CVE-2021-33214

Published: Jul 9, 2021Modified: Nov 21, 2024

6.1

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H

Exploitability: 1.3 / Impact: 4.7

Source: NVD

Description

In HMS Ewon eCatcher through 6.6.4, weak filesystem permissions could allow malicious users to access files that could lead to sensitive information disclosure, modification of configuration files, or disruption of normal system operation.

Affected (1)

Products: Hms Networks: Ecatcher

Hms Networks

1 product

Ecatcher

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Hms Networks Ecatcher	Up to 6.6.4

Related CWEs

CWE-276

Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

References (10)

https://cdn.hms-networks.com/docs/librariesprovider6/cybersecurity/hms-security-advisory-2021-07-09-001---ewon-ecatcher.pdf?sfvrsn=b37418d7_4

Source: cve@mitre.org

Vendor Advisory

https://labs.bishopfox.com/advisories

Source: cve@mitre.org

Third Party Advisory

https://labs.bishopfox.com/advisories/ecatcher-desktop-version-6.6.4

Source: cve@mitre.org

ExploitThird Party Advisory

https://www.ewon.biz/about-us/security

Source: cve@mitre.org

Vendor Advisory

https://www.ewon.biz/technical-support/pages/talk2m/talk2m-tools/talk2m-ecatcher

Source: cve@mitre.org

Vendor Advisory

https://cdn.hms-networks.com/docs/librariesprovider6/cybersecurity/hms-security-advisory-2021-07-09-001---ewon-ecatcher.pdf?sfvrsn=b37418d7_4