://business.ntt-east.co.jp/topics/2021/11_09.html

Source: vultures@jpcert.or.jp

MitigationVendor Advisory

https://jvn.jp/en/vu/JVNVU91161784/index.html

Source: vultures@jpcert.or.jp

MitigationThird Party Advisory

https://www.ntt-west.co.jp/smb/kiki_info/info/211109.html

Source: vultures@jpcert.or.jp

MitigationVendor Advisory

http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVNVU91161784.html

Source: af854a3a-2127-422b-91ae-364da2661108

MitigationVendor Advisory

https://business.ntt-east.co.jp/topics/2021/11_09.html

Source: af854a3a-2127-422b-91ae-364da2661108

MitigationVendor Advisory

https://jvn.jp/en/vu/JVNVU91161784/index.html

Source: af854a3a-2127-422b-91ae-364da2661108

MitigationThird Party Advisory

https://www.ntt-west.co.jp/smb/kiki_info/info/211109.html

Source: af854a3a-2127-422b-91ae-364da2661108

MitigationVendor Advisory

Timeline

No history available yet.